1 / 19

VEGA

TERRY WELLIVER GREG SYME JUANA WELLS. VEGA. NAVAL POSTGRADUATE SCHOOL. VULNERABILITY MANAGEMENT. FACTS. THERE ARE AND WILL CONTINUE TO BE BUGS AND HOLES IN SOFTWARE THAT CAN BE EXPLOITED. FACTS. VENDORS WILL (OR AT LEAST SHOULD) DO THEIR BEST TO FIX THEM AS FAST AS THEY CAN. FACTS.

baker-orr
Download Presentation

VEGA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TERRY WELLIVER • GREG SYME • JUANA WELLS VEGA NAVAL POSTGRADUATE SCHOOL

  2. VULNERABILITY MANAGEMENT

  3. FACTS THERE ARE AND WILL CONTINUE TO BE BUGS AND HOLES IN SOFTWARE THAT CAN BE EXPLOITED

  4. FACTS VENDORS WILL (OR AT LEAST SHOULD) DO THEIR BEST TO FIX THEM AS FAST AS THEY CAN

  5. FACTS BUT THE FIXES WON’T HELP IF YOU DON’T KNOW YOU NEED THEM AND THEN DON’T DEPLOY THEM

  6. FACTS APPLYING FIXES IS GOING TO BE DISRUPTIVE TO NORMAL OPERATIONS, SO YOU NEED AN ACTIVE PLAN AND PROVEN PROCESS FOR ENSURING THAT THE WORK GETS DONE IN A TIMELY FASHION

  7. NAVY MANDATES A FORMAL VULNERABILITY SCANNING PROCESS IN PLACE AND AN ACTIVE PLAN TO ADDRESS VULNERABILITIES THAT ARE DISCOVERED

  8. TIME AND MONEY BUDGETS ARE TIGHT AND TIME IS FINITE

  9. SOLUTION VULNERABILITY SCANNER FIND THE BUGS YOU NEED TO FIX EXPORT THE REPORTS TAKE ACTION ON THE FINDINGS (PDF, CSV) DISTRIBUTE THE REPORTS EMAIL THE SYSTEM ADMINISTRATORS TRACK THE FIXES CREATE YET ANOTHER EXCEL FILE TO TRACK THEM VALIDATE THE FIXES SCAN AGAIN AND START OVER

  10. INTERNET NETWORK PERIMETER DMZ INTERNAL NETWORK

  11. SOLUTION VULNERABILITY SCANNER FIND THE BUGS YOU NEED TO FIX EXPORT THE REPORTS TAKE ACTION ON THE FINDINGS (PDF, CSV) DISTRIBUTE THE REPORTS EMAIL THE SYSTEM ADMINISTRATORS TRACK THE FIXES CREATE YET ANOTHER EXCEL FILE TO TRACK THEM VALIDATE THE FIXES SCAN AGAIN AND START OVER

  12. PROBLEM VULNERABILITY SCANNER FIND THE BUGS YOU NEED TO FIX EXPORT THE REPORTS TAKE ACTION ON THE FINDINGS (PDF, CSV) DISTRIBUTE THE REPORTS EMAIL THE SYSTEM ADMINISTRATORS TRACK THE FIXES CREATE YET ANOTHER EXCEL FILE TO TRACK THEM VALIDATE THE FIXES SCAN AGAIN AND START OVER

  13. PROBLEM

  14. THINK DIFFERENT

  15. SCANNER DATABASE WEBSITE

  16. SCANNER DATABASE ISSUE TRACKING

  17. RUBY SCRIPTS JIRA API RETINA POSTGRES JIRA USER INTERFACE DATA TYPES WORKFLOW NORMALIZATION ACCOUNTABILITY DOCUMENTATION TRACKING FEEDBACK

  18. FUTURE NEW VULNERABILITY SCANNER NESSUS IS REPLACING RETINA GLOBAL RISK ACCEPTANCE IDENTIFY FALSE POSITIVE AND WON’T FIX AUTOMATION MORE, MORE, MORE DELICIOUS CAKE MMMMMM, MMMMMM, GOOD

  19. BE THE CHANGE YOU SEEK

More Related