With pass-the-hash and other horizontal kill chain techniques all attackers need is one unpatched system to get started. Then as long as they can find another system – and it doesn't have to be an “important” system – to compromise they can keep moving along the horizontal kill chain until they finally reach pay dirt either in the form of a domain wide privileged account or the information itself that they seek. That's why for the past few years I've been saying you have to do everything right on every system. We've seen over and over again that it only takes one system.
In this webinar I'll be focusing on a different aspect of patch management – virtual machines. At first blush you might say – “patch ‘em – their like any other physical system” and there's some truth in that. But it's also true that virtual machines are like rabbits. They multiply fast and they appear on your network out of nowhere. Virtual machines can be cloned in seconds from templates with just a mouse click – no hardware, cabling or physical space needed. And VMs can lie “powered off” in a dormant state for months or even years and then suddenly be brought up and activated on the network at any time.
While you might be able to use traditional tools to patch live, production virtual machines – that doesn't work on offline VMs and templates.
In some security assessments, organizations rely on their normal patch process to “catch up” newly cloned systems or dormant systems when they are reactivated. But this leaves a critical window of opportunity for attackers. You have to assume malware is present on your network and actively looking for vulnerable systems. So we'll look at how to protect systems during this unpatched window of time and better yet how to prevent the window from opening in the first place. We will clearly define the risks, exposures and compliance issues stemming from unpatched virtual machines but then we'll explore the processes, controls and technologies you can leverage to address these risks such as:
- Best practices for template VM management
- How to identify dormant VMs
- How implement “first boot” controls
- Quarantine
- How to patch off-line VMs and templates
Shavlik is the perfect sponsor for this webinar as one of the first Windows focused patching solution and with their expert knowledge of virtualization. John Rush will briefly demonstrate how Shavlik Protect can manage any patch on any system including offline VMs and hypervisors.
Don't miss this real training for free ™. Please register now.