You are viewing 'Patch Management'

Solutionary blogs about patch management.

Fine Tuning Your Environment

Order of operations

Loren Paquette

July 28, 2016 - Posted by Loren Paquette to Security Insight

Sometimes, a little old school math can help restore order when it comes to fine tuning your environment. Let me explain.

Definitions:

Software: Specific, as in OpenSSH
Software version: More specific, as in OpenSSH 6.2
Signature: A known pattern that we are looking for. Typically this affects specific software.
Traffic: For our examples, it will be traffic that either matches a pattern or does not.
Event: An alert that says "Look at me!... read more >

eSymposium: Tackling Vulnerabilities

Zach Holt

May 03, 2016 - Posted by Zach Holt to Security Insight

Tackling Vulnerability Management

As an organization’s security posture grows, a number of responsibilities may fall under the umbrella of information security, whether it is under direct control of an information security program or delegated to another supporting IT department. One such responsibility is a vulnerable management program.

Vulnerability management is an important part of a matured information security program. At a high level, the objective of vulnerability management is to find and remediate all issues as they are identified. However, as you start examining the matter in-depth, you’ll find that you:

  • Need to have a process in place to determine priorities
  • Need to have more information than what a vulnerability scanner can provide
  • Won’t always be able to fix vulnerabilities; fix what you can and mitigate the rest

As with any good story, we’ll leave that last item for a bit and focus on the top two for now. After all,... read more >

Prevention Blog Series

Patch Your Network: A Third Step in Security

Loren Paquette

April 21, 2016 - Posted by Loren Paquette to Security Insight

Ounce of Prevention

This blog is a continuation of the Prevention blog series. The first blog, "Four Tips to Secure Your Network," discussed prevention and four tips to use to immediately help secure your network. The second blog, "Scan Your Network: A First Step in Security," was the first of four steps to assist with security, and discussed ways to scan your network. The third blog, "Secure Your Network: A Second Step in Security," covered the second step with ways to secure your network. This fourth blog will discuss the third step and how to patch your network. Links to the other blogs will be provided as they are... read more >

Patch Like You Mean It

Actively patching can help remove active, known vulnerabilities

Jon-Louis Heimerl

July 06, 2015 - Posted by Jon-Louis Heimerl to Security Insight

Solutionary Minds Blog

There is no “silver bullet” to security. No single, one security control which will answer all of our security woes.

But, time and time again, we hear of vulnerabilities which are affecting organizations, right now. A good example is the Adobe Flash Player vulnerability (CVE-2015-3113). If you check the details for the vulnerability, you can see that it has a CVSS score of 10. You can also see that it has been actively exploited in the wild; meaning attackers have been using it, and are using it right now.

This is a client system vulnerability. Adobe Flash Player runs on the user workstation. We all know that it can be difficult to keep all systems current, especially in a heterogeneous, geographically distributed environment.

But, Adobe has released a patch for this vulnerability, and applying that patch can remove a current, known threat from your environment. For more... read more >

Balancing Business and IT Risk

The Day the Business no Longer Owns The Data

Chris Gida

August 07, 2014 - Posted by Chris Gida to Security Insight

data security

Working as an information security assessor provides me with opportunities to interact with a variety of Information Technology (IT) executives and understand the core risks to organizations.

As a result, I have identified a recurring theme across many of these organizations: risks remain unaddressed due to IT blindly serving the business. Similar to the insurance and Payment Card Industry Data Security Standard (PCI DSS) models, key IT decisions result in the transference of risk instead of taking ownership of the risk.

To ensure higher profits, IT departments are driven to cut costs and remain lean. IT seems to run as if the business is responsible for all key decisions, especially when it is convenient to neglect the organization's environment.  This mantra leads to the logic “the business owns the data, so this is a business decision.”

From an information... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS