vulnerability management lifecycle l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Vulnerability Management Lifecycle PowerPoint Presentation
Download Presentation
Vulnerability Management Lifecycle

Loading in 2 Seconds...

  share
play fullscreen
1 / 11
jason

Vulnerability Management Lifecycle - PowerPoint PPT Presentation

211 Views
Download Presentation
Vulnerability Management Lifecycle
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Vulnerability Management Lifecycle Panel Discussion

  2. Panelists Carole Fennelly - Tenable Network Security Chris Wysopal - Veracode Steven Christey - MITRE Bob Martin - MITRE HD Moore - Rapid7 Jonathan Klein - Broadridge Financial Solutions Kelly Todd - OSVDB

  3. Overview • Vulnerability Discovery • Private Vulnerability Sharing • Public Disclosure • Vulnerability Database Management • Vulnerability Monitoring/Testing • Remediation

  4. Lifecycle Players

  5. Vulnerability Discovery • Monitoring for Anomalies/ 0-Day • Monitoring Local Applications • Initial Discovery of Vulnerability • Development of Exploit • Posting to security lists

  6. Private Vulnerability Sharing • Passing around on underground lists • Additional research • Expanded impact • 0-day exploits • “Oops, I broke the Internet…”

  7. Public Disclosure • Determine when to disclose • Coordination between vendor and researcher • What to disclose • Public reaction/ working with media • FUD

  8. Vulnerability Database Management • Monitoring of sources • Validation • Summarization • Classification • Determine/develop remediation measures

  9. Vulnerability Monitoring/Testing • Vulnerabilities discovered during a penetration test • Vulnerabilities discovered by security software (IDS, Logs, Scanners) • Vulnerabilities discovered from external source

  10. Remediation • Analysis of organizational impact • Prioritization • Determine/test remediation measures

  11. Questions? cfennelly@tenablesecurity.com coley@mitre.org ramartin@mitre.org cwysopal@gmail.com jonathan.klein@broadridge.com hdm@metasploit.com lyger@attrition.org