Upload File

minding security gaps - publicsectornetwork.co

14
© 2020 Trend Micro Inc. 1 Minding Security Gaps How Virtual Patching can protect businesses Krista Laplante-Gaul – [email protected] Technical Sales Engineer

Upload: others

Post on 22-Jun-2022

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.1

Minding Security GapsHow Virtual Patching can protect businesses

Krista Laplante-Gaul –[email protected] Sales Engineer

Page 2: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.2

Why are zero-day vulnerabilities & exploits significant

Vulnerabilities Exploits

https://www.trendmicro.com/vinfo/fr/security/news/vulnerabilities-and-exploits/security-101-zero-day-vulnerabilities-and-exploits

Page 3: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.3

State of Vulnerabilities

Page 4: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.4

The 10 most exploited vulnerabilities

A comparison of the detection counts of the 10 most exploited vulnerabilities from 2017 to 2020

Page 5: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.5

The Lifecycle of a Vulnerability

Page 6: Minding Security Gaps - publicsectornetwork.co

6 © 2020 Trend Micro Inc.

How it works

0-day Exposure N-day Exposure

Vulnerability discovered and

submitted to the ZDI program

Digital Vaccine®

Filter Created

Vendor Notified

Vendor Patchor

Public Disclosure

Active Attacks

Patches Applied

Virtual Patch Defenses Available

Average of 96 days zero-day filter coverage from date of DV filter shipped to ZDI public disclosure

Virtual Patch

https://www.zerodayinitiative.com

Page 7: Minding Security Gaps - publicsectornetwork.co

7 © 2020 Trend Micro Inc.

Case Study – CVE-2020-0688

Vendor ships a bug

Researcherfinds bug

Vendor Patch

Virtual Patch

Sells Bug Report

Vendor Notified

Active Attacks

In the Wild

An RCE bug was discovered in all versions of Microsoft Exchange Server

Bug report contracted with the ZDI on November 19, 2019

Vendor Notified on November 26, 2019 Virtual patch shipped on December 7, 2019 Vendor patch released on

February 11, 2020

Vendor Patch

Blog Published

ZDI blog published onFebruary 25, 2020

Active attacks detected on March 15, 2020

November 22, 2019

November 26, 2019December 7, 2019

February 11, 2020

February 11, 2020

Page 8: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.8

What happens to unpatched IT infrastructures?

Page 9: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.9

Window to Patch Very Small

Source: https://www.darktrace.com/en/blog/zero-logon-exploit-detected-within-24-hours-of-vulnerability-notice/

https://www.trendmicro.com/en_ca/what-is/zerologon.html

https://www.darktrace.com/en/blog/zero-logon-exploit-detected-within-24-hours-of-vulnerability-notice/
Page 10: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.10

Prioritize and defend against the latest threats

Page 11: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.11

Prioritizing vulnerabilities

(Source: 2019 Gartner)

https://www.gartner.com/en/documents/3438517/it-s-time-to-align-your-vulnerability-management-priorit
Page 12: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.12

• “Vulnerabilities and their exploitation are still the root cause of most breaches.”

• The vast majority of malware are leveraging known vulnerabilities to propagate

• How do you tune to maximize defenses with the resources you have?

• How do you prioritize the most important threats?

Addressing your highest security risks

https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021/

Page 13: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.13

Protect against the full range of threats

https://www.trendmicro.com/en_ca/business/capabilities/intrusion-prevention.html

Page 14: Minding Security Gaps - publicsectornetwork.co

© 2020 Trend Micro Inc.14

Thank You!Krista Laplante-Gaul –[email protected] Sales Engineer


Wipo minding culture

Tracking & Hacking: Security & Privacy Gaps Put American

The Identity Management Ecosystem: minding the gapsEcosystem: minding the gaps Tony Rutkowski VP – Regulatory-Standards, VeriSign mailto:[email protected] Editor: ITU-T SG17

Minding children ppp

Minding Our Future

Minding your millenials

Minding my students

The Challenges, Gaps and Future Trends: Network Security

Minding the Gaps - World Banksiteresources.worldbank.org/.../MindingTheGaps4-9.pdf · 2007-04-09 · Minding the Gaps Integrating Poverty Reduction Strategies and Budgets for Domestic

Minding Animals Bulletin 33 · 2018. 7. 24. · 1 Minding Animals Bulletin 33 Dates and Venue for Minding Animals Conference 4 As previously announced, the next Minding Animals conference

Breaking down the cyber security framework closing critical it security gaps

JLazio-Minding the Gaps - Arecibo Observatorynaic.edu/~astro/chicago2/talks/Lazio-Minding_the_Gaps.pdfone of the SKA’s Key Science Projects. • Considerable work being done worldwide

Minding Animals International Bulletin No · Minding Animals International Bulletin No.7 Minding Animals International (MAI) ... a one day symposium on a ‘political’ approach

Minding My Monkey Mind

Minding the gaps - docsfortots.org · pediatrician’s Hempstead office in early September, Brian’s doctor already had something serious to talk about, based on the waiting-room

Minding the Gaps Integrating Poverty Reduction Strategies and

Minding Your RFPs & Quotes

Conference Topicslifejourneycentre.com/uploads/3/4/3/7/34377933/amcn_brochure.pdf5th AMCN CONFERENCE April 24-28, 2017 Penang, Malaysia SPEAKER 1 Minding the Gaps in MC WORKSHOPS Hanni

Minding the spectrum gaps

Postoperative Cognitive Dysfunction - Science & Society · Postoperative Cognitive Dysfunction Minding the Gaps in Our Knowledge of a Common Postoperative Complication in the Elderly

Minding the Gaps - International Budget Partnership · April 2007 . ii . Integrating PRS and Budget Implementation iii ABBREVIATIONS AND ACRONYMS AAP annual action plan AfDF African

Research Gaps in Food and Nutrition Security Across Africa

MINDING THE GAPS: INFLECTIONAL DEFECTIVENESS IN A ... · questionnaire materials. Anton Rytting alerted me several times to resources that kept Greek data collection from becoming

TSA: Security Gaps

Securing Office 365: Security Gaps the Enterprise Must Fill

Needs Assessment: Minding the Gaps Nigel Gannon, Program Specialist NYS 4-H Youth Development Cornell Cooperative Extension is an employer and educator

FINDING AND MINDING THE GAPS IN STATE-OF-THE-ART LEAN …

Close security gaps at airport vehicular gates

Minding Animals Bulletin 34 · Minding Animals Bulletin 34 Minding Animals International Board ... Sandra Swart is a Professor of History at Stellenbosch University. She simultaneously

Minding our Business

Challenges of unusually many under-prepared electrical engineering students 2008 2009 2010 Error Minding Gaps within the Bubble Presenter: Simon Winberg

The Identity Management Ecosystem: minding the gaps · 2016-03-29 · The Identity Management Ecosystem: minding the gaps Tony Rutkowski VP – Regulatory-Standards, VeriSign mailto:[email protected]

Minding Your Home Business

IPSOS Cyber Skills V18 - GOV UK · CYBER SECURITY SKILLS GAPS Research findings on the UK cyber security skills labour market Measuring cyber security skills gaps ... penetration

Minding Manners Company Presentation