2 hours 35 minutes
All right. Welcome to less than 3.6. It's gonna round out our module here. We're gonna talk about remediation and prioritization.
So in this video, you're gonna learn ways to identify, determine all the vulnerabilities in an environment we touched on some of this earlier. We're gonna really dive deep here, um, and get a good examination into prioritising vulnerabilities for effective remediation. So we're not just remediating everything. Let's let's make this effective
on efficient. And then how we can automate
automation is huge. Let's let's try toe cut out this overhead and make this easier. Um, and how executives can really support those efforts from the management level.
again, this is something that kind of goes through all the modules. We really need to make sure we identify what we have. Because if we don't know, we can't actually remediate things effectively. We're gonna have vulnerabilities pop up over and over again that we didn't know we had, and that's gonna really slow down the patch management process.
So let's start with a full asset list. Hardware and software. Let's get everything inventory before we even start this. Ah, And then what? Projects are currently ongoing cause this is gonna affect our vulnerability remediation efforts. If we have new software that we're getting ready to implement, you know, next week
we've gotta figure out How does that affect our current vulnerability management or patch management processes?
Um, so So let's get that full inventory. And then we can start to prioritise, uh, and again, bringing in configuration Management's a big component with vulnerability management. And the more that we integrate teams together, the easier this process is going to be
Uh, this is so important because we can't remediate everything all the time. It's just there's too many vulnerabilities to money patches. So what's important to you? There's lots of tools out there. We can use eso. Let's figure out what's important. What can we use that's actually gonna help us
understanding the criticality of each system again? That's huge businesses versus customer needs and requirements. That's really going to affect how you patch, maybe for your S L. A's. You can't patch during certain times. Maybe you need to set aside certain times you're from 6 to 9 p.m. Where you can actually pass those systems.
Eso really understanding what your business seeds are versus your customer needs
and addressing those requirements.
Uh, do you follow federal private sector regulations that we mentioned in the previous module? You know, do you Do you have to follow any sort of regulations or reporting requirements before you can continue? Because that's all gonna play into prioritization,
uh, critical systems first, of course. But we want to think about exploitable vulnerabilities to. So let's let's take a look at this in many different ways so we can figure out what's actually most important.
Um, and I think it's important to note that exploitable vulnerabilities can actually be identified as mediums. High score critic ALS. It really depends on what the system is, what the application is, how much is it used all those things. They may actually be identified as a medium, so it's important to know that
highs and critical zehr important. But we also need to look at medium vulnerabilities to
considerations for vulnerability. Chaining this is so important. So if if there's one take away, it's really that you know vulnerabilities can be used in combination to create more severe attacks, and that's vulnerability, chaining so from an executive leadership standpoint, I think it's just important to understand that this is possible. And this is how a lot of
sophisticated hackers are working.
They will try to exploit one thing. To get to another, to get to another, you know, to retain that foothold. Once they've routine their foothold, Are they gonna create a backdoor? Are they going all those things that go together? Um,
so it's important to understand the concept of vulnerability, chaining and what it means to prioritization efforts.
Automation? Uh, I prefer this has automate all the things. And it's true. What? Whatever. Weaken dio using python, different coding methods, different scripts, a great way to automate reporting and alerting.
I don't wanna have to log into 15 different systems. I want my information to come to me. So whatever I can do to get this information to me, so I don't have to keep logging into a 1,000,000 different tools. That's the way to do it.
Um, considering patching systems immediately,
there are a lot of situations where this makes sense where you can just patch immediately. Don't maybe secondary server, so you can patch immediately or all of your death servers any any, um, admin boxes, though, should all be patched immediately on. There's lots of tools that can support this effort,
so patch development or secondary systems immediately, um, as we discussed, but then putting others may be on a delayed schedule so you can patch a bunch of stuff immediately. If something breaks. You have a delayed schedule, so maybe they won't patch for a few days or a week so you can stop that delayed process and say, Whoa, hold up. Pause that
until we fix what happened with our patches and what's going on
with maybe a broken patch before you move on to the other. Systems
using virtual ization or high technology have only one image We brought this up before. Automate that. Make that easier, lower administrative overhead. Make it easier, less vulnerabilities. Lower your risk profile
makes it much easier to patch. Easier to test things when you have virtualization or using cloud technology.
Executive support. So what can you dio from an executive management standpoint?
With each new product application comes vulnerabilities and overhead. That means cost, So we need to figure out if we're installing this new application where buying this new application does it make sense. That really makes sense, because we're gonna have to think about not just the cost of the application of the licensing,
but all the resource Is there gonna be needed to maintain that application over time configuration and management.
Um, so think about consolidation efforts when you're thinking about new technology. So if you have your architecture team out there trying to consolidate, um, products that could really help. Uh, just from an overall standpoint, reduced costs and licensing products. All of that,
um, you accompany showing vulnerability management
help to support the security nightie staff, every mediation efforts, you know, if they come through and say, Hey, we've got these top three vulnerabilities we'd really like to focus on these to get these done. Help support them in, you know, in any way possible so that they can get those things done. Because if they've identified them as an issue, it could be a major impact on your business.
Request reports. You know, from executive standpoint, you don't see 200 pages of reports. Do you want to see a once one pager, top 10 vulnerable systems or top 10 exportable vulnerabilities? Whatever helps you get kind of a feel for what's going on in the environment so you can get a real idea of what's going on. How many systems do you have? How many are affected? All those things.
So that way you can see all of the hardware, software, anything that you have in the environment.
So in today's video, we talked about
how to really identify all those systems and then vulnerabilities as well In your organization. Uh, how we're actually gonna prioritize vulnerability remediation efforts and not, you know, expend a bunch of resource is in time and effort and budget on things that you aren't important or won't help.
Uh, how to automate, which will ultimately improve vulnerability management practices
and help your team toe work on other things on then, how executive leadership can support vulnerability management from that management level can really help to improve efficiency.
All right, And that's it for this video. I will see you in the next module