2.4 Doing Vulnerability Management - VM

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:01
in the last video, we talked about classifying and ranking risk
00:04
In this video. We're going to talk about patches and the importance of testing.
00:11
Let's take a look at the learning objectives.
00:13
We're going to cover the importance of testing,
00:16
and also we're gonna cover patches.
00:20
Look at the pre assessment.
00:22
It has always say, for organization to get patches from third party Web sites. Is that true or falls?
00:32
This is actually false. It is always safe or organization to get patches
00:37
from the vendor.
00:41
Okay, so let's talk about patches.
00:45
Patches have systems that could still be vulnerable after his patch.
00:50
That's so for books
00:52
and also to have test patches as well.
00:56
After software vendors rewrite pieces of an application.
01:00
The resulting healed so for a compilation or patch
01:03
can still be vulnerable to other books.
01:07
So where vendors are often pressure to release a patch quickly
01:11
and dispatch potentially cause a conflict with other applications on your network.
01:18
As a result,
01:19
you need to pre test patches before applying them to life systems.
01:23
Some fall into patches, have inadvertently crashed business process,
01:32
So talk about testing
01:34
test patches before applying and production environment
01:38
test patches against organizations, unique environment
01:42
verified check sums
01:45
and get patched directly from the vendor.
01:49
So it's for the checks to check some of the basically two checks and balances
01:53
of these network infrastructure
01:57
just for clarity.
02:00
To ensure the testing takes please in your organization's unique environment,
02:04
most problems would patches or due to third party applications or modifications to default configuration settings.
02:12
Organizations need to verify
02:15
cryptographic
02:15
checks. Ums, which is a redundancy check to preserve integrity of data,
02:23
pretty good privacy signatures and digital signatures to confirm the authenticity off any patches being deployed,
02:30
you can further verified as by getting patches directly from the vendor.
02:37
Check
02:38
that the patch correct the vulnerability without affecting applications and operations of the business process.
02:49
So as far as the test results,
02:53
does the patch actually work?
02:55
Is there a negative impact
03:00
to business systems?
03:02
So five and fixing security problems is the core of vulnerability management.
03:07
Traditional manual processes for fixing floats and suggesting patches and other remediation actions are for to slow, error prone and expensive.
03:17
Sometimes the high cost of patching couple with the high volume flows detected and vendor application encourages organizations to delay remediation
03:28
organizations made the lay up dates, even for critical patches until multiple patches service, Paige's or regular monthly, quarterly or annual update process
03:38
is developed.
03:39
Unfortunately, the delay can be a fatal strategy because Attackers quickly detect potential threats
03:47
the window between flow and exploit It's constantly shrinking.
03:53
So here's a few guidelines for PATCH.
03:58
Get the immediate vulnerabilities as quickly as possible and minimize risk,
04:02
giving first priority to the most critical issues facing
04:08
your most critical systems
04:10
yet to automate the patch management and sulfur distribution solutions that can help speed this process and keep calls to a minimum,
04:18
you have to help.
04:19
You have to integrate patch management without a vulnerability mansion processes,
04:26
which has been a fish.
04:30
So look at the post assessed.
04:32
You do not need to test patches before implementing them in the production environment.
04:38
Is that a true or be false?
04:46
This is actually false.
04:47
You have to test
04:49
all patches before implementing them into the production department.
04:58
In this video, we talked about patches and importance of testing.
05:02
In the next video, we'll talk about applying patches
Up Next
Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By