THE VELOCITY OF VULNERABILITIES. U c h e O j i m a d u S A L E S M A N A G E R, N O R D I C S / B E N E L U X / M I D D L E E A S T F L E X E R A

Transcription

1 THE VELOCITY OF VULNERABILITIES U c h e O j i m a d u S A L E S M A N A G E R, N O R D I C S / B E N E L U X / M I D D L E E A S T F L E X E R A

2 Flexera Enables an Efficient, Secure and Transparent Software Supply Chain We re reimagining the way software is BOUGHT SOLD MANAGED SECURED 2

3 Uche Ojimadu S A L E S M A N A G E R, N O R D I C S / B E N E L U X / M I D D L E E A S T F L E X E R A U O J I M A D F L E X E R A. C O M M A R T I N. D E. B E P R I A N T O. C O M

4 Agenda The Vulnerability Landscape Flexera Meets GDPR How Flexera Can Help Wrap Up & Close Grab me throughout the day for questions!

5 Data Privacy Regulation, Cybersecurity and Trade Secrets: Why does it matter? Why is it worth taking a holistic approach?

6 BY 2020, 99% OF THE VULNERABILITIES EXPLOITED WILL CONTINUE TO BE THE ONES KNOWN BY SECURITY AND IT PROFESSIONALS FOR AT LEAST ONE YEAR - GARTNER

7 Key Changes

8 The STORM is NOW WannaCry and Petya are a great examples how neglecting security patches can have a catastrophic impact on businesses. BUYER

9 The Impact of Ransomware Attacks WannaCry Cyber attack that infected over 230,000 computers in over 150 countries GDPR NIS Directive Trade Secrets Directive Technical and organizational security measures Violation of a duty to ensure a level of security Appropriate Trade Secret protection

10 THE HIGHLIGHTS Vulnerability Review 2017 by Secunia Research THE ANNUAL ANALYSIS OF THE EVOLUTION OF SOFTWARE SECURITY

11 17,000+ Verified Vulnerabilities ACROSS 2,136 PRODUCTS Flexera Vulnerability Review 2017

12 Hackers are working AROUND THE CLOCK and they are fast 12

13 The Risk Window 186 DAYS TO REMEDIATION D I S C L O S U R E A W A R E N E S S R E M E D I A T I O N T I M E T O A W A R E N E S S A W A R E N E S S T O R E M E D I A T I O N 99 % Exploit known vulnerabilities 30 DAYS Time to first exploit 13

14 Shrinking the Risk Window D I S C L O S U R E + A W A R E N E S S R E M E D I A T I O N T I M E T O R E M E D I A T I O N 30 D A Y S BEFORE Remediate It s too late 14

15 Risk Increases with Volume T I M E T O A W A R E N E S S T I M E T O R E M E D I A T I O N DAY M I C R O S O F T O S & A P P L I C A T I O N S J A V A A D O B E F L A S H O T H E R 3 RD P A R T Y A P P L I C A T I O N S U N K N O W N A P P L I C A T I O N S

16 The majority of vulnerabilities are not addressed V U L N E R A B I L I T I E S 77.5 % N O N - M I C R O S O F T 22.5 % M I C R O S O F T

17 A more comprehensive process is necessary V U L N E R A B I L I T I E S Majority of vulnerabilities unaddressed < 50 % O F V U L N E R A B I L I T E S

18 INCREASING MATURITY What s your organization s level? 18

19 What s your organization s level of maturity? 1 PA R T I A L LY P R O A C T I V E C O M P L E T E LY R E A C T I V E 2 S L O W, B U T P R O A C T I V E 4 3 E F F I C I E N T LY P R O A C T I V E

20 HOW WE HELP

21 AUTOMATE & REPORT How we help A S S E S S P R I O R I T I Z E I N T E L L I G E N C E B Y S E C U N I A R E S E A R C H F I X

22 Vulnerability Intel INTELLIGENCE BY SECUNIA RESEARCH 14 YEARS MKT LEADER S EC U N I A R E S E A R C H 55K+PRODUCTS 95 % ALERTS WITHIN ONE DAY 22

23 Assess ASSESS P R O D U C T S O V E R V I E W D E V I C E S TAT U S S E C U R I T Y S C O R E 62 T O TA L T O TA L 1 2 Secure 100% (SECURE) Insecure End-of-Life % 50-79% <50% 23

24 Prioritize PRIORITIZE P R O D U C T S B Y C R I T I C A L I T Y L AT E S T A D V I S O R I E S A F F E C T I N G Y O U R S E C U R I T Y Extremely critical Highly critical Less critical Moderately critical Date Title Installations Criticality Foxit Reader Multiple Vulnerabilities Apple itunes Multiple Vulnerabilities Microsoft Internet Explorer Multiple Vulnerabilities Google Chrome Multiple Vulnerabilities Not critical Oracle JAVA SE Multiple Vulnerabilities Apache OpenOffice Multiple Vulnerabilities 11 P R O D U C T S B Y S O L U T I O N S TAT U S Debian Update for Asterisk IBM SPSS Statistics No Fix Partial Fix Apple Quicktime Multiple Vulnerabilities McAfee Web Gateway IBM Cognos Planning Update 20 Vendor Patched VMWare vcenter Server Appliance 3 Vendor Workaround 86

25 Fix FIX S E C U R E PAT C H E S PA C K A G I N G S Y S T E M D E P L O Y M E N T Java Adobe Mozilla Google Easy to Configure Easy to configure Automation Automation Consistency Consistency 25

26 Automate & Report AUTOMATE & REPORT Policy & Compliance Orchestration Integration with ITSM APIs 26

27 Custom dashboard Visibility & Control 27

28 What our customers say I would recommend Flexera Software Vulnerability Manager. It s played a large part in the automation of our Windows patching process. Jim Anderson, IT Project Manager, Kohl s Corporation The visibility of all patch states of every client in all departments is a very powerful tool in closing vulnerabilities. Donald Ortmann, Chief Information Security Officer, DonLuigi IT-Service 28

29 Flexera Enables an Efficient, Secure and Transparent Software Supply Chain We re reimagining the way software is BOUGHT SOLD MANAGED SECURED 29

30 THANK YOU! w w w. f l e x e r a. c o m 2017 Flexera All Rights Reserved 30