Surviving 0-days - reducing the window of exposure

Andreas Lindh I Secure

  download slides (PDF)

According to the NIST National Vulnerability Database, 1,772 software vulnerabilities with a CVSS score of 7 or higher were disclosed in 2012, and 2013 is so far (at the time of writing) not looking any better.

A lot of times the window of exposure - from when a vulnerability is discovered to when a patch has been deployed - is very long. In a corporate environment, it's not unusual to rely solely on patch management and semi-static security tools such as firewalls, IPS and anti-virus for protection, and for various reasons patch deployment might take a long time or may not even be possible.

This talk will focus on why patch management is insufficient for protection against new vulnerabilities, how the traditional 'defence-in-depth' model needs to be re-architected, and finally how the window of exposure can be reduced by active response before incidents occur.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.