Andreas Lindh I Secure
download slides (PDF)
According to the NIST National Vulnerability Database, 1,772 software vulnerabilities with a CVSS score of 7 or higher were disclosed in 2012, and 2013 is so far (at the time of writing) not looking any better.
A lot of times the window of exposure - from when a vulnerability is discovered to when a patch has been deployed - is very long. In a corporate environment, it's not unusual to rely solely on patch management and semi-static security tools such as firewalls, IPS and anti-virus for protection, and for various reasons patch deployment might take a long time or may not even be possible.
This talk will focus on why patch management is insufficient for protection against new vulnerabilities, how the traditional 'defence-in-depth' model needs to be re-architected, and finally how the window of exposure can be reduced by active response before incidents occur.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.