Patch, patch and patch !
This has been the go-to mantra of security professionals and the recent WannaCry ransomware attack has highlighted its importance once again.
Seqrite EPS with Centralized Patch Management -
Proven Security Approach for Ransomware Protection
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Centralized Patch Management - Proven Security Approach for Ransomware Protection
1. www.Seqrite.com
Centralized patch management solution for all
Microsoft application vulnerability patching
needs.
Seqrite Endpoint Security.
Patch Management : Overview
Technical Training Department
Quick Heal Technologies Ltd.
1
2. www.Seqrite.com
Contents
• What is Patch Management
• Why patching plays an important role in every organization’s security?
• Examples of incidents in which software vulnerabilities have been an enabler of security breaches
• How does Seqrite help?
• What can you do with SEPS Patch Management?
• Patch Management Reports
• Key Benefits of Patch Management
2
3. www.Seqrite.com
What is Patch Management
3
Patch Patch Management
A Patch is piece of software designed to
update computer applications, programs
to fix security vulnerabilities and other
bugs in order to improve the usability or
performance.
Patch management is the process of using a
strategy and plan of what patches should be
applied to which systems at a specified time.
5. www.Seqrite.com 5
“Enterprises that implement a vulnerability management
process will experience 90% fewer successful attacks...”
Gartner, Predictions for IT Security Directors in 2007
6. www.Seqrite.com 6
As per data published by CVE Details, in 2016 the most vulnerable Windows applications were Adobe Flash Player, Adobe
Reader, Adobe Acrobat, VLC media player, Oracle JRE(Java) and web browsers such as Firefox, IE etc.
Important Stats
8. www.Seqrite.com
MYTH REALITY
We’re protected since we already have a firewall
and an Intrusion Detection System.
Despite all the attention that firewalls, anti-virus applications and
Intrusion Detection System (IDS) receive, security vulnerabilities
still plague organizations.
Why patching plays an important role in every organization’s security?
Our Company isn’t a target for attacks
• If you look at recent events you will see, Ransomware like
WannaCry and Troldesh attacked enterprises and systems at
random, based on specific vulnerabilities.
• On the other hand, it is not just large enterprises that need to
be concerned about targeted attacks.
• Any organization can become the target of a disgruntled
employee, customer or contractor. So, it is important to move
beyond the “it can’t happen to me” feeling of security.
9. www.Seqrite.com 9
• Here they release software/ Operating System attackers & hackers out there looking for loopholes and vulnerabilities that will let
them in.
• The fact is no software or Operating system is bullet proof.
• Managing and updating software updates is a daunting challenge for enterprises.
Why patching plays an important role in every organization’s security?
10. www.Seqrite.com
Examples of incidents in which software vulnerabilities have been an enabler of security breaches
In 2016, there were 702 million attempts to launch an exploit – malware that uses bugs in software to infect devices with
additional malicious code like banking Trojans or ransomware. This is 24.54% more than in 2015.
The number of corporate users attacked by exploits increased 28.35% to reach more than 690,000, or 15.76 % of all users attacked
with exploits.
India ranks 10th in the list of Global Web Application Attack Source Countries while it is fourth on the list of top target countries
for web-application attacks, according to a new report by Akamai Technologies Inc., a global player in content delivery network.
11. www.Seqrite.com
Recent Security Breach due to Windows Vulnerability
Patch, patch and patch !
This has been the go-to mantra of security professionals and the recent WannaCry ransomware attack has highlighted its importance once
again. A large number of PCs worldwide were not patched with the latest update from Microsoft windows which led to the recent WannaCry
ransomware havoc worldwide.
What was the scenario?
• On Friday, 12 May 2017, over 200,000 computers across 150 countries including India were infected by the WannaCry ransomware attack.
• WannaCry is a ransomware that encrypts all the data files on the infected computers and asks users to pay 300 USD to restore the files. If the
ransom is not paid in three days it threatens to double the ransom amount.
• Solution offered by Microsoft: Update your OS else apply MS17-010 patch on computers.
Why did it happen? Microsoft had released patch for the same in March, 2017. However, systems that did not apply this patch were affected by the
WannaCry ransomware
Conclusion: Only those windows systems were affected by this Ransomware which were not patched by MS17-010 released by MS in Mar-17.This
scenario could have been avoided if Patch Management was placed in networks to patch-up the systems on a single click.
13. www.Seqrite.com
Seqrite EPS Patch Management
13
• Patch Management enables the centralized management for checking and installing the missing patches for the applications
installed in your network.
• Allows Administrator to download and apply only require patches on EPS Clients.
• Not mandatory to have WSUS configured in your organizational network , allows to download updates directly from Microsoft
Server.
• Can be deployed on same EPS Console System or on a separate system also.
• Not mandatory to have Network OS(Win Server OS) to deploy EPS PM Server, can be installed easily on either on Network OS or on
client OS also.
• Systematic reports availability on EPS Console Server about installed patched on endpoints.
• Can be configured and applied to groups and policies separately as per organizations requirement.
14. www.Seqrite.com
Patch Management: Overview
14
Patch Categorizations
Missing Patches
Automatic Installation
Critical
Important
Moderate
Low
Unspecified
Managing the Patch
Frequency
Exception
Helps to detect and install missing patches for Microsoft & Non –Microsoft Applications and Windows OS
Patches are categorized as per severity level, thus allowing to prioritize the patch install process
Vulnerability may allow code execution without user interaction.
Vulnerability may result in compromise of the confidentiality, integrity or availability of user data.
Impact of vulnerability is mitigated to a significant degree by factors such as authentication requirement or applicability only to non-default
configurations.
Impact of vulnerability is comprehensively mitigated by the characteristics of the affected component.
Vulnerability may result in random malfunctions.
Scheduling the frequency of patch scanning is possible. If any client is offline during the scheduled time a notification is sent.
Scheduling the system to automatically install missing patches is also possible.
In production or testing environment, there may be a requirement where operating system or applications are required in the unpatched
form. To facilitate this, patch install exclusion is provided where the admin can exclude endpoints from patch installation.
16. www.Seqrite.com
Patch Management- Key Benefits
16
Security: Patch Management helps to keep your network secure from malware attacker who targets software and OS vulnerabilities, by Auto
download of patches based on the severity.
Improves Productivity: Many times vendor bugs or unexpected crash of applications results into unwanted network downtime, Patch
Management helps to keep all these things at bay by downloading such fixes in the form of patches.
Compliance: Organizations need to be secure enough to be able to protect employee data, customer data etc. Unpatched applications are
vulnerable to attack, which may further result in business loss, penalties and fines. Patch Management enables the organization to meet the
compliance criteria.
Better utilization of IT Department: Manual process of Patching systems and applications takes too much and efforts of IT team, Patch
Management is an Automated Patching Tool which downloads and installs patches from centralized location. This helps to reduce the burden
of IT staff.
Endpoints are safeguarded against web based threats, these are threats which targets users while they are browsing the internet. Most of
these programs target operating systems and programs such as:
• Java
• Adobe Reader
• Windows OS and Internet Explorer