Protect: Difference between revisions
Jump to navigation
Jump to search
(Created page with "==Protection== Protection Summary == Vulnerability and Patch Management == Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches. Challenges with vulnerability and patch management in power generation facilities include: *Many rely on a manual process of identifying, prior...") |
|||
| Line 5: | Line 5: | ||
Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches. | Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches. | ||
Challenges with vulnerability and patch management in power generation facilities include: | '''Challenges''' with vulnerability and patch management in power generation facilities include: | ||
*Many rely on a manual process of identifying, prioritizing and remediating vulnerabilities is time-consuming and error-prone. | *Many rely on a manual process of identifying, prioritizing and remediating vulnerabilities is time-consuming and error-prone. | ||
*Implementation of automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations. | *Implementation of automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations. | ||
| Line 12: | Line 12: | ||
*Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018 | *Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018 | ||
Current vulnerability and patch management key practices include continuous monitoring, automated patch deployment, and vendor patch support and outsourcing: | '''Current vulnerability and patch management key practices''' include continuous monitoring, automated patch deployment, and vendor patch support and outsourcing: | ||
*Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts. | *Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts. | ||
| Line 18: | Line 18: | ||
*Vendor Support. Collaborate with vendors/suppliers to test and deploy patches in a timely manner. | *Vendor Support. Collaborate with vendors/suppliers to test and deploy patches in a timely manner. | ||
Relevant EPRI Resources | '''Relevant EPRI Resources''' | ||
*[https://www.epri.com/research/products/000000003002024344 Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security] | *[https://www.epri.com/research/products/000000003002024344 Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security] | ||
*Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security CBT | *Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security CBT | ||
*Advanced Vulnerability Grading Tool - avgt.epri.com | *Advanced Vulnerability Grading Tool - avgt.epri.com | ||
*AVGT Training | *AVGT Training | ||
Revision as of 16:28, 25 September 2024
Protection
Protection Summary
Vulnerability and Patch Management
Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches.
Challenges with vulnerability and patch management in power generation facilities include:
- Many rely on a manual process of identifying, prioritizing and remediating vulnerabilities is time-consuming and error-prone.
- Implementation of automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations.
- Dependencies on third party can introduce delay in the process of vulnerability remediation. Vendors validating the patches before the release can leave systems exposed for longer durations. To overcome this, a streamlined process should be established for validating and deploying the patches in a timely manner.
- Advisories inaccurate – In 2022, 34% of advisories contained errors (Source: Dragos)
- Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018
Current vulnerability and patch management key practices include continuous monitoring, automated patch deployment, and vendor patch support and outsourcing:
- Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts.
- Automated Patch Deployment. Cautiously deploy automated tools using test environments, change management and rollback plans to avoid accidentally disrupting operations.
- Vendor Support. Collaborate with vendors/suppliers to test and deploy patches in a timely manner.
Relevant EPRI Resources
- Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security
- Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security CBT
- Advanced Vulnerability Grading Tool - avgt.epri.com
- AVGT Training