current security landscape · 3. naonal"vulnerability"database""and"gfi 4....
TRANSCRIPT
![Page 1: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/1.jpg)
![Page 2: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/2.jpg)
Current Security Landscape
2
PETYA: NATO says a 'state actor' was behind the massive ransomware a;ack and could trigger military response
![Page 3: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/3.jpg)
Patching & Security Exposure – A Challenge
3
1. Symantec 2015 Internet Security Threat Report 2. 2015 NTT Group Global Threat Intelligence Report 3. Na>onal Vulnerability Database and GFI 4. Mobile Worker Popula>on to Reach 1.3 Billion by 2015: IDC, eWeek
More VulnerabiliCes
More Users Working Outside Firewall
More Than Windows and MS ApplicaCons
6,549 new vulnerabili>es1
18 new vulnerabili>es
daily1
76% over 2 years old2
37% of the global
workforce is mobile4
7 of top 10 vulnerabili>es on end-‐user systems
not servers2
80% from third-‐party applica>ons3
OS X, ioS, Linux, Unix highest in
vulnerabili>es3
![Page 4: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/4.jpg)
IT Security & Patching – Organizational View
Compliance needs Threat Protec>on needs Organiza>on Policies
Audits and Base lining of security standards Incident Response (security view)
VA / PT
Patch Management Configura>on Audit revalida>on / impact Incident Response & remedia>on (DC)
Evidence collec>on support
ISG Team
Security Opera>ons
Infrastructure Opera>ons
![Page 5: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/5.jpg)
IT Security vs. Infrastructure Operations
5
Help Security and Opera>ons teams strike an op>mal balance between risk and cost
SECURITY TEAM: RISK § Remediate vulnerabili>es
§ Coverage
§ Accurate priori>es
§ Timeliness
§ Up-‐to-‐date status reports
§ Compliance
§ Incident response
OPERATIONS TEAM: IMPACT
§ Patches & workarounds
§ Coverage
§ Accurate priori>es
§ Op>mal process
§ Minimal impact
§ Up-‐to-‐date status reports
§ Incident remedia>on
![Page 6: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/6.jpg)
6
Patching Constraints
• Patch overload
• Different builds
• Complexity of patches
• Resource constraints
• Tes>ng >mescale & infrastructure
• Applica>on dependency
• Lack of / inadequate configura>on management & asset inventories
• Scheduling / down>me / business impact
![Page 7: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/7.jpg)
Patch Management: Objective
• Ensure Compliance – Regulatory and Standards
• Provide a relevant risk view of the VAPT reports
• Rightly prioritize the remediation plan
Sequretek
7
![Page 8: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/8.jpg)
Vulnerability Management Process Scope DefiniCon Working with the customer to clearly define and document assessment
objec>ves, scope and rules of engagement.
InformaCon Gathering
Relevant inputs from client on asset and inventory
Gather publicly available informa>on with reference to iden>fied assets
EnumeraCon Full Port Scanning System and Service
iden>fica>on
Opera>ng system Fingerprin>ng
VulnerabiliCes IdenCficaCon
Scan policy configura>on
Iden>fica>on of vulnerabili>es associated with the target host
Result Analysis Scan results verifica>on
Addi>onal manual discovery, tes>ng if any
False posi>ve elimina>on
Analysis & ReporCng
Analysis of business impact of the risks
iden>fied
Report Genera>on
Comprehensive report with recommenda>ons on
mi>ga>on
Sequretek Tools help automaCng result analysis, re-‐prioriCzing vulnerabiliCes and remediaCon process
• Iden>fy the Cri>cal and High classified vulnerabili>es (Exploit / Malware available, PoC available and others)
• Apply the recommenda>ons given by the OEMs on a test environment. • Automate Patch Management roll out
![Page 9: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/9.jpg)
Vulnerability Assessment
Vulnerability Re-‐
classificaCon
Vulnerability Research
Patching Advisory
Patching
Re-‐classificaCon parameters: • Impact & applicability on Client’s environment • Presence of Known exploits for the vulnerability • Risk classification & Qualita>ve Impact of exposure
Patching RecommendaCons: • Applicability of patches • Patch Op>misa>on
Applica>ons
Servers
Infrastructure
Vulnerability Management Program
![Page 10: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/10.jpg)
Sequretek methodology on providing advisory on VAPT reports
• Most VAPT reports categorise High, Cri>cal, Medium, Low Vulnerability based on generic design, flaws/ misconfigura>ons, its degree of difficulty to exploit
• It fails to categorise the Vulberability based on: • Impact on Client’s environment • Applicability of Vulnerability to client’s environment • Presence of Known exploits for the vulnerability • Qualita>ve Impact of exposure to organisa>on if exploited
• Default report generally provides very high number of Cri>cal/High vulnerabili>es without providing clear visibility on the impact and risk exposure to the organisa>on. • Following is the example of sequretek re-‐classificaCon which helps OrganisaCon to prioriCse and take necessary acCon
on Risk
Name of File IP Risk No of Patch to be applied
Default SQTK cri>cal
high
medium
low+no ne
high
medium
low+no ne
Unix xxx.xxx.xxxx.xxx 234 45 23 9 4 4 303 3
Sequretek
10
• Total IP count/ No. Of servers - 29 •Total critical and high vulnerability as per the Client report – 5647 •Total high vulnerability by SQTK ( known malware/ known exploit) – 123 •Total patch to apply to fix all high vulnerability – 40
Sqtk-‐ High any malware or exploit is ac>ve on given vulnerability
Sqtk-‐Medium for any vulnerability if the proof of concept is given by research team
Sqtk-‐ low vulnerability is present but no PoC / Exploit
![Page 11: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/11.jpg)
Sample Recommendation Unix Server • Two classes of Cri>cal and High vulnerability exist in this server. Both relate to vulnerable version of components installed
on the system. Vulnerabili>es associated with these components date back to 2012, there are known 4 exploits and also there is a possibility of the existence of other malicious code targe>ng these vulnerabili>es. The vulnerabili>es associated with OpenSSL are also fairly serious as exploit codes are known to exist that target this vulnerable version.
• The BMC Server Automa>on RSCD Agent Weak ACL XML-‐RPC Arbitrary Command Execu>on vulnerability reported as cri>cal needs to be examined further. This is possibly being flagged as a vulnerability as the exports file on this target allows the Nessus server to connect, which allows execu>on of the xmlrpc code. If the exports file does not allow the Nessus server to connect and a scan is carried out again, there is a possibility that the server is not vulnerable. The actual exploit is when you can run the xmlrpc code while the client system is not allowed to connect to the target via the exports file.
• While a few vulnerabiliCes relaCng to AIX 6.1 TL 8 relate to issues of IP V6, these can be ignored for the present if IP V6 has not been enabled in the environment.
RecommendaCon – Patch the vulnerable components, AIX 6.1 TL 8, AIX Java, AIX OpenSSL from the IBMM AIX website. Detailed Steps men>oned in Mi>ga>on report
Sequretek
11
![Page 12: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/12.jpg)
Benefits
• Organiza>on specific Risk and impact Analysis of VA
• Automated & granular mi>ga>on Steps to remedia>ng vulnerabili>es based on the installa>on in the Client Environment
• Maintain risk register based on thoroughly examined vulnerability data
Sequretek
12
![Page 13: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/13.jpg)
13
VA to Patching – Patch Operations Team
Security face for Infrastructure opera>ons • SPOC for any tasks involving IT security and compliance maoers • Liaise within the Infrastructure team to accomplish >mely and impacpul results • Liaise with ISG and Security Opera>ons team to reduce / eliminate security issues and
vulnerabili>es
Patch Management Ownership • N, N-‐1, N-‐2 patch compliance for approved environment based on organiza>on risk matrix • Complete ownership of the process • Automa>on tool opera>onal ownership for patch automa>on • Complete plaporm and databases coverage
Compliance repor>ng • Patch compliance • Configura>on audit compliance
Incident Remedia>on and risk mi>ga>on • Work with infrastructure team for incident response , closure and RCA (if needed)
![Page 14: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/14.jpg)
14
Role mapping to ITIL
Service Operation
Event Management
Incident Management
Problem Management
Service Strategy
Business Requirements
IT Policies & Strategies
Service Transition Change Management
Asset & Config Mgmt
Service Design
Service Level Mgmt
Availability Mgmt
Info Security Mgmt
Patch Management
![Page 15: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/15.jpg)
Sequretek Approach to Patch Management - DART
15
Patch Management Team
Server & DB Administrators
Security Team
Transform
Compliance ReporCng
Risk Assessment
RemediaCon Strategy
![Page 16: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/16.jpg)
16
Determine phase
Iden>fica>on VA Reports Security Bulle>ns
OEM Releases & updates
Risk Assessment Level of importance
Dependency map
Comparison with installed environment
Determine type Advisories (Severity 1)
Alerts (Severity 2)
Updates (Severity 3)
Learn as soon as possible about
poten>al updates Perform Ini>al Evalua>on Assign Priority Promptly no>fy
concerned team
Goal
Key Tasks
![Page 17: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/17.jpg)
Building an Offline Patch Repository – using automation tools
1. Preparatory tasks • Defining role-‐based permissions • Configuring Global Configura>on parameters • (Windows only) Defining the loca>on of Microsoq Windows installa>on media for Microsoq
Office patch deployment
2. Building an offline patch repository • Downloading patch downloader u>li>es • Preparing configura>on files for downloading patch content • Downloading patches to the offline patch repository
3. Patching tasks
• Crea>ng and upda>ng a patch catalog • Crea>ng and running a Patching Job and a Remedia>on Job
![Page 18: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/18.jpg)
18
Analyze phase
Impact Analysis Security impact Environment impact
Applica>on impact
Tes>ng Test /QA Environment
Pilot group roll out
Roll back plan test
Pilot Patch Advisories (Severity 1)
Alerts (Severity 2)
Updates (Severity 3)
Iden>fy full scope Assess poten>al impact Deliver Remedia>on strategy
Goal
Key Tasks
![Page 19: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/19.jpg)
Performing Patch Analysis
• Run a patching job by comparing with patch catalogue to iden>fy missing patches on your servers
• Analyze the configura>on of target servers and determine the required
patches
• Download the payload from the vendor sites to the Patch Repository
• Package the payload as per the tools and create a Deploy Job for each to apply the patch at target servers
• Test the packages on test / QA environment
• Prepare a detailed roll back plan by plaporm and by patch package
![Page 20: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/20.jpg)
20
Remediate phase
Patch / Soqware roll out Trigger schedule Create payload
packages Schedule deploy
jobs
Review & roll back (if needed)
Validate deployment
Observe behavior
Roll back (if needed)
Report Compliance report
Alerts (Severity 2)
Updates (Severity 3)
Apply patches on >mely basis Apply soqware updates in a manner that appropriately mi>gates the risk involved
Goal
Key Tasks
![Page 21: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/21.jpg)
Platform specific Release Vehicles
Monthly Releases • Rollout triggered by VA report and security team requirements • All new Severity 1 & 2 updates released within the past month (based on impact analysis) • Includes separate scheduling for all plaporms
Bi-‐annual Releases • Rollout to begin as per organiza>on schedules • All new Severity 2 & 3 updates released since prior release cycle • Includes separate scheduling for all plaporms
Out-‐of-‐band Releases
• No set rollout schedule • Used for Severity 1 updates only • System availability requirements • System redundancy requirements
21
![Page 22: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/22.jpg)
Remediate Phase – Phased Rollouts
22
Release Date
Test Group (Lab)
Pilot Group (IT)
Produc>on Group #1
Produc>on Group #2
Produc>on Group #3
![Page 23: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/23.jpg)
23
Transform phase
Proac>ve compliance repor>ng
Dashboards & Analy>cs
Excep>on register
Regulatory repor>ng
On going evalua>on & fine tuning
process Lessons learnt Data analysis Process fine
tuning
Con>nuous improvement
Create automa>on
Eliminate residual risk
Incident remedia>on
Goal & Key Tasks
![Page 24: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/24.jpg)
Striking an Optimal Balance
24
SECURITY Risk
OPERATIONS Impact
Vulnerabili>es • Coverage • Timeliness • Risks • Compliance
Patches & Workarounds • Coverage • Accurate priori>es • Op>mal process • Minimal impact
Sequretek helps Security and Opera>ons teams strike an op>mal balance between risk mi>ga>on and cost to mi>gate
![Page 25: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/25.jpg)
Thank You!
25
![Page 26: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/26.jpg)
KMBL Approach to VA and Patch
![Page 27: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/27.jpg)
Kotak Bank Environment • Data Center Loca>ons:
1. Primary DC – Mumbai 2. DR – Chennai
• 1300+ branches
• 2000+ servers
• 500+ databases
SERVER VARIENTS DATABASE VARIENTS
AIX Oracle
RHEL My SQL
Microsoq windows Sybase
Oracle Linux DB2
ESXi SQL
![Page 28: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/28.jpg)
Kotak Bank environment complexity
• Con>nuous Audits: Regulatory, Internal, Business
• Internal RISK advisory team to manage IT RISK
• Complexity on new genera>on and legacy applica>ons
• Complexity of mul>ple teams managing the en>re RISK process: IT Security, Security opera>ons, Infrastrcuture opera>ons and data center opera>ons
• Applica>on performance impact analysis while closing Vulnerabil>es and Patching.
![Page 29: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/29.jpg)
PRIORITY INTERNET EXPOSED APPLICATION
INTRANET APPLICATION
High 3 weeks 1 Month
Medium 1 Month 2 Months
Low 3 Months 3 Months
Stringent VA cycles & Patch SLAs
Patch SLA
• VA prepara>on and schedule for the en>re environment – monthly, quarterly, yearly schedule
• VA runs and research • VA verifica>on and exploit simula>on (wherever applicable) • Repor>ng and preparing patch requirements • Remedia>on follow up and closure
VA SLA
![Page 30: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/30.jpg)
Sample: TradiConal VA report summary
![Page 31: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/31.jpg)
Sample: New VA report summary
![Page 32: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/32.jpg)
Sample: New VA report details
![Page 33: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/33.jpg)
Summary: Benefits to Kotak Bank
• Revised VA report provides: • Beoer RISK Management • Clear details on ac>onable VA • Manages the RISK profile
• VA and other risks clearly Ced to patch management process
• Automated Patch Management process to fix VulnerabiliCes
• Common Enterprise report and dashboard on VulnerabiliCes and patches
![Page 34: Current Security Landscape · 3. Naonal"Vulnerability"Database""and"GFI 4. Mobile"Worker"Populaon"to""Reach"1.3"Billion"by"2015:"IDC," eWeek" More’VulnerabiliCes’ More’Users’Working’Outside’](https://reader036.vdocument.in/reader036/viewer/2022071213/602da9f39cbc7773c51d2256/html5/thumbnails/34.jpg)
Thank You!