Whether you patch monthly or every six months, the time and resource overhead is significant.... And are you even secure?
In this real-life patch test, one of our Solution Architects put a simple virtual machine through it’s paces, with fascinating results. Understand more about typical vulnerabilities and security updates found in even the most simple of servers, learn about the typical decisions being faced by organisations trying to balance operational efficiency with security and see how you can implement same-day protection for vulnerabilities in critical systems, even without patching or during a change freeze.
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Real-life patch test - vulnerabilities found in one simple server in 6 months
1. Vulnerabilities found in one server in 6 months
A real-life patch test
Copyright 2011 Trend Micro Inc.
2. Whether you
patch monthly…
Or every six months
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 2
3. Whether you
patch monthly…
Or every six months
The time and resource
overhead is significant
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 3
4. Whether you
patch monthly…
Or every six months
The time and resource
overhead is significant
And are you even secure?
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 4
5. One of our Solution Architects
PATCH put a simple virtual machine
TEST through it’s paces… with
fascinating results…
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 5
6. 26 July 2011
Simple VM built with
WIN2008 R2 only… No
apps, no IIS, no SQL Server
This build could equally
apply to a physical server
Copyright 2011 Trend Micro Inc. 6
7. 6 months later…
A large number of updates
are available
Remember this is still only
one VM running nothing
more than WIN2008 R2
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 7
8. Look up the
Knowledge Base
number and find
the update
6 months Now the hard
later…
work begins….
A large number of updates
are available
Remember this is still only
one VM running nothing
more than WIN2008 R2
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 8
9. Take a closer look at the updates
09 AUG 2011… 7 important updates… 13.2MB… REBOOT REQUIRED
23 AUG 2011… 1 important update… 3.6MB… NO REBOOT
13 SEP 2011… 3 important updates… 65.4MB… NO REBOOT
11 OCT 2011… 4 important updates… 34.6MB… REBOOT REQUIRED
25 OCT 2011… 1 important update… 36K… NO REBOOT
08 NOV 2011… 2 important updates… 2.4MB… REBOOT REQUIRED
13 DEC 2011… 5 important updates… 26.1MB… REBOOT REQUIRED
29 DEC 2011… 3 important updates… 14.3MB… NO REBOOT
10 JAN 2011… 5 important updates… 19.1MB… REBOOT REQUIRED
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 9
10. A total of 31 important security
updates were announced over 6
RESULTS
months, with approx. every other
patch requiring a reboot
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 10
11. How can you reboot a
mission critical system
that cannot be taken offline?
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 11
12. How can you reboot a
mission critical system
that cannot be taken offline?
How can you reboot
any system
during a CHANGE FREEZE?
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 12
13. Significant cross-referencing and
assessment of each update needs to be
IMPACT undertaken by a skilled administrator.
What else will the update impact? What else is
vulnerable? What is the impact on our risk posture?
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 13
14. Patch detail
Patch #1
Cumulative Security
Update for ActiveX Killbits
for Windows Server 2008
R2 x64 Edition
(KB2618451)
http://go.microsoft.com/fwli
nk/?LinkID=232507
ms11-090
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 14
15. Patch detail
Patch #1 PATCH #2
Cumulative Security Cumulative Security
Update for ActiveX Killbits Update for Internet
for Windows Server 2008 Explorer 9 for Windows
R2 x64 Edition Server 2008 R2 x64
(KB2618451) Edition (KB2618444)
http://go.microsoft.com/fwli http://go.microsoft.com/fwli
nk/?LinkID=232507 nk/?LinkID=232505
ms11-090 ms11-099
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 15
16. Patch detail
Patch #1 PATCH #2 PATCH #3
Security Update for
Cumulative Security Cumulative Security Microsoft .NET Framework
Update for ActiveX Killbits Update for Internet 3.5.1 on Windows 7 and
for Windows Server 2008 Explorer 9 for Windows Server 2008 R2 SP1 for x64-
R2 x64 Edition Server 2008 R2 x64 based Systems
(KB2618451) Edition (KB2618444) (KB2539635)
http://go.microsoft.com/fwli http://go.microsoft.com/fwli http://go.microsoft.com/fwlink
nk/?LinkID=232507 nk/?LinkID=232505 /?LinkID=218325
ms11-090 ms11-099 ms11-069
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 16
17. Patch detail
Patch #1 PATCH #2 PATCH #3
Security Update for
Cumulative Security Cumulative Security Microsoft .NET Framework
Update for ActiveX Killbits
for Windows Server 2008 WHICH WILL
Update for Internet
Explorer 9 for Windows
3.5.1 on Windows 7 and
Server 2008 R2 SP1 for x64-
R2 x64 Edition Server 2008 R2 x64 based Systems
(KB2618451)
http://go.microsoft.com/fwli
YOU PATCH??
Edition (KB2618444)
http://go.microsoft.com/fwli
(KB2539635)
http://go.microsoft.com/fwlink
nk/?LinkID=232507 nk/?LinkID=232505 /?LinkID=218325
ms11-090 ms11-099 ms11-069
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 17
18. Some hours later and all 31
security updates located and
assessed
23 out of 31 patches are
related to security
vulnerabilities
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 18
19. 1 VM, 1 OS, 31 patches
23 of which relate to security vulnerabilities
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 19
20. 1 VM, 1 OS, 31 patches
23 of which relate to security vulnerabilities
For a typical organisation with servers running 50
multiple operating systems and applications, this is
a costly and resource intensive operation
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 20
21. 1 VM, 1 OS, 31 patches
23 of which relate to security vulnerabilities
For a typical organisation with servers running 50
multiple operating systems and applications, this is
a costly and resource intensive operation
Unlike the simple VM, most organisations will not be
able to automatically install updates. Individual
updates or batches of updates will need to be tested
and deployed manually to allow for them to be
backed out in case of problems during installation.
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 21
22. How do you balance
operational efficiency
with security?
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 22
23. How do you balance
operational efficiency
with security?
You want to install the minimum
number of security patches for
BASE LEVEL protection
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 23
24. How do you balance
operational efficiency
with security?
You want to install the minimum
number of security patches for
BASE LEVEL protection
But you want visibility of all security
vulnerabilities?
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 24
25. Virtual Patching: Proactively shield vulnerabilities
Solution in critical systems, even without patching
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 25
26. Trend Micro Deep Security
Virtual Patching Solution
Detects and blocks known and zero-day attacks that target vulnerabilities
Shields web application vulnerabilities
Increased visibility into, or control over, applications accessing the network
Fully integrates with VMware and provides visibility at the hypervisor
level, removing the risk of attacks not being visible within virtualised
environments
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 26
28. On the same VM running
WIN2008 R2
This screen shows results of
Trend Micro Deep Security
Recommendation Scan :
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 28
29. On the same VM running
WIN2008 R2
This screen shows results of
Trend Micro Deep Security
Recommendation Scan :
… After security updates
concerning local
logon, SSL protocol and
kernel were discounted…
…. Deep Security identified
and proactively shielded 13
security updates
… And then identified and
shielded a further 11
security updates for which
there may be no patches
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 29
30. Recommendations
Assess the effectiveness of your patch
1 management process
Calculate the cost and risk of emergency
2 patching
Request a demo of Trend Micro Deep Security
3 And see how virtual patching could reduce IT resources
and costs while enhancing the security and compliance of
your data centre applications
www.trendmicro.co.uk
01628 400552
Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 30