3.3 Enterprise Security Areas Part 3

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
2 hours 41 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
>> Hi, and welcome back to Part 3 of
00:00
enterprise security areas of
00:00
cybersecurity architecture fundamentals.
00:00
In this session, I will
00:00
cover vulnerability and patch management,
00:00
availability management,
00:00
and a bit of supply chain security.
00:00
All of these are pretty big topic by themselves,
00:00
but I'll just cover the basics of each area.
00:00
Let's begin with vulnerability and patch management.
00:00
What's the difference?
00:00
Well, vulnerability management
00:00
is the cyclical practice of identifying,
00:00
classifying, remediating, and mitigating vulnerabilities.
00:00
This includes VA testing,
00:00
and it also covers
00:00
zero-days of vulnerabilities found in the wild
00:00
while patch management covers
00:00
the lifecycle of reviewing
00:00
and applying patches to system.
00:00
This is needed to cover assessment, testing,
00:00
deployment, and in case of
00:00
any failures, the rollback process.
00:00
As you can imagine,
00:00
patches are usually issued to fix
00:00
vulnerabilities found in products hence,
00:00
there is usually a very close association
00:00
of these two practices.
00:00
Now, I will not go through
00:00
all the different vulnerabilities there are
00:00
that the track could be introducing.
00:00
But today, I'll focus on the threat
00:00
itself on vulnerability management.
00:00
Today, people either buy intel feeds or subscribe to
00:00
various vulnerability assessment systems
00:00
like Tenable or Rapid7.
00:00
Although these services gets
00:00
you the vulnerabilities very fast,
00:00
there are still a chance
00:00
of zero-day vulnerabilities found.
00:00
The other threat would be
00:00
people walking around certain fixers
00:00
thus negating the control measures you
00:00
have in place to counter the vulnerabilities.
00:00
Now, in terms of patch management,
00:00
the biggest threat is usually
00:00
insufficient testing of patches have been
00:00
many cases of patch causing other failures in the system.
00:00
In some cases, it is the urgency of the fixers that
00:00
reduce the testing cycle in order
00:00
to push the patch out as quickly as possible.
00:00
This can lead to patch failure,
00:00
which could affect the system or
00:00
introduce other new vulnerabilities
00:00
that were not there in the first place.
00:00
Another big problem with patch failure is
00:00
when you try to roll back to
00:00
a previous state and it fails,
00:00
you get into an unusable condition.
00:00
Therefore, patch management is just
00:00
as important as vulnerability management.
00:00
To have a good vulnerability management,
00:00
you should subscribe to
00:00
intel feeds that help you prioritize some of
00:00
these vulnerabilities and it pays
00:00
to have an environment to validate some of
00:00
these vulnerabilities because it's not
00:00
always present in every system that is reported,
00:00
especially if the vulnerability is
00:00
because of certain configurations that might
00:00
not be used in your organization
00:00
and you should always have
00:00
a good communication plan around the systems
00:00
to inform all the stakeholders if something is found.
00:00
In terms of patch management,
00:00
it pays to have multiple environments to really
00:00
thoroughly test all the patches
00:00
that you're going to apply to the systems.
00:00
For the testing, it's a good practice to have
00:00
realistic test data to ensure that
00:00
the test is as close to production as possible.
00:00
You also spend a good amount of time to prepare your roll
00:00
back procedures and to test the roll
00:00
back procedures in case of patch failures.
00:00
The use of virtual technology
00:00
has made this much easier with
00:00
snapshotting of your image
00:00
and roll back to certain point in time.
00:00
Another very good technique to
00:00
employ is the use of virtual patching.
00:00
Virtual patching is a technique that blocks the exploit
00:00
from a signature at
00:00
the network level or a host IPS level.
00:00
This is very useful for OT systems
00:00
where it's not so easy to
00:00
schedule a downtime to apply a patch.
00:00
The use of virtual patching is highly encouraged in
00:00
environments where scheduling of
00:00
patching is very difficult.
00:00
This will at least help ensure that
00:00
vulnerabilities are blocked even
00:00
if your system is not actually patched.
00:00
Now, remember, cybersecurity is CINA.
00:00
So availability is part of cybersecurity management and
00:00
availability management usually refers to
00:00
two areas: high availability and disaster recovery.
00:00
High availability is concerned with uptime,
00:00
and this is usually managed
00:00
within the same environment as
00:00
your primary system and this has
00:00
a direct impact on your patch management strategy.
00:00
This is because many systems
00:00
need a reboot after a patch,
00:00
although not all systems do.
00:00
While disaster recovery is about
00:00
business continuity and it's usually in a secondary site.
00:00
Disaster recovery affects the design
00:00
based on the RTO and RPO,
00:00
which is the restore time objective,
00:00
time taken to get back up and running,
00:00
and the restore point objective,
00:00
which is at what stage the data restore to.
00:00
The smaller the numbers of these,
00:00
the higher the cost of the solution.
00:00
In many cases, since
00:00
your recovery site is a remote location,
00:00
this has great dependencies on
00:00
your network bandwidth and that directly
00:00
affects your costs and
00:00
since it's about business continuity,
00:00
these numbers are usually dictated by the business.
00:00
Check with the business owners of their systems on
00:00
their recovery objective and
00:00
right-size your solution to meet the business objectives.
00:00
Now, the threats to
00:00
high availability could be unstable application,
00:00
a load beyond the capacity plan,
00:00
misconfiguration, or simple equipment failure.
00:00
For DR, it's usually when a site is destroyed,
00:00
a very large scale and prolonged power outage,
00:00
or natural disasters such as earthquakes.
00:00
Environmental threat modeling does play
00:00
a part in a lot of DR scenarios.
00:00
Some of the control measures you can have to achieve
00:00
HA could be the use of a good load balancer,
00:00
employ a stateless design for your applications,
00:00
make use of reliable messaging
00:00
that can guarantee delivery,
00:00
and redundancy for everything
00:00
to counter equipment failure.
00:00
Obviously, this comes at a cost.
00:00
Some techniques to help with DR design
00:00
could be taking regular snapshots,
00:00
have transaction logs that can be replayed,
00:00
or even old-fashioned two-phase
00:00
commits to remote database so that we can
00:00
guarantee that the remote database would be the
00:00
same as your primary production database.
00:00
Moving on to supply chain security.
00:00
This covers the upstream and
00:00
downstream effects of components in the system.
00:00
This is extremely difficult to
00:00
manage in current IT landscape
00:00
as nobody builds everything from
00:00
scratch and in many cases,
00:00
vulnerabilities are introduced,
00:00
true vulnerabilities in your sub-components.
00:00
Some of the more common supply chain
00:00
security threats are the use of
00:00
open-source libraries as seen
00:00
in the OpenSSL case a few years ago.
00:00
Hardware supplier, for example,
00:00
entails Meltdown and Spectre vulnerabilities,
00:00
the use of shared libraries can
00:00
cause vulnerabilities to crossover system,
00:00
same for common tools,
00:00
and even the compiler use as you can
00:00
read the details from the link supplied.
00:00
What can we do about this?
00:00
Well, always plan for
00:00
alternative source in case vulnerabilities are found,
00:00
make sure you have update plans
00:00
from your components supplier,
00:00
and always plan for the worst case
00:00
not if it happens but when it happens,
00:00
and do pay attention to intel feeds
00:00
on exploits in certain libraries that you might be using.
00:00
For open-source libraries,
00:00
do employ technologies like
00:00
source composition analysis to make
00:00
sure that the libraries are clean before
00:00
you put them into your applications.
00:00
Now, wrapping up, in this session,
00:00
we covered the basics of
00:00
vulnerability and patch management,
00:00
talked about high availability and
00:00
disaster recovery for availability management,
00:00
and some of the areas to pay
00:00
attention to in supply chain security.
00:00
This is a very good source of information regarding this.
00:00
I have shared two links for further reading;
00:00
one on configuration and vulnerability management and the
00:00
other on the best practice in
00:00
the cyber supply chain risk management area.
00:00
Do take the time to read these documents.
00:00
Well, this concludes
00:00
the basic enterprise security areas.
00:00
In the next session,
00:00
I will cover on a very important topic,
00:00
which is Cloud security.
00:00
If you have the time, please join me. Thank you.
Up Next