Remediation/Prioritization

00:00

All right. Welcome to less than 3.6. It's gonna round out our module here. We're gonna talk about remediation and prioritization.

00:08

So in this video, you're gonna learn ways to identify, determine all the vulnerabilities in an environment we touched on some of this earlier. We're gonna really dive deep here, um, and get a good examination into prioritising vulnerabilities for effective remediation. So we're not just remediating everything. Let's let's make this effective

00:27

on efficient. And then how we can automate

00:29

automation is huge. Let's let's try toe cut out this overhead and make this easier. Um, and how executives can really support those efforts from the management level.

00:41

So identification

00:43

again, this is something that kind of goes through all the modules. We really need to make sure we identify what we have. Because if we don't know, we can't actually remediate things effectively. We're gonna have vulnerabilities pop up over and over again that we didn't know we had, and that's gonna really slow down the patch management process.

01:00

So let's start with a full asset list. Hardware and software. Let's get everything inventory before we even start this. Ah, And then what? Projects are currently ongoing cause this is gonna affect our vulnerability remediation efforts. If we have new software that we're getting ready to implement, you know, next week

01:17

we've gotta figure out How does that affect our current vulnerability management or patch management processes?

01:22

Um, so So let's get that full inventory. And then we can start to prioritise, uh, and again, bringing in configuration Management's a big component with vulnerability management. And the more that we integrate teams together, the easier this process is going to be

01:38

perverse ization.

01:41

Uh, this is so important because we can't remediate everything all the time. It's just there's too many vulnerabilities to money patches. So what's important to you? There's lots of tools out there. We can use eso. Let's figure out what's important. What can we use that's actually gonna help us

01:57

understanding the criticality of each system again? That's huge businesses versus customer needs and requirements. That's really going to affect how you patch, maybe for your S L. A's. You can't patch during certain times. Maybe you need to set aside certain times you're from 6 to 9 p.m. Where you can actually pass those systems.

02:15

Eso really understanding what your business seeds are versus your customer needs

02:19

and addressing those requirements.

02:21

Uh, do you follow federal private sector regulations that we mentioned in the previous module? You know, do you Do you have to follow any sort of regulations or reporting requirements before you can continue? Because that's all gonna play into prioritization,

02:35

uh, critical systems first, of course. But we want to think about exploitable vulnerabilities to. So let's let's take a look at this in many different ways so we can figure out what's actually most important.

02:46

Um, and I think it's important to note that exploitable vulnerabilities can actually be identified as mediums. High score critic ALS. It really depends on what the system is, what the application is, how much is it used all those things. They may actually be identified as a medium, so it's important to know that

03:04

highs and critical zehr important. But we also need to look at medium vulnerabilities to

03:08

considerations for vulnerability. Chaining this is so important. So if if there's one take away, it's really that you know vulnerabilities can be used in combination to create more severe attacks, and that's vulnerability, chaining so from an executive leadership standpoint, I think it's just important to understand that this is possible. And this is how a lot of

03:27

sophisticated hackers are working.

03:30

They will try to exploit one thing. To get to another, to get to another, you know, to retain that foothold. Once they've routine their foothold, Are they gonna create a backdoor? Are they going all those things that go together? Um,

03:38

so it's important to understand the concept of vulnerability, chaining and what it means to prioritization efforts.

03:46

Automation? Uh, I prefer this has automate all the things. And it's true. What? Whatever. Weaken dio using python, different coding methods, different scripts, a great way to automate reporting and alerting.

04:01

I don't wanna have to log into 15 different systems. I want my information to come to me. So whatever I can do to get this information to me, so I don't have to keep logging into a 1,000,000 different tools. That's the way to do it.

04:12

Um, considering patching systems immediately,

04:15

there are a lot of situations where this makes sense where you can just patch immediately. Don't maybe secondary server, so you can patch immediately or all of your death servers any any, um, admin boxes, though, should all be patched immediately on. There's lots of tools that can support this effort,

04:31

so patch development or secondary systems immediately, um, as we discussed, but then putting others may be on a delayed schedule so you can patch a bunch of stuff immediately. If something breaks. You have a delayed schedule, so maybe they won't patch for a few days or a week so you can stop that delayed process and say, Whoa, hold up. Pause that

04:48

until we fix what happened with our patches and what's going on

04:51

with maybe a broken patch before you move on to the other. Systems

04:57

using virtual ization or high technology have only one image We brought this up before. Automate that. Make that easier, lower administrative overhead. Make it easier, less vulnerabilities. Lower your risk profile

05:10

makes it much easier to patch. Easier to test things when you have virtualization or using cloud technology.

05:17

Executive support. So what can you dio from an executive management standpoint?

05:23

With each new product application comes vulnerabilities and overhead. That means cost, So we need to figure out if we're installing this new application where buying this new application does it make sense. That really makes sense, because we're gonna have to think about not just the cost of the application of the licensing,

05:38

but all the resource Is there gonna be needed to maintain that application over time configuration and management.

05:44

Um, so think about consolidation efforts when you're thinking about new technology. So if you have your architecture team out there trying to consolidate, um, products that could really help. Uh, just from an overall standpoint, reduced costs and licensing products. All of that,

06:00

um, you accompany showing vulnerability management

06:04

help to support the security nightie staff, every mediation efforts, you know, if they come through and say, Hey, we've got these top three vulnerabilities we'd really like to focus on these to get these done. Help support them in, you know, in any way possible so that they can get those things done. Because if they've identified them as an issue, it could be a major impact on your business.

06:24

Request reports. You know, from executive standpoint, you don't see 200 pages of reports. Do you want to see a once one pager, top 10 vulnerable systems or top 10 exportable vulnerabilities? Whatever helps you get kind of a feel for what's going on in the environment so you can get a real idea of what's going on. How many systems do you have? How many are affected? All those things.

06:43

So that way you can see all of the hardware, software, anything that you have in the environment.

06:49

So in today's video, we talked about

06:51

how to really identify all those systems and then vulnerabilities as well In your organization. Uh, how we're actually gonna prioritize vulnerability remediation efforts and not, you know, expend a bunch of resource is in time and effort and budget on things that you aren't important or won't help.

07:09

Uh, how to automate, which will ultimately improve vulnerability management practices

07:14

and help your team toe work on other things on then, how executive leadership can support vulnerability management from that management level can really help to improve efficiency.