Scan or poll network to determine vulnerabilities

Real-time Network Defense

System Change Alerts

Identify “unmanaged” nodes on network

Receive frequent vulnerability updates

Ongoing monitoring for baseline compliance, vulnerabilities, and threats

Prioritize vulnerabilities and patch deployment

Standards-based interface to firewall, anti-virus and intrusion prevention systems to support rapid shielding

Test patches on non-production machines to ensure functionality, stability, and mitigation of risk

Deploy patches to production systems

Verify proper application of patches

Repeat constantly in a never-ending cycle that drains budget and resources (2009)

3,784 Vulnerabilities in 2009 Means …

20 minutes to read each description

3,784 x 20 = 53 days of reading

Assume just 10% are applicable

378 x 1 hour per patch (per system) = 16 days to install patches per year for one system

And that was last year!

Patch Management Business Obstacles

Costly impact of security incidents

Inaccurate inventories of assets, technologies, software patches and system configurations

Complexity of integrating/managing existing tools

Inefficient/unreliable research capabilities

Lack of resources and cycles

Inability to quantify metrics

Costly resources and tools

Vulnerability-based Patch Management

Prioritize Risk

Correlate

Assets to

Vulnerabilities

Discover Assets

Technologies

Patches

Deploy Patches

Configuration

Changes to

Asset

New Vulnerabilities and Threats Discovered

Alerts

Research

Information Collected & Validated

Database

Spreadsheet

Test

Develop Critical Vulnerability and Threat, Risk-Ranked List

Risk Analysis Tools

Correlate Vulnerabilities to Assets

Asset Inventory Application

Patch Management

Verification & Monitoring

How other companies protect themselves?

Patch Smarter?

Standardization of platforms

Consolidation of security efforts

Integration of disparate systems

Integration of Patch Management

Do more than “perimeter” protection

“Security Information Management”

How secure are we?

Are we in compliance? (I’m liable)
Are we enforcing our own standards?
Are our trading partners complying?
Are we matching best practices?
Are we going to end up as front page news?

I need documented proof

www.bestitdocuments.com