Professional Documents
Culture Documents
Webinar 1535 Slides
Webinar 1535 Slides
Made possible by
Thanks to
1
1/29/2019
Risk
Time
2
1/29/2019
Patch
Released
Install
Patch
3
1/29/2019
Patch
Released
Install
Patch
Management needs assurance that right people know about the right
Monitor patches and they get installed on timely basis
If not, why not
Vendor Simply stating that each server/application team is responsible for
Security monitoring vendor bulletins for their respective products insufficient
That is a policy
Bulletins Not a control
Where is the assurance?
No way to demonstrate compliance
4
1/29/2019
Bulletins Distributed
How do we know each team is
Vendor
Vendor
Vendor
Vendor
Vendor
Vendor
InfoSec
5
1/29/2019
Patch
Released
Install
Patch
Vulnerability
Scanning
Vulnerability
Scanner
reports
6
1/29/2019
Ongoing efforts
Vulnerability Ensure all systems are being scanned
Ensure VM has necessary access and agents to those systems
Scanning Ensure VM has latest definitions
Increase VM coverage of deployed products and systems
Maintain accurate awareness of systems and products not covered by VM
7
1/29/2019
Patch
Released
Install
Patch
8
1/29/2019
What it takes
Prioritization by team
to get a patch Change control
installed on a Ticketing
given system Scheduling
once you
know about it Justin Buchanan from Rapid7 will show how the technology side can be
addressed through automation and integration with InsightVM.
Automate
Prioritize
Patch
Gain visibility
Print Report
18
9
1/29/2019
19
20
10
1/29/2019
11
1/29/2019
12
1/29/2019
13
1/29/2019
14
1/29/2019
15
1/29/2019
16
1/29/2019
17
1/29/2019
18