Vulnerability Management Improvements

Meltdown and Spectre vulnerabilities have affected virtually every computer on the planet and have forced us to re-evaluate how we patch our systems. Granted these vulnerabilities weren’t as critical to our institutions as others, buying us time, but they have been complex to patch and have challenged our capabilities. Beyond this, there has been no shortage of vulnerabilities to address in our institutions. We have even created a larger attack surface fueled by IoT devices, new product and service offerings, and outsourcing/cloud solutions. This has left us in a risky position when considering the state of the art vulnerabilities leaked by government agencies, bug bounty programs, and successful cybercrime campaigns like NotPetya. More opportunities and greater cybercriminal capabilities, what can go wrong?

We will explore the current state of vulnerabilities in our environments and discuss examples of some of the riskiest ones. Additionally, we will discuss best practices to reduce the risks these vulnerabilities introduce. Patching processes are one of the best practices that need a significant update to address the growing number of software application patches, operating system patches, BIOS patches, hypervisor and hardware patches. Risks from these vulnerabilities span far beyond our networks and introduce risk for data and money stored in the hands of third party systems and customer networks.

This session will discuss the major risks that we face and outline a vulnerability management program that will strengthen the security in your institution.

Covered Topics:

  • CVSS vulnerability scoring system
  • Meltdown/Spectre
  • Ransomware enabled vulnerabilities
  • Patch Management best practices
  • Continuous Vulnerability Scanning
  • External Penetration Testing
  • Vendor Management concerns
  • Customer security issues
  • Risk reducing layered controls

Who Should Attend?

Information Security Officer, IT Manager, Risk Officer, Internal Auditor, and Network Administrators looking to understand both stronger management programs and technical solutions to vulnerabilities.