Killing The Elephant In The Room - Enterprise Vulnerability Management Tactics presented at Ruxcon 2010

by Matt J,

Tags: Security Business


Summary : Technical conferences often present new and innovative research concerning vulnerability assessment, exploitation and mitigation controls. New offensive and defensive techniques have been evolving for well over a decade. In parallel to this, targeted attacks and the zero-day black-market have created a powerful underground economy that threatens the world’s wealthiest enterprises.

Unfortunately in all this madness, the fundamental practice of vulnerability management has been neglected. Large enterprises often have huge IT estates ripe with technicalities, politics, and organisational constraints. It would seem that relying purely on COTS solutions to manage vulnerabilities is deemed an easy way to tick a compliance box but is never a primary fool-proof solution for managing known vulnerabilities.

The goal of this presentation is to shift the mindset for how large organizations address the challenges of vulnerability management. A walk-through on architecting and implementing custom vulnerability management technologies will be done - for each component, different options will be presented where possible plus discussion on both technological and process challenges. The presentation will demonstrate that logical analysis and innovation can significantly evolve a typical COTS approach and give a more realist perspective on this difficult domain.

Matt J: Matt is a thought leader in procrastination and enjoys spicy food with beer.