Date post: | 08-Jun-2015 |
Category: |
Technology |
Upload: | david-severski |
View: | 142 times |
Download: | 0 times |
WE HAVE MET THE ENEMY AND HE IS USBSIDES SEATTLE 2013
DAVID F. SEVERSKI, @DSEVERSKI
2
AGENDA
The Dark Side Discovery All The
Things
Shiny Rocket Ships and Puppies
3
AKA…WHO THE FSCK ARE YOU?
Come to the Dark Side…
4
DATA-DRIVEN DISCOVERY
5
INITIAL REPORTING AND TRACKING
Discover
Open Finding
Define Remediation Actions
Assign DateTrack
Verify
Close
6
STUCK FINDINGS
7
“SUCCESS” OF DATE-DRIVEN FINDINGS
OpenFindings
Open Findings Over Time
Plateau of Despair
8
AND HOW ABOUT THAT PATCHING PROGRAM?
Number ofVulnerabilities
Vulnerability Count over Time
It’s Over 9000!!
9
THE DEFINITION OF INSANITY
10
ANALYZE THIS!
What went wrong?
Competing priorities Too much else to do.
Unscheduled work.
Why should we care? High/Medium/Low a go-go
11
PRINCIPLES
Use the data that’s already present
Transparent measurement process
Joint goal setting
Continuous measurement
Specify problems…not solutions (No, Really!)
Self-service reporting
12
SETTING PERFORMANCE GOALS
High Risk Apps
# of Severe Vulnerabilitie
sTotal
Vulnerabilities
High Risk Hosts
Measuring the Riskiest
HostsTotal Number
of Vulnerabilitie
s
Maintain the Program
Median Time to Patch Servers
Scan Frequency
13
DATA SOURCES AND TOOLS
Data Sources• CMDB• Vulnerability Scan Data• Network Configurations
Tools• PowerShell (Extraction)• SQL Server (Storage)• Tableau (Presentation)
14
CURRENT STATE – NEW SHINY
24 mo. pilot underway for Vulnerability Management
Established reasonable goals in consultation with ops
Regular reporting – Reporting on Demand
Incorporated security into CIO messaging
Generating lots of discussion Driving towards process and automation
Data pulled from existing systems
15
TO INFINITY…AND BEYOND!
16
IF YOU’VE GOT 99 PROBLEMS…
Don’t have your finding process be the source of problems
Takeaways Provide flexibility to the doers
Determine the goals and methods for measuring success up front
You probably have more (usable) data available than you think
Report, report, report!
17
THANKS!
Questions? Comments? Complaints?
@dseverski