IT patch management best practices: Overcoming the challenges

Home
Topics
Application and Platform Security
Enterprise Vulnerability Management
Vulnerability Risk Assessment
IT patch management best practices: Overcoming the challenges

IT patch management best practices: Overcoming the challenges

IT patch management best practices: Overcoming the challenges

Date: Jul 14, 2011

With targeted attacks and zero-day vulnerabilities shrinking the window of time between vulnerability disclosure and exploit availability, it’s becoming more incumbent on security managers to understand the assets in their IT environment and the patch levels of those machines.

In this presentation on vulnerability management and IT patch management best practices, application security expert Diana Kelley explains how to improve your asset discovery processes, determine the patch level of the machines in your environment, and improve testing and deployment processes to keep pace with patch and vulnerability management.

In this presentation, Kelley discusses:

Patching and remediation as a component of the vulnerability management lifecycle.
Implementing a vulnerability management program including scanning and prioritization.
Remediation: When and what to patch:
- Testing
- Deployment
- Validation
Remediation alternatives.
Keys to successful configuration and patch management lifecycle.

About the presenter:
Diana Kelley is a partner with Amherst, N.H.-based consulting firm SecurityCurve. She formerly served as vice president and service director with research firm Burton Group. She has extensive experience creating secure network architectures and business solutions for large corporations and delivering strategic, competitive knowledge to security software vendors.

This presentation was originally recorded Oct. 14, 2010.

More on Vulnerability Risk Assessment

Exploit Intelligence Project: Rethinking information security threat analysis
VIDEO - Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that.
Jose Granado on the benefits of penetration testing, ‘human hacking’
VIDEO - Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well.
Narcissistic vulnerability pimp: Baker on researchers and bug bounties
VIDEO - In a blog post, Verizon Director of Risk Wade Baker proposed a new title for security researchers looking to get attention who release bug information before a patch is released: Narcisstic vulnerability pimps.
Securely implement and configure SSL to ward off SSL vulnerabilities
Tip - Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely.
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says
News - The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report.
( Apr 25, 2012 )
Defining a full security threat
News - How would you define a security threat? The correct answer could score the funding you need for your next security project.
( Apr 12, 2012 | Security Bytes Blog )
Expert advocates for more effective pen tests, less complex security
News - A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012.
( Apr 02, 2012 )
How to ensure data security by spotting enterprise security weaknesses
Tip - How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security.

Back to top

More from Related TechTarget Sites

Cloud Security
Security Channel
SMB Security
Financial Security
Security UK
Security AU
Security IN

Cloud Security
- Cloud DLP: Understanding how DLP works in virtual, cloud environments
  
  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.
- Leveraging Microsoft Azure security features for PaaS security
  
  Organizations can boost PaaS security late in the game by implementing these stopgap measures.
- Quiz: Understanding cloud-specific security technologies
  
  Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.
Security Channel
- Biometric authentication methods: Comparing smartphone biometrics
  
  Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
- F5 Vault program embraces incentives for F5 firewall, security sales
  
  The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.
- Using DMARC to improve DKIM and SPF email antispam effectiveness
  
  DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Microsoft attempts legal action to disrupt some Zeus botnets
  
  Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.
- More than hype: Security big data helps bank to boost security program
  
  At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.
- Web application threats: What you really need to know
  
  In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
Security UK
- Prep and test your Olympics 2012 security contingency plans
  
  To maintain information security during the 2012 Olympics, security and IT contingency plans must be tested in several key areas.
- File upload security best practices: Block a malicious file upload
  
  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.
- MDM, security vendors scramble to address BYOD security issues
  
  Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
searchSecurityAU
- Cloud DLP: Understanding how DLP works in virtual, cloud environments
  
  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.
- File upload security best practices: Block a malicious file upload
  
  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.
- Android security model doing best to enable mobile malware spread
  
  At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.
Information Security
- Google Chrome gets security overhaul, patches 13 bugs
  
  Software giant updates Google Chrome stable channel to v19.0.1084.52 in a security only update.
- Android Malware Genome Project aims to nurture mobile security research
  
  Project will share data on malware targeting the Android platform. It has collected 1,200 Android malware samples.
- CEH certification gains credence in IT security domain
  
  CEH certification is much sought after in the IT security domain today. Here’s how you can obtain CEH certification and why you should attempt do so.

All Rights Reserved, Copyright 2000 - 2012, TechTarget