The course is part of these learning paths
Course Introduction and Security Basics
Governance, Compliance and Risk
In the last decade the nature and complexity of security attacks have increased tremendously. From simple attacks, which focused on hacking exposed web pages; we have evolved to stealthy attacks, which focus on the hacker staying hidden for years on end inside the victim’s network with the sole purpose of stealing data. To make matters worse, more and more companies have started to store their data in the cloud, thereby transferring part of the responsibility of securing that data to the cloud service provider. Therefore these days the cloud service is entrusted with the task of providing adequate security to the data and services that it provides to customers. While making a decision to move to the cloud, the two main metrics that enterprises look at tend to be cost and security risk.
Ensuring that all the servers used in the cloud application are appropriately patched is one of the most basic and most critical function of the security group. I cannot stress the importance of this function. While all the production servers used are important, we also need to make sure that all the laptops, desk servers, server storing cord, and pretty much every device used in the cloud application either directly or indirectly is patched on a regular basis.
An effective patch management system needs to be put in place. The main purpose of the vulnerability management system is to test the effectiveness of the patching process. The first step in putting VM in place is to go back to the asset inventory and then do a discovery scan using a VM tool such as and confirm that all the devices that were discovered in the scan are accounted for. Please note, there should be a one-on-one matching with the assets discovered in the scan to the listing in the asset register. If there is an asset in the register that was not discovered in the scan, then that asset needs to be found. If there is an asset that was discovered in the scan that was not present in the asset register, then an investigation needs to be performed to figure out why that asset was left out. Once the asset discovery has been completed, we need now to prioritize our assets. Remember our discussion on risk evaluation. Go back to that lesson, find out which assets matter most and try grouping them into categories. For example, internet facing servers on which the application runs would be the most important category. Next, come up with a scanning schedule. It is not practical to scan all the devices in the company at the same frequency so highly critical servers will be scanned every week.
Second priority will be scanned every two weeks and so on and so forth. Once the schedule has been drawn up, you are now free to start scanning. Once the scanning has been carried out for one category, start prioritizing the vulnerabilities. Time and resources are scarce so prioritize and first take care of what is high priority. Once the security group has prioritized and categorized the vulnerabilities, we can start assigning the vulnerabilities in order of the groups to which the servers belong. So for example, vulnerabilities detected in the servers hosting the eCommerce servers will be sent to the eCommerce infrastructure team. Next, the team starts to have a patching schedule and goes out and does the patching. This needs to be streamlined because usually, servers need to be rebooted after a patch and so backup servers need to be started up in order to ensure that the application service is not disrupted during the patching process.
Once the server management team has confirmed that the patches have been applied, the security team will do a confirmatory scan and confirm that the patches are in fact in place. It is very important that the security team does the confirmatory scan and does not delegate this activity to the patching team. Next, it is very important to prepare metrics on the kind of vulnerabilities that were discovered and the kind of problems that were faced while closing them. This is important as it helps in noticing any trends and will provide useful information while trying to improve the security process.
About the Author
Vish Chidambaram is an Award-winning Enterprise Security Leader with 18+ years of experience skilled in areas spanning Automation, Security Operation Analytics and Reporting, Threat Management Life cycle, Agile/DevOps environments, SaaS/Cloud security, Business Development/Consulting, Program Management and more. Most Recently Vish was the CISO at Rubicon Project, which is a SaaS based ad marketplace where he was responsible for securing a high performance SaaS platform with 40billion transactiions per day. He pioneered the integration of security in DevOps, by using automation, orchestration and machine learning tools He is passionate about teaching security and believes staying current is particularly relevant in the security industry. He also mentors security professionals and advises them thru career transitions. and details can be found at datacoreacademy.com or writing to firstname.lastname@example.org His linked in page is https://www.linkedin.com/in/vish-chidambaram/