We Have Met the Enemy

WE HAVE MET THE ENEMY AND HE IS USBSIDES SEATTLE 2013

DAVID F. SEVERSKI, @DSEVERSKI

AGENDA

The Dark Side Discovery All The

Things

Shiny Rocket Ships and Puppies

AKA…WHO THE FSCK ARE YOU?

Come to the Dark Side…

DATA-DRIVEN DISCOVERY

INITIAL REPORTING AND TRACKING

Discover

Open Finding

Define Remediation Actions

Assign DateTrack

Verify

STUCK FINDINGS

“SUCCESS” OF DATE-DRIVEN FINDINGS

OpenFindings

Open Findings Over Time

Plateau of Despair

AND HOW ABOUT THAT PATCHING PROGRAM?

Number ofVulnerabilities

Vulnerability Count over Time

It’s Over 9000!!

THE DEFINITION OF INSANITY

ANALYZE THIS!

What went wrong?

Competing priorities Too much else to do.

Unscheduled work.

Why should we care? High/Medium/Low a go-go

PRINCIPLES

Use the data that’s already present

Transparent measurement process

Joint goal setting

Continuous measurement

Specify problems…not solutions (No, Really!)

Self-service reporting

SETTING PERFORMANCE GOALS

High Risk Apps

# of Severe Vulnerabilitie

sTotal

Vulnerabilities

High Risk Hosts

Measuring the Riskiest

HostsTotal Number

of Vulnerabilitie

Maintain the Program

Median Time to Patch Servers

Scan Frequency

DATA SOURCES AND TOOLS

Data Sources• CMDB• Vulnerability Scan Data• Network Configurations

Tools• PowerShell (Extraction)• SQL Server (Storage)• Tableau (Presentation)

CURRENT STATE – NEW SHINY

24 mo. pilot underway for Vulnerability Management

Established reasonable goals in consultation with ops

Regular reporting – Reporting on Demand

Incorporated security into CIO messaging

Generating lots of discussion Driving towards process and automation

Data pulled from existing systems

TO INFINITY…AND BEYOND!

IF YOU’VE GOT 99 PROBLEMS…

Don’t have your finding process be the source of problems

Takeaways Provide flexibility to the doers

Determine the goals and methods for measuring success up front

You probably have more (usable) data available than you think

Report, report, report!

THANKS!

Questions? Comments? Complaints?

@dseverski

We Have Met the Enemy

Technology

Have We Met Before?

Have you met pam margo

Brethren We Have Met to Worship

the Enemy of My Enemy Part1

ENEMY REVEALED

TITLE OPEN SANS...Belief: An opinion you consider to be a fact 5 Consciousness 6 The biggest enemy you have to deal with is yourself. If there's no enemy within, then the enemy outside

ONLINE LESSON PLANS - National Park Service · ONLINE LESSON PLANS ... “We have met the enemy and they are ours. ... beseeching me to take care of myself, and of . the cabinet of

Have you met CHARLY?

IDEAS YOU HAVE MET BEFORE

Ghosts I Have Met

Have you met with success?

The Enemy of my Enemy - d20 Radio Enemy of My Enemy/The Enemy o… · A Three Part Adventure for the Star Wars: Edge of the Empire Roleplaying Game by Fantasy Flight Games WRITTEN

Love Enemy

PARADIGM CHANGE: TARGETING ENEMY LEADERSHIP IN … · Paradigm Change: Targeting Enemy Leadership in ... insurgent networks have adapted their evasion techniques to ... Paradigm Change:

Overview Winning conditions Destroy the enemy fortress before the enemy destroys yours. That’s it! You don’t need to have more gold, destroy all of their

“They Have An Enemy,” Adkins Said. “We Don’t.” Special 3C89 They Have An Enem… · “They Have An Enemy,” Adkins Said. “We Don’t.” ... “They have an enemy,”

" We have met the enemy and they are ours.” Commodore Perry

2 Closing with the Enemy Company Team Maneuver 3 1. IDENTIFY TACTICAL PROBLEMS CO/TMs HAVE WHILE IN DIRECT FIRECONTACT WITH ENEMY FORCES. 2. RECOMMEND

We Have Met the Enemy and He is Us - Sophie J. Engle We Have Met the... · 2020-04-15 · NEW SECURITY PARADIGMS WORKSHOP SEPTEMBER 23 2008 ∙LAKE TAHOE, CA ∙SLIDE 10 POLICY EXAMPLE

Kauffman Foundation We Have Met the Enemy and He is Us(1)