© 2017 Flexera Software LLC. All rights reserved. | Company Confidential1
2017 Software Vulnerability Management Resolutions
Marcelo PereiraProduct Marketing Manager
Flexera Software
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential2
“Gartner clients find the coordination and orchestration of vulnerability remediation
efforts a perennial point of operational failure for vulnerability management projects.
Success requires coordination between IT security and IT operations for activities such
as patch management and configuration hardening.”
- Gartner, “Threat and Vulnerability Management Primer for 2017”, January 2017
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential3
Poll question 1
• Organizations continue to fail to improve their patch management processes, with consequences to their risk posture. In your opinion, what is the MAIN reason for that?
– a) Most or organizations don’t have the resources to patch all their applications
– b) Most organizations do not prioritize security patches
– c) In most organizations, performance metrics for patch management do not include security measures such as risk reduction
– d) Most organizations do not have the tools to support prioritization of security patches
“As we’ve advised in past reports, security professionals should make a concerted effort to prioritize patches” - Cisco 2017 ACR
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential4
Resolution 1
In 2017 I will start from the basics!
>> To watch the webinar reply - register here <<
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential5
Security Layers
• Foundation– Privilege control– Segregation of duties– Security training– Patch Management– Vulnerability Assessment
• Hardening– Penetration testing– Configuration Hardening– SIEM
• Advanced– Advanced Threat Detection– Network Behavior Analysis – Network forensics
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential6
ExploitsTime to first-known exploitation
Source: “2016 Data Breach Investigation Report” Verizon http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential7
Resolution 2
In 2017 I will work with my team to align with our organization’s security strategy
>> To watch the webinar reply - register here <<
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential8
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential9
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential10
Resolution 3
In 2017 I will transform my organization’s approach to patch management!
>> To watch the webinar reply - register here <<
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential11
Prioritizing Security Patches
505Secunia Research has
written
Advisories in January 2017
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential12
Digesting the vulnerability data
No advisory for Extremely Critical vulnerabilities written in January
Advisories by Criticality
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential13
Poll question 2
• Which percentage of the 144 “Highly Critical” Advisories do you believe had a patch at the time of publication?
– a) 9%
– b) 35%
– c) Less than1%
– d) 95%
– e) 74%
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential14
Digesting the vulnerability data
Solution status for the 144 “Highly Critical” Advisories issued in January 2017
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential15
Vulnerability Management in today’s worldSecurity intelligence and management platforms to manage volume
“The increasing volume (of patches and upgrades) is a main driver for organizations automating their vulnerability management through the use of security intelligence and
management platforms that help manage the volume of system and software inventory,
vulnerability, and threat information.”- Cisco
Source: “Cisco Annual Security Report 2016” http://www.cisco.com/c/m/en_us/offers/sc04/2016-annual-security-report/index.html
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential16
My objective
At the end 2017 I will be able to demonstrate how my work and the work of my team have made my organization
more secure!
>> To watch the webinar reply - register here <<
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential17
WE’RE REIMAGINING THE WAY SOFTWARE IS
w w w . f l e x e r a s o f t w a r e . c o m
SOLD SECUREDMANAGEDBOUGHT
>> To watch the webinar reply - register here <<
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential18
CONTACT USwww.flexerasoftware.com
Denmark: +45 7020 5144 USA: +1 888 924 8265
>> To watch the webinar reply - register here <<