Effective Patch Management for Clients and Servers Todd

Effective Patch Management for Clients and Servers Todd Murray Sr. Systems Engineer Effective Patch Management for Clients and Servers – Altiris™ Patch Management Solution from Symantec 1

Agenda 1 Challenges, Potential threats and risks 2 Symantec’s approach to patching 3 The Symantec Advantage 4 Coming soon from Symantec Effective Patch Management for Clients and Servers 2

Patch Management Remains a Challenge 90% NONMICROSOFT PATCHES of successful attacks occurred against previously known vulnerabilities 1 Managing the Next Generation of Client Computing, Terrance Cosgrove, Feb 8, 2011, Gartner Effective Patch Management for Clients and Servers BROWSERS AND PLUG-INS CRITICAL According to Gartner, all internet-based applications, especially browsers and browser plug-ins, should be a top patching priority. APPLICATION COMPLEXITY REPORTING IS A CHALLENGE Tracking compliance against mandated patches is essential to eliminate vulnerabilities TESTING DELAYS PATCH ROLL-OUTS According to a Network World survey, custom application and patch testing was a primary reason for delays in patching. COMPLIANCE

Given the sheer number of software patches, IT security and operations professionals must prioritize patching efforts to focus on those that have the biggest impact on your security posture Application Control: An Essential Endpoint Security Component Chenxi Wang, Ph. d. and Chris Sherman, Forrester, September 7, 2012 Effective Patch Management for Clients and Servers 4

Much as it has in the past, the most common malware infection vector continues to be installation or injection by a remote attacker…via web application vulnerabilities 2012 Data Breach Investigations Report, Verizon Effective Patch Management for Clients and Servers 5

“All internet-based applications especially browsers and browser plug-ins (i. e. , Adobe and Apple Quick. Time), should be a top patching priority. Gartner Research Note, “Top 10 Steps to Avoid Malware Infections” Effective Patch Management for Clients and Servers 6

The importance of patching 3 rd party applications Top Cyber Security Risks Priority One: Client-side software that remains unpatched More than ⅔ of all endpoint vulnerabilities are found in 3 rd party desktop applications National Vulnerability Database Top 5 Vulnerable Applications Apple Safari | Mozilla Firefox | Google Chrome | Microsoft Internet Explorer | Adobe Flash Player Effective Patch Management for Clients and Servers Internet Security Threat Report (2011) § 30% increase in the overall number of vulnerabilities (6, 253) § 161% increase in new vendors affected by vulnerabilities § Chrome and Safari vulnerabilities on the rise § 346 vulnerabilities affecting browser plug-ins 7

Potential vulnerabilities at the front door “The top 5 browsers combined had 351 reported vulnerabilities in total in 2011, and Adobe Flash and Java vulnerabilities increased both by 3 percent in 2011” Symantec Internet Threat Security Report, Volume 17 Acrobat Air Flash In-Design Reader Shockwave Chrome Desktop Earth Picasa Talk i. Tunes Quick. Time Safari Browsers, Utilities, and more AOL Real. Player Source. Forge EMC Real. VNC Sun Java Mozilla RIM Win. Zip Opera Skype Yahoo Effective Patch Management for Clients and Servers Provisioning Services Single Sign-On Virtual Desktop Xen. App Xen. Desktop More… 8

Top 15 most vulnerable products (2011) Vendor Google Apple Microsoft Mozilla Microsoft Linux Apple Mozilla Application Chrome Webkit Win Server 2008 Windows 7 Windows XP Firefox Win Server 2003 Windows Vista Windows 2003 Server Linux Kernel i. Tunes Mac OS X Server Thunderbird Seamonkey Type # of Vulnerabilities Application OS OS OS Application 266 110 105 102 101 95 95 85 83 78 72 67 67 66 *CVE, Top 50 Products By Total Number of “Distinct” Vulnerabilities in 2011 Effective Patch Management for Clients and Servers 9

Top 15 most vulnerable applications Application Apple Safari Mozilla Firefox Goggle Chrome Microsoft Internet Explorer Adobe Flash Player Adobe Reader Java Runtime Environment Adobe Acrobat Adobe Air Mozilla Sea. Monkey Microsoft Office Mozilla Thunderbird Adobe Shockwave Player Oracle Database Server Microsoft Visio Total High Medium Low Score 81 44 61 34 34 34 28 32 28 26 22 18 18 9 3 2 3 1 1 0 0 5 0 0 1 0 3 3 71 30 30 30 34 34 5 32 28 20 22 14 18 0 0 8 11 30 3 0 0 18 0 0 5 0 3 0 0 0 413 236 205 178 170 168 160 140 130 110 98 90 81 75 *Based on data feeds from National Vulnerability Database Effective Patch Management for Clients and Servers 10

Security vs. operations Help Security and Operations teams strike an optimal balance between risk and cost SECURITY TEAM: RISK OPERATIONS TEAM: IMPACT & COST Remediate vulnerabilities § § Patches & workarounds Coverage § § Coverage § Accurate priorities § Optimal process § Minimal impact § Up-to-date status reports Accurate priorities § Timeliness § Up-to-date status reports § Effective Patch Management for Clients and Servers 11

Symantec Approach to Patch Management Effective Patch Management for Clients and Servers 12

Symantec approach to patch management Best Practice based on the “ 4 A Model” Security Team Risk Assessment Compliance Report Advancement Client Computing and Server Admins Change Management Team Remediation Strategy Effective Patch Management for Clients and Servers 13

Assessment phase Primary Role: Security Officer Inputs: § Security advisories/bulletins and threat management alerts/feeds § List of endpoints that are likely to have a given vulnerability Goals: § Learn as soon as possible about potential updates § Perform an initial evaluation of the situation § Assign a priority to updates § Promptly notify the appropriate people/organizations Output: § Risk Assessment assigning priority to each update Effective Patch Management for Clients and Servers Security Team Risk Assessment Compliance Report Advancement Client Computing and Server Admins Remediation Strategy Change Management Team 14

Assessment phase – devices affected Effective Patch Management for Clients and Servers 15

Assessment phase – define custom severity levels Severity 1 – Significant impact on organization Severity 2 – Moderate impact on organization Severity 3 – Minimal impact on organization Effective Patch Management for Clients and Servers 16

Release vehicles ü Monthly Releases § Rollout triggered by Microsoft Patch Tuesday (second Tuesday of each month) § All new Severity 2 updates released within the past month § Includes both Microsoft and non-Microsoft updates ü Bi-annual Releases § Rollout to begin on Thursday following monthly release during February and August § All new Severity 3 updates released since prior release cycle § Includes both Microsoft and non-Microsoft updates ü Out of Band Releases § No set rollout schedule § Used for Severity 1 updates § Includes Microsoft and non-Microsoft updates Effective Patch Management for Clients and Servers 17

Analysis phase ü Primary Role: Change Manager Inputs: § Risk Assessment ü Goals: § Identify the full scope § Assess the potential impact § Deliver the Remediation Strategy ü Output: § Remediation Strategy, which identifies updates to be applied, endpoints to be targeted and excluded, roll back plan, etc. Security Team Risk Assessment Compliance Report § Effective Patch Management for Clients and Servers Advancement Client Computing and Server Admins Remediation Strategy Change Management Team 18

Analysis phase – phased rollouts ü To mitigate risk, rollout updates to different groups of computers in phases § Test environment (lab) § Pilot group (often subset of IT group, or power users of an application) § Production (computers in production environment often broken down into multiple groups) ü If problems discovered during testing § Defer rollout of update § Exclude certain computers from rollout ü In addition to prioritizing updates, also prioritize groups of computers to which update will be distributed § Business criticality § Likelihood of exposure to vulnerability § System availability requirements § System redundancy Effective Patch Management for Clients and Servers 19

Application phase ü Primary Role: Client/Server Administrator Inputs: § Remediation Strategy ü Goals: § Apply software updates on a timely basis § Apply software updates in a manner that appropriately mitigates the risks involved ü Output: § Compliance Report verifying that required updates have been successfully applied to a requisite percentage of relevant endpoints Effective Patch Management for Clients and Servers Security Team Risk Assessment Compliance Report Advancement Client Computing and Server Admins Remediation Strategy Change Management Team 20

Application phase – phased rollouts Release Date Production Group #1 Test Group (Lab) Production Group #2 Pilot Group (IT) Production Group #3 Effective Patch Management for Clients and Servers 21

Application phase – compliance reports Effective Patch Management for Clients and Servers 22

Advancement phase ü Primary Role: All Involved in process Inputs: § Lessons learned § Data analysis ü Goals: § § Security Team Risk Assessment Compliance Report Ongoing evaluation and finetuning of process Continuous improvement Advancement ü Output: § Process improvements Effective Patch Management for Clients and Servers Client Computing and Server Admins Remediation Strategy Change Management Team 23

The Symantec Advantage Effective Patch Management for Clients and Servers 24

The Symantec Advantage – Broad Coverage BROAD COVERAGE supports over 150 Microsoft products and components and over 50 third party applications, including the top 15 vulnerable applications ü

The Symantec Advantage – Simplified Process SIMPLIFIED PROCESS modeled after best practices to streamline configuration and various phases of the patching lifecycle

The Symantec Advantage – Advanced Analytics ADVANCED ANALYTICS use advanced analytics to track key performance indicators, analyze trends or create custom reports for security operations or management

The Symantec Advantage – Symantec Portfolio LIFECYCLE CONTROL SYMANTEC PORTFOLIO CLIENT MANAGEMENT SUITE Integrated solution for broader management from provisioning to updates and retirement CONTROL COMPLIANCE SUITE leverage a broader security portfolio for comprehensive systems and vulnerability management WORKSPACE VIRTUALIZATIO N AND STREAMING JUST IN TIME PATCH Virtualize applications to improve security and on-demand deliver software and updates with streaming IT RISK Providing a solid framework on which to build your IT Governance, Risk and Compliance program

Striking an Optimal Balance Symantec helps Security and Operations teams strike an optimal balance between risk mitigation and cost to mitigate SECURITY risk Vulnerabilities • Coverage • Timeliness OPERATIONS impact & cost Patches & Workarounds • Coverage • Accurate priorities • Optimal process • Minimal impact

Symantec | Connect – Business Community Forums | Blogs | Articles | Videos | Events | Downloads | Ideas 1. 1 million monthly visitors 4, 000 new items each week Get answers to technical questions Contribute technical content Earn rewards http: //www. symantec. com/connect/videos/symantec-patch-management-solution-overview symantec. com/connect Symantec Connect

Coming soon from Symantec Effective Patch Management for Clients and Servers 31

Patch Anywhere with Cloud-Enabled Management in 7. 5 Introducing Cloud-Enabled Management Comi ng Soon § Securely manage and Patch users anywhere on the internet § Eliminates the need for VPN § Agents automatically detect location § Secure trusted communications “By 2015, over 37% of the global workforce will be mobile. 1” Wall Street Journal 1 Worldwide Mobile Worker Population 2011– 2015 Forecast, IDC Research, December 2011 Effective Patch Management for Clients and Servers 32

My Office – Patched, Managed and Secured by Symantec using CEM Effective Patch Management for Clients and Servers 33

Patching Gets Smarter with Patch Management in 7. 5 § Patching that Never Sleeps Comi ng Soon - Best defense against 0 -day threats - Automatically download and deploy patches based on pre-defined criteria: Vendor, Patch Type and Filters § Change management - Predefined process leveraging templates to automatically create policies and approve requests - Roll out patch automation from test/pilot phase to full production - Complete audit trail and reporting on all patch approvals, deployments and status Effective Patch Management for Clients and Servers 34

Endpoint Management – analyst & industry accolades Symantec Named as a Leader in 2012 Gartner Magic Quadrant for Client Management Tools Symantec Positioned as a Leader in The Forrester Wave™: Enterprise Client Management Suites, Q 2 2012 BEST PATCH MANAGEMENT ALTIRIS™ CLIENT MANAGEMENT SUITE FROM SYMANTEC AUGUST 2011 NOVEMBER 2011 Source: May 2012 The Forrester Wave™: Enterprise Client Management Suites, Q 2 2012 Source: Gartner, Inc. , Magic Quadrant for Client Management Tools, Terrence Cosgrove, January 31, 2012 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose KEY POINTS • Symantec scored well because of it is investing in product capabilities that will help organizations manage an increasingly diverse set of applications and devices • Symantec delivers well-integrated mobile device management capabilities and essential Mac support, making Client Management Suite clearly the Leader above other vendors Effective Patch Management for Clients and Servers BEST MANAGEMENT SUITE ALTIRIS™ IT MANAGEMENT SUITE FROM SYMANTEC NOVEMBER 2011 BEST DEPLOYMENT/ CONFIGURATION ALTIRIS™ DEPLOYMENT SOLUTION FROM SYMANTEC NOVEMBER 2011 35

Try Patch Management today! Patch Management Solution (standalone) Client Management Suite IT Management Suite SPS Enterprise Edition for Endpoints www. symantec. com/it-management-suite www. symantec. com/patch-management-solution Effective Patch Management for Clients and Servers 36

Thank You! Todd Murray – Todd_Murray@Symantec. com Embrace Choice Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U. S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Effective Patch Management for Clients and Servers 37