minding security gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.1

Minding Security GapsHow Virtual Patching can protect businesses

Krista Laplante-Gaul –krista_laplantegaul@trendmicro.comTechnical Sales Engineer

© 2020 Trend Micro Inc.2

Why are zero-day vulnerabilities & exploits significant

Vulnerabilities Exploits

https://www.trendmicro.com/vinfo/fr/security/news/vulnerabilities-and-exploits/security-101-zero-day-vulnerabilities-and-exploits

© 2020 Trend Micro Inc.3

State of Vulnerabilities

© 2020 Trend Micro Inc.4

The 10 most exploited vulnerabilities

A comparison of the detection counts of the 10 most exploited vulnerabilities from 2017 to 2020

© 2020 Trend Micro Inc.5

The Lifecycle of a Vulnerability

6 © 2020 Trend Micro Inc.

How it works

0-day Exposure N-day Exposure

Vulnerability discovered and

submitted to the ZDI program

Digital Vaccine®

Filter Created

Vendor Notified

Vendor Patchor

Public Disclosure

Active Attacks

Patches Applied

Virtual Patch Defenses Available

Average of 96 days zero-day filter coverage from date of DV filter shipped to ZDI public disclosure

Virtual Patch

https://www.zerodayinitiative.com

7 © 2020 Trend Micro Inc.

Case Study – CVE-2020-0688

Vendor ships a bug

Researcherfinds bug

Vendor Patch

Virtual Patch

Sells Bug Report

Vendor Notified

Active Attacks

In the Wild

An RCE bug was discovered in all versions of Microsoft Exchange Server

Bug report contracted with the ZDI on November 19, 2019

Vendor Notified on November 26, 2019 Virtual patch shipped on December 7, 2019 Vendor patch released on

February 11, 2020

Vendor Patch

Blog Published

ZDI blog published onFebruary 25, 2020

Active attacks detected on March 15, 2020

November 22, 2019

November 26, 2019December 7, 2019

February 11, 2020

February 11, 2020

© 2020 Trend Micro Inc.8

What happens to unpatched IT infrastructures?

© 2020 Trend Micro Inc.9

Window to Patch Very Small

Source: https://www.darktrace.com/en/blog/zero-logon-exploit-detected-within-24-hours-of-vulnerability-notice/

https://www.trendmicro.com/en_ca/what-is/zerologon.html

© 2020 Trend Micro Inc.10

Prioritize and defend against the latest threats

© 2020 Trend Micro Inc.11

Prioritizing vulnerabilities

(Source: 2019 Gartner)

© 2020 Trend Micro Inc.12

• “Vulnerabilities and their exploitation are still the root cause of most breaches.”

• The vast majority of malware are leveraging known vulnerabilities to propagate

• How do you tune to maximize defenses with the resources you have?

• How do you prioritize the most important threats?

Addressing your highest security risks

https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021/

© 2020 Trend Micro Inc.13

Protect against the full range of threats

https://www.trendmicro.com/en_ca/business/capabilities/intrusion-prevention.html

© 2020 Trend Micro Inc.14

Thank You!Krista Laplante-Gaul –krista_laplantegaul@trendmicro.comTechnical Sales Engineer