vulnerable at vulnerability management · 2017. 5. 10. · vulnerability management scans also used...
TRANSCRIPT
![Page 1: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/1.jpg)
Vulnerable at Vulnerability Management
Start small and aim bigA State Agency Case Study
![Page 2: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/2.jpg)
[email protected] Me / Disclaimer2. In the Beginning …3.In the Middle …4.What about you?
5/5/2017 Vulnerable at Vulnerability Management 2
![Page 3: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/3.jpg)
About Me / Disclaimer1.HHSC Internal Audit
2.Very green….IT and Security
3.Not too much academic digression here.
4.Your mileage will vary.
5/5/2017 Vulnerable at Vulnerability Management 3
![Page 4: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/4.jpg)
In the Beginning…1.There was the worlds largest known
honeypot on the internet.
2.Some say that this network was a hackers dream.
3.Penetration testing performed had limited value.
4.Passion as a motivational driver.
5/5/2017 Vulnerable at Vulnerability Management 4
![Page 5: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/5.jpg)
Defense in Depth
So we got this onion…..how do we operationalize some processes to test HHS without tearing our eyes out?
5/5/2017 Vulnerable at Vulnerability Management 5
![Page 6: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/6.jpg)
Defense in Depth
How about part way.Focus on Network layers and determine where the topology-
US Austin, TX DIR [ via ISP’s]
State to State Agency Perimeter
Agency WAN Agency Int. Gateway
Agency LAN
5/5/2017 Vulnerable at Vulnerability Management 6
![Page 7: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/7.jpg)
Defense in Depth
Network Layers in various perspectives
Perspective 0US Austin, TX DIR [ISP’s] Perspective 1State to State Agency Perimeter
Perspective 2Agency WAN Agency Int. Gateway
Perspective 3Agency LAN
5/5/2017 Vulnerable at Vulnerability Management 7
![Page 8: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/8.jpg)
Title (hide)
5/5/2017 Vulnerable at Vulnerability Management 8
Scan Engine Perspectives
![Page 9: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/9.jpg)
Defense in Depth:Observations
1. Perspective 0a. Access -Firewall focusb. Permit – IPS Vulnerability
2. Perspective 1a. State Sharing at the Front Doorb. Removes DIR Controls (Eg. IPS)
3. Perspective 2a. DMZ or Notb. Soft gooey centerc. WAN access after pivot
4. Perspective 3a. Hosts here accessed from
outside….Yep b. LAN access after pivot
5/5/2017 Vulnerable at Vulnerability Management 9
![Page 10: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/10.jpg)
Defense in Depth:Observations
1.Effective Controls are representativea. Intrusion Prevention Blocks.b.Host Firewallsc. Host intrusion prevention
2.Scan results are effectively residual risk.
3.The plan now:a.Host enumeration for first passb.Vulnerability testing for second
pass.
5/5/2017 Vulnerable at Vulnerability Management 10
![Page 11: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/11.jpg)
Defense in Depth:Observations
1.Issues with “Scan all ip address space”a.No ping. Used common port
touches instead.b.Licensing by address space.
2.Un-credentialed scans only.
5/5/2017 Vulnerable at Vulnerability Management 11
![Page 12: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/12.jpg)
Defense in Depth:Observations
1.Product expertise.a.Black out periodsb.Scan templates.c. What does web spidering do to
scan time?
2.Exceptions- We asked but did not get much.
5/5/2017 Vulnerable at Vulnerability Management 12
![Page 13: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/13.jpg)
Defense in Depth:Observations
1.Found some exceptions the hard way.a.Mainframes are touchyb.Log sensitivity set high
email alerts can be a Denial osemail service.
c. Angry Admins must be assuaged
5/5/2017 Vulnerable at Vulnerability Management 13
![Page 14: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/14.jpg)
Defense in Depth:Observations
1.How long is this going to take?a.No Web spidering!b.Segment the Class B’sc. Enable parallel scanning
2.Host enumeration yielded ipaddresses in data but no host names.a.Allow Hostname and DNS into HHS
environment from engines onlyb.Hostnames! Yes. Reporting looks a
bit clearer now.
5/5/2017 Vulnerable at Vulnerability Management 14
![Page 15: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/15.jpg)
Defense in Depth:Observations
1.Why are we doing this again?a.Controls testing in layers to
determine effective controls.b.That is do the controls in place
really work.c. How do you know?d.What is your residual risk?
2.Ok. Just checking. Geez..
5/5/2017 Vulnerable at Vulnerability Management 15
![Page 16: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/16.jpg)
Armor testing• Perspective 0• Perspective 1• Perspective 2• Perspective 3
5/5/2017 Vulnerable at Vulnerability Management 16
![Page 17: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/17.jpg)
Now what? Start small!!
1. Having a plan avoids analysis paralysis.2. Priorities first Public Facing (P0/P1)
3. Actions: Triage Isolate | Remediate4. Emergencies to the top!
5/5/2017 Vulnerable at Vulnerability Management 17
![Page 18: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/18.jpg)
Now what? Start small!!
1.Change Management Policy requires us to provide an assessment of risk for certain actions.
2.As such we needed a common and simple alert methodology that incorporated risk and controls.
5/5/2017 Vulnerable at Vulnerability Management 18
![Page 19: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/19.jpg)
Alert Formula
1. CIS MS-ISAC Alert Level Formula
2.Severity =(Criticality + Lethality) –(System Countermeasures + Network Countermeasures)
5/5/2017 Vulnerable at Vulnerability Management 19
![Page 20: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/20.jpg)
Alert Formula
Criticality:What is the target of the attack?
5/5/2017 Vulnerable at Vulnerability Management 20
![Page 21: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/21.jpg)
Alert Formula:Criticality
5. Core services such as critical routers,
firewalls, VPNs, IDS systems, DNS servers or
authentication servers (e.g. LDAP)
4. E-mail, web, database and critical
application servers.
3. Less critical application servers.
2. Business desktop systems.
1. Home users.
5/5/2017 Vulnerable at Vulnerability Management 21
![Page 22: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/22.jpg)
Alert Formula:Criticality Observations
• We will spend significant time here.• What does this host do? Does it do it
actively?• Lots of internal inquiries and time
spent on this part for us.• This is important for later for
determining actions to take.• So who owns this NT Sever Farm?
Going once?
5/5/2017 Vulnerable at Vulnerability Management 22
![Page 23: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/23.jpg)
Alert Formula
Lethality:How likely will the attack do damage?
5/5/2017 Vulnerable at Vulnerability Management 23
![Page 24: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/24.jpg)
Alert Formula:Lethality
5. Exploit exists.Attacker could gain root or administrator privileges. Attacker could commit denial of service.
4. Exploit exists.Attacker could gain user level access privileges. Attacker could commit denial of service.
3. No known exploit exists.Attacker could gain root or administrator privileges. Attacker could commit degradation of service.
2. No known exploit exists.Attacker could gain user level access privileges.
1. No known exploit exists.Attacker could not gain access.
5/5/2017 Vulnerable at Vulnerability Management 24
![Page 25: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/25.jpg)
Alert Formula:Lethality Observations
• Used Vulnerability Management tool for this.
• Metasploit exist?
5/5/2017 Vulnerable at Vulnerability Management 25
![Page 26: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/26.jpg)
Alert Formula
System Counter-Measures:What host-based preventative measures are in place?
5/5/2017 Vulnerable at Vulnerability Management 26
![Page 27: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/27.jpg)
Alert Formula:System Counter-Measures
5. Current operating system with applicable patches applied. Server has been hardened and verified via vulnerability scan. Running host-based IDS or integrity checker. Anti-virus signature exists and has been applied to target systems.
4. Current operating system with applicable patches applied. Operating system has been hardened. Anti-virus signature exists and has been applied to target systems.
3. Current operating system with fairly up-to-date patches applied. Anti-virus signatures are current.
2. Current operating system but missing some applicable patches. Anti-virus signature either does not exist or has not been applied to target systems.
1. Older operating systems including Windows NT 3.51, Solaris 2.6, Windows 95/98/ME. No anti-virus software protection.
5/5/2017 Vulnerable at Vulnerability Management 27
![Page 28: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/28.jpg)
Alert Formula:System Counter-Measures
• Some assumption declared here.• Common configuration declared for
some assets.
5/5/2017 Vulnerable at Vulnerability Management 28
![Page 29: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/29.jpg)
Alert Formula
Network Counter-Measures:What network-based preventative measures are in place?
5/5/2017 Vulnerable at Vulnerability Management 29
![Page 30: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/30.jpg)
Common Indicator Bits:Network Counter-Measures
5. Restrictive (i.e. deny all except what is allowed) firewall. Firewall rules have been validated by penetration testing. All external connections including VPNs go through (not around) the firewall Network-based IDS is implemented. E-mail gateway filters attachments used by this virus.
4. Restrictive firewall. External connections (VPNs, Wireless, Internet, Business partners, etc) are protected by a firewall. E-mail gateway filters attachments used by this virus.
3. Restrictive firewall. E-mail gateway filters common executable attachments.
2. Permissive firewall (i.e. ''accept all but'') or allowed service (e.g. HTTP, SMTP, etc) E-mail gateway does not filter all attachments used by this virus.
1. No firewall implemented. E-mail gateway does not filter any attachments.
5/5/2017 Vulnerable at Vulnerability Management 30
![Page 31: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/31.jpg)
Common Indicator Bits:Network Counter-Measures
• Familiar with the applicable controls after the network layers exercise.
• Most items were the same with some outliers.
5/5/2017 Vulnerable at Vulnerability Management 31
![Page 32: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/32.jpg)
Alert Level for Perimeter
1.Alert Indicator Level - Severitya.Green - Low : -8 to -5b.Blue - Guarded : -4 to -2c. Yellow - Elevated : -1 to +2d.Orange - High : +3 to +5e.Red - Severe : +6 to +8
2.Emphasis on controls understanding and infrastructure knowledge gained and documented.
5/5/2017 Vulnerable at Vulnerability Management 32
![Page 33: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/33.jpg)
Alert Level and Criticality
1.Triage Planning Isolate | Remediate
2.Cannot isolate Critical Assets.a.Compensating controlsb.Remediation planning
3.All others isolate.
5/5/2017 Vulnerable at Vulnerability Management 33
![Page 34: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/34.jpg)
Priority ranking
1.Raw risk scores totals from Vulnerability Management Scans also used as a priority measure for a given triage group.
2.Higher number of Critical and Severe Vulnerabilities and Exploits identified then the higher the priority.
5/5/2017 Vulnerable at Vulnerability Management 34
![Page 35: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/35.jpg)
Action:Isolate | Remediate
Core issue notices for Isolation or Remediation.
a. Hosts are public facing and are not intended for this purpose.
b. Hosts are not fully patched and have readily exploitable vulnerabilities.
5/5/2017 Vulnerable at Vulnerability Management 35
![Page 36: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/36.jpg)
Action: Isolate
1.Core isolation notices2.Change Rules apply3.Firewall Monitoring needed.
a. FW reviews rare.b.ACL’s do not retire.
4.Scan continuously to determine if fixed. Proof is needed.Eg. Patches applied but still vulnerable. A reboot is in needed!
5/5/2017 Vulnerable at Vulnerability Management 36
![Page 37: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/37.jpg)
Action: Remediate by IPS
1.Core vulnerability notices.2.Upgrade and patch requests.3.Deadlines for urgency.4.Change rules apply.5. IPS filters for known vulnerabilities
and exploits applied as soon as possible.
6.Security to IT reduce your Attack patch surface.
5/5/2017 Vulnerable at Vulnerability Management 37
![Page 38: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/38.jpg)
In the Middle…1.The honeypot takedown successful
and significant isolation completed.
2.Vulnerability Testing occurs continuously. Remediation can be slow.
3.Started small via P0/P1 to get operationalized.
5/5/2017 Vulnerable at Vulnerability Management 38
![Page 39: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/39.jpg)
In the Middle…1.Aim BIG with the P2/P3 data set
2.Analyze footprinta.Common OS w/ pervasive
vulnerabilities that can patched in a sweep.
3.High security but low IT effort critical itemsa. Telnetb.Credentialed web services w/o
HTTPS
5/5/2017 Vulnerable at Vulnerability Management 39
![Page 40: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/40.jpg)
What about you? • Perspective 0, 1, 2, and 3?
One server bro…How does this help me?Strongly worded policies can help.
Feel that TAC 202 protection!• Outside and insideFocus on the inside
VPN is cheap.Throttle your scan through that.
• Talk it out…DIR Monthly Meetings.• DCS now has Tenable. Ask for scans
and HIPS. Pilot PIM
5/5/2017 Vulnerable at Vulnerability Management 40
![Page 41: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/41.jpg)
Resources• MS ISAC Cyber Alert Indicator
https://msisac.cisecurity.org/alert-level/
• Vulnerability PolicySelf written- Shared upon request
• Firewall Management and Monitoringhttps://www.firemon.com/
• Rapid 7 Nexpose Vulnerability Mgt.https://www.rapid7.com/
• DIR (NSOC)• DCS (ATOS and Capgemini)• MS-ISAC
5/5/2017 Vulnerable at Vulnerability Management 41
![Page 42: Vulnerable at Vulnerability Management · 2017. 5. 10. · Vulnerability Management Scans also used as a priority measure for a given triage group. 2.Higher number of Critical and](https://reader033.vdocuments.net/reader033/viewer/2022052008/601d8d06319d807c4f5d0fa2/html5/thumbnails/42.jpg)
Questions?
5/5/2017 Vulnerable at Vulnerability Management 42