Metricon 06. Leading Indicators in Information security. John Nye August 1, 2006

Size: px
Start display at page:

Download "Metricon 06. Leading Indicators in Information security. John Nye August 1, 2006"

Transcription

1 Metricon 06 Leading Indicators in Information security John Nye August 1, 2006

2 Leading Indicators In Medicine Body temperature Elevated values indicate probable illness and severity Temperature alone can not diagnose the illness Characteristics Inexpensive to collect Accurately diagnose the presence of the condition May or may not reveal the nature of the condition 2

3 Leading Indicators in Information Security Are there easily measured system attributes that predict an insecure configuration? For example, does having a large number of open ports correlate to having an insecure environment? Application Evaluate an environment for its degree of vulnerability/risk to determine if additional investment is warranted (for example conducting a full vulnerability assessment) 3

4 Symantec Attack Center 4

5 SYMC Attack Center The Data Set Scans conducted between April, 2005 and July, 2006 Adoption of the tool has been increasing Most scan results are relatively recent 449 Scans Conducted Mostly External Penetration Tests Nessus Set Selection We Eliminated: Suspected test scans (i.e. we were testing the AC, not a client) Scans that weren t used to produce a report 5

6 Methodology - Identifying Leading Indicators Performed initial analysis using scans as the set Vulnerability Score = sum of vulnerability severities divided by host count (calculated for each scan) Scans ranked into quartiles based on vulnerability scores Vulnerability Saturation = count of instances of a particular vulnerability divided by host count (calculated for each quartile) Plotted each vulnerability s saturation from quartile to quartile and examined the results 6

7 Eliminating Vulnerabilities as Potential Leading Indicators Vulnerability eliminated from consideration if: Highest quartile saturation did not exceed 2% Saturation didn t increase with environment s vulnerability Particular to a type of environment, not generic to most environments (i.e. Web vulnerabilities) Real Problems with the Data Set 11 th hour Internal Network Scans Had to eliminate most vulnerable quartile completely from the analysis because it contained multiple (and not-easily identified) scans conducted from within an enterprise perimeter Probably eliminated several of the most vulnerable external scans in doing so 7

8 Findings (By Nessus Vuln ID) Potential Leading Indicators Vulnerability Saturation Quartile All non-web scanner findings with a final saturation > 2% identified during remote penetration tests. 8

9 Top General Indicators Leading Indicators (Preliminary Study) 0.3 Vulnerability Saturation Host Responds to Syn/Fin ICMP Timestamp Request OS Identified Quartile 9

10 Top Web Indicators Leading Web Indicators (Preliminary Study) 0.6 SSL2.0 Vulnerability Saturation Web Mirror Possible missing IIS Service Pack HTTP Trace Enabled HTTP: Does not reply with 404 HTTP Directory Enumeration HTTP Server Type and Version Quartile HTTP Server Type and Version 10

11 Correlation: Scans vs. Project Reports Leading Indicators (Small Data Set) Vulnerability Saturation FTP Banner (10092) HTTP Server Type and Version (10107) ICMP Timestamp Request (10114) HTTP Directory Enumeration (11032) HTTP Trace Enabled (11213) Possible Missing IIS Service Pack (11874) Quartile All data is from external penetration tests Small sample space Top 8 general and top 8 Web vulnerabilities depicted (only 6 of the 16 were present in this data set. 11

12 Next Steps Clean up the data set Quartile ranking of project reports doesn t match that of Scans Mix of internal and external scan data Small sample set of project reports Upgrade the math Statistical regression Multi-vulnerability analysis Repeat analysis for different types of environment Internal vs. External, Web vs. Generic, etc. Implement the analysis directly in the Attack Center 12

13 Dangers with Leading Indicators The leading indicator itself can not be used as a diagnosis Gaming the system Administrators may attempt to resolve only those vulnerabilities that are used as leading indicators. 13

14 Questions? Thank You. John Nye Consulting Services Technical Lead T M

Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android

Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android 5.9.4.1 1 Executive summary Researchers of MRG Effitas tested the AVG AntiVirus Free Android application. During use, we came across

More information

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.

More information

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration

More information

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict 1 This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict access between segments This creates a layered defense

More information

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business

More information

WEB APPLICATION SCANNERS. Evaluating Past the Base Case

WEB APPLICATION SCANNERS. Evaluating Past the Base Case WEB APPLICATION SCANNERS Evaluating Past the Base Case GREG OSE PATRICK TOOMEY Presenter Intros Overview An overview of web application scanners Why is it hard to evaluate scanner efficacy? Prior Work

More information

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.): Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 02/18/2018 Scan expiration date: 05/19/2018 Part 2. Component

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics: Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background

More information

Chapter 5: Vulnerability Analysis

Chapter 5: Vulnerability Analysis Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we

More information

Sachin Shetty Old Dominion University April 10, Cyber Risk Scoring and Mitigation(CRISM)

Sachin Shetty Old Dominion University April 10, Cyber Risk Scoring and Mitigation(CRISM) Sachin Shetty Old Dominion University sshetty@odu.edu April 10, 2019 Cyber Risk Scoring and Mitigation(CRISM) Customer Need - Life in the Security Operation Center Intrusion Detection System alerts Prioritized

More information

Coordinated Disclosure of Vulnerabilities in McAfee Security Android

Coordinated Disclosure of Vulnerabilities in McAfee Security Android Coordinated Disclosure of Vulnerabilities in McAfee Security Android 4.8.0.370 1 Executive summary Researchers of MRG Effitas tested the McAfee Security Android application. During use, we came across

More information

Scan Report Executive Summary

Scan Report Executive Summary Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 11/20/2017 Scan expiration date: 02/18/2018 Part 2. Component

More information

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address : Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 03/18/2015 Scan expiration date: 06/16/2015 Part 2. Component

More information

What to Look for When Evaluating Next-Generation Firewalls

What to Look for When Evaluating Next-Generation Firewalls What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to

More information

Vulnerability Validation Tutorial

Vulnerability Validation Tutorial Vulnerability Validation Tutorial Last updated 01/07/2014-4.8 Vulnerability scanning plays a key role in the vulnerability management process. It helps you find potential vulnerabilities so that you can

More information

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED 01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments

More information

Nessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT

Nessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT Nessus Scan Report Mon, 15 May 2017 15:27:44 EDT Table Of Contents Hosts Summary (Executive) 192.168.168.134 Hosts Summary (Executive) [-] Collapse All [+] Expand All 192.168.168.134 Summary Critical High

More information

Modern Windows Server Operating Systems Vulnerabilities

Modern Windows Server Operating Systems Vulnerabilities Modern Server Operating Systems Vulnerabilities Theodoros Arambatzis, Ioannis Lazaridis, Sotirios Pouros AMC Metropolitan College 14 th El. Venizelou Str., 54624, Thessaloniki, Greece t.arambatzis@outlook.com

More information

RiskSense Attack Surface Validation for Web Applications

RiskSense Attack Surface Validation for Web Applications RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment

More information

Scan Report Executive Summary

Scan Report Executive Summary Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: WineDirect ASV Company: Comodo CA Limited 10/11/2018 Scan expiration date: 01/09/2019 Part 2. Summary

More information

Scan Report Executive Summary

Scan Report Executive Summary Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 08/28/2017 Scan expiration date: 11/26/2017 Part 2. Component

More information

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.

More information

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)

More information

Scan Report Executive Summary

Scan Report Executive Summary Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 06/08/2018 Scan expiration date: 09/06/2018 Part 2. Component

More information

Integrigy Consulting Overview

Integrigy Consulting Overview Integrigy Consulting Overview Database and Application Security Assessment, Compliance, and Design Services March 2016 mission critical applications mission critical security About Integrigy ERP Applications

More information

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls Vulnerability Assessment Course All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/

More information

MQ Jumping... Or, move to the front of the queue, pass go and collect 200

MQ Jumping... Or, move to the front of the queue, pass go and collect 200 MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue

More information

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation) 1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8

More information

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018 How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment

More information

On Assessing the Impact of Ports Scanning on the Target Infrastructure

On Assessing the Impact of Ports Scanning on the Target Infrastructure 2018 On Assessing the Impact of Ports Scanning on the Target Infrastructure Dr Mahdi Aiash 4/24/2018 1. Introduction A port scan is a method for determining which ports on a network are open. As ports

More information

Tiger Scheme QST/CTM Standard

Tiger Scheme QST/CTM Standard Tiger Scheme QST/CTM Standard Title Tiger Scheme Qualified Security Tester Team Member Standard Version 1.2 Status Public Release Date 21 st June 2011 Author Professor Andrew Blyth (Tiger Technical Panel)

More information

Recommendations for Device Provisioning Security

Recommendations for Device Provisioning Security Internet Telephony Services Providers Association Recommendations for Device Provisioning Security Version 2 May 2017 Contact: team@itspa.org.uk Contents Summary... 3 Introduction... 3 Risks... 4 Automatic

More information

IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners

IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners Anton Barua antonba@ca.ibm.com October 14, 2014 Abstract: To manage the challenge of addressing application security at

More information

Web Application Security Statistics Project 2007

Web Application Security Statistics Project 2007 Web Application Security Statistics Project 2007 Purpose The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative

More information

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6

More information

Think Like an Attacker

Think Like an Attacker Think Like an Attacker The Core Security Attack Intelligence Platform Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An

More information

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud Private Cloud Expected to Grow at Twice the Rate of Public Cloud In This Paper Security, privacy concerns about the cloud remain SaaS is the most popular cloud service model in use today Microsoft, Google

More information

Attackers Process. Compromise the Root of the Domain Network: Active Directory

Attackers Process. Compromise the Root of the Domain Network: Active Directory Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH

More information

INNOV-09 How to Keep Hackers Out of your Web Application

INNOV-09 How to Keep Hackers Out of your Web Application INNOV-09 How to Keep Hackers Out of your Web Application Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com What is a Web Application? Any access to your data via the Internet

More information

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Travolutionary ASV Company: Comodo CA Limited 10-03-2018 Scan expiration date: 01-01-2019 Part 2.

More information

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER Asset Discovery with Symantec Control Compliance Suite WHITE PAPER Who should read this paper: IT Operations IT Security Abstract Know Your Assets, Know Your Risk. A robust and easily managed host discovery

More information

ICS Penetration Testing

ICS Penetration Testing Connor Leach Jackson Evans-Davies 18 June, 2018 ICS Penetration Testing Understanding the Challenges and Techniques Introductions 1 Connor Leach, GPEN, OSCP - Senior Penetration Tester - Member of Canadian

More information

CONTENTS OF THIS REPORT

CONTENTS OF THIS REPORT CONTENTS OF THIS REPORT Site Overview Executive Summary Network Health Overview Network Assessment Manage Devices by Operating System Remote Control Usage Select report by clicking on the title, the report

More information

Security Solutions. Overview. Business Needs

Security Solutions. Overview. Business Needs Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.

More information

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document

More information

for businesses with more than 25 seats

for businesses with more than 25 seats for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use

More information

Scan Station 710/730 Release Notes:

Scan Station 710/730 Release Notes: Scan Station 710/730 Release Notes: Date: March 26, 2018 New features and updates for the Scan Station software release V1.03.67 from V1.03.65 and Remote Administration software release V1.03.42 (no update

More information

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis

More information

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant 1 Innovate or die!? Modern IT Workplace Security Alex Verboon Cyber Security Consultant Alex.verboon@basevision.ch Daniel Buehlmann Principal Workplace Consultant daniel.buehlmann@basevision.ch About Alex

More information

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output

More information

Predicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer

Predicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer Predicting and Preventing Cyber Threats Paolo Passeri, Consulting Systems Engineer The way we work has changed Internet Critical infrastructure Amazon, Rackspace, Windows Azure, etc. Business apps Salesforce,

More information

Security Testing Summary of Konica Minolta bizhub vcare 2.8 Device Management and Communications System and Various bizhub Products

Security Testing Summary of Konica Minolta bizhub vcare 2.8 Device Management and Communications System and Various bizhub Products Security Testing Summary of Konica Minolta bizhub vcare 2.8 Device Management and Communications System and Various bizhub Products SR140630B July 2014 Miercom www.miercom.com Overview Konica Minolta Business

More information

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics

More information

TestBraindump. Latest test braindump, braindump actual test

TestBraindump.   Latest test braindump, braindump actual test TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid

More information

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

Endpoint Security Can Be Much More Effective and Less Costly. Here s How Endpoint Security Can Be Much More Effective and Less Costly Here s How Contents Introduction More is not always better Escalating IT Security Budgets Ineffective management Need of the hour System management

More information

Vulnerability Assessments and Penetration Testing

Vulnerability Assessments and Penetration Testing CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze

More information

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early

More information

CIO Update: Security Platforms Will Transform the Network Security Arena

CIO Update: Security Platforms Will Transform the Network Security Arena IGG-11202002-02 J. Pescatore, M. Easley, R. Stiennon Article 20 November 2002 CIO Update: Security Platforms Will Transform the Network Security Arena An integrated network security platform approach will

More information

A Large Scale Analysis of the Security of Embedded Firmwares

A Large Scale Analysis of the Security of Embedded Firmwares A Large Scale Analysis of the Security of Embedded Firmwares A. Costin, J. Zaddach, A. Francillon, D. Balzarotti EURECOM, France 20th August 2014 USENIX Security '14 San Diego, USA Embedded Systems Are

More information

Project 4: Penetration Test

Project 4: Penetration Test Project description Project 4: Penetration Test April 28, 2014 Bing Hao The learning objective of this project is to gain hands on experiences with the usage and functionality of Nmap, Neussus and Metsploit.

More information

VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:

VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID: VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID: 000205600 What is Penetration A penetration test, is a method of evaluating the security of a

More information

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018 How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment

More information

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

PROFESSIONAL SERVICES (Solution Brief)

PROFESSIONAL SERVICES (Solution Brief) (Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard

More information

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH 1 SECURITY+ VS GIAC GSEC Where does GSEC fit? 3 CompTIA Security+ and GIAC Security Essentials (GSEC) Feature CompTIA Security+

More information

The CISO is the owner of the vulnerability management process. This person designs the process and ensures is implemented as designed.

The CISO is the owner of the vulnerability management process. This person designs the process and ensures is implemented as designed. University of Alabama at Birmingham VULNERABILITY MANAGEMENT RULE May 19, 2017 Related Policies, Procedures, and Resources Data Protection and Security Policy Data Classification Rule 1.0 Introduction

More information

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of

More information

Application Security Approach

Application Security Approach Technical Approach Page 1 CONTENTS Section Page No. 1. Introduction 3 2. What is Application Security 7 3. Typical Approaches 9 4. Methodology 11 Page 2 1. INTRODUCTION Page 3 It is a Unsafe Cyber world..

More information

Vulnerability Management. If you only budget for one project this year...

Vulnerability Management. If you only budget for one project this year... Vulnerability Management If you only budget for one project this year... William Kyrouz Senior Manager, Information Security & Governance, Bingham McCutchen Nathaniel McInnis Information Security Lead,

More information

SPSS INSTRUCTION CHAPTER 9

SPSS INSTRUCTION CHAPTER 9 SPSS INSTRUCTION CHAPTER 9 Chapter 9 does no more than introduce the repeated-measures ANOVA, the MANOVA, and the ANCOVA, and discriminant analysis. But, you can likely envision how complicated it can

More information

ALL ROADS LEAD TO DOMAIN ADMIN BREACH TO CDE A SECTOR CONFERENCE PRESENTATION OCTOBER 2016

ALL ROADS LEAD TO DOMAIN ADMIN BREACH TO CDE A SECTOR CONFERENCE PRESENTATION OCTOBER 2016 BREACH TO CDE ALL ROADS LEAD TO DOMAIN ADMIN A SECTOR CONFERENCE PRESENTATION OCTOBER 2016 Introduction Yannick Bedard Security Consultant Network Penetration Testing SpiderLabs, Trustwave email: ybedard.infosec@gmail.com

More information

Day 4 Percentiles and Box and Whisker.notebook. April 20, 2018

Day 4 Percentiles and Box and Whisker.notebook. April 20, 2018 Day 4 Box & Whisker Plots and Percentiles In a previous lesson, we learned that the median divides a set a data into 2 equal parts. Sometimes it is necessary to divide the data into smaller more precise

More information

Chapter 1: Let's Get Started

Chapter 1: Let's Get Started Chapter 1: Let's Get Started Common Terminology Hosting Selection and Unique Needs What Is a Host? Choosing a Host Questions to Ask a Prospective Host Facilities Things to Ask Your Host about Facility

More information

UNIFICATION OF TECHNOLOGIES

UNIFICATION OF TECHNOLOGIES UNIFICATION OF TECHNOLOGIES SIEM Management Incident Management Risk Intelligence Storage Detection Prevention Awareness Security Technology IDS/IPS WIDS Vulnerability Assessment Identity Unified SIEM

More information

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Transforming Security from Defense in Depth to Comprehensive Security Assurance Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new

More information

Strategic Infrastructure Security

Strategic Infrastructure Security Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter

More information

Avg Antivirus Manual Latest Version 2013 For Xp

Avg Antivirus Manual Latest Version 2013 For Xp Avg Antivirus Manual Latest Version 2013 For Xp AVG Internet Security 2015 is one of the best antiviruses on the market. Latest version: 2015.0.6037 25/06/15, Last month's downloads: 9,932, Size: 4.8 MB.

More information

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector Advanced Threat Defense Certification Testing Report Trend Micro Deep Discovery Inspector ICSA Labs Advanced Threat Defense July 12, 2016 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,

More information

State of Cloud Survey GERMANY FINDINGS

State of Cloud Survey GERMANY FINDINGS 2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff

More information

RiskSense Attack Surface Validation for IoT Systems

RiskSense Attack Surface Validation for IoT Systems RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing

More information

Saving Time and Costs with Virtual Patching and Legacy Application Modernizing

Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Case Study Virtual Patching/Legacy Applications May 2017 Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Instant security and operations improvement without code changes

More information

Closing the Hybrid Cloud Security Gap with Cavirin

Closing the Hybrid Cloud Security Gap with Cavirin Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Closing the Hybrid Cloud Security Gap with Cavirin Date: June 2018 Author: Doug Cahill, Senior Analyst Abstract: Most organizations

More information

IBM Integration Bus v9.0 System Administration: Course Content By Yuvaraj C Panneerselvam

IBM Integration Bus v9.0 System Administration: Course Content By Yuvaraj C Panneerselvam IBM Integration Bus v9.0 System Administration: Course Content By Yuvaraj C Panneerselvam 1. COURSE OVERVIEW As part of this course, you will learn how to administer IBM Integration Bus on distributed

More information

Effective Threat Modeling using TAM

Effective Threat Modeling using TAM Effective Threat Modeling using TAM In my blog entry regarding Threat Analysis and Modeling (TAM) tool developed by (Application Consulting and Engineering) ACE, I have watched many more Threat Models

More information

Merchant Certificate of Compliance

Merchant Certificate of Compliance Merchant Certificate of Compliance Awarded To: Consolid S.R.L. (55504923) Self - Assessment Questionnaire Passed: SAQ D, v3.2r1.1 Date Awarded: 03/01/2018 Most Recent Scan Date: 06/04/2018 Certificate

More information

Windows 7 Done Right: From Migration to Implementation

Windows 7 Done Right: From Migration to Implementation I D C E X E C U T I V E B R I E F Windows 7 Done Right: From Migration to Implementation Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com July 2010

More information

Payment Card Industry (PCI) Executive Report 11/01/2016

Payment Card Industry (PCI) Executive Report 11/01/2016 Payment Card Industry (PCI) Executive Report 11/01/2016 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: Rural Computer Consultants

More information

Web Applications (Part 2) The Hackers New Target

Web Applications (Part 2) The Hackers New Target Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application

More information

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. RiskSense Platform RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 27 RiskSense, Inc. Executive Summary The RiskSense Platform is a Software-as-a-Service

More information

Gibson: 3D Visualization and Modeling of Real Time Security Events. Dan Klinedinst

Gibson: 3D Visualization and Modeling of Real Time Security Events. Dan Klinedinst Gibson: 3D Visualization and Modeling of Real Time Security Events Dan Klinedinst gibson3d.org @dklinedinst Who Am I? Security Researcher at Carnegie Mellon University Security of enterprise systems Primarily

More information

Automated, Real-Time Risk Analysis & Remediation

Automated, Real-Time Risk Analysis & Remediation Automated, Real-Time Risk Analysis & Remediation TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 VULNERABILITY SCANNERS ARE NOT ENOUGH 06 REAL-TIME CHANGE CONFIGURATION NOTIFICATIONS ARE KEY 07 FIREMON RISK

More information

Planning, Deploying and Managing Microsoft Exchange Server 2010 Unified Messaging

Planning, Deploying and Managing Microsoft Exchange Server 2010 Unified Messaging Planning, Deploying and Managing Microsoft Exchange Server 2010 Unified Messaging Course 10508 5 Days Instructor-led, Hands-on Course Description This course provides information on planning and managing

More information

Effective Strategies for Managing Cybersecurity Risks

Effective Strategies for Managing Cybersecurity Risks October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive

More information

FTP: The Forgotten Cloud. Drew Springall, Zakir Durumeric, and J. Alex Halderman University of Michigan

FTP: The Forgotten Cloud. Drew Springall, Zakir Durumeric, and J. Alex Halderman University of Michigan FTP: The Forgotten Cloud Drew Springall, Zakir Durumeric, and J. Alex Halderman University of Michigan 1 FTP File Transfer Protocol u Simple text-based protocol u View and traverse directory structure

More information

Intrusion Detection using NASA HTTP Logs AHMAD ARIDA DA CHEN

Intrusion Detection using NASA HTTP Logs AHMAD ARIDA DA CHEN Intrusion Detection using NASA HTTP Logs AHMAD ARIDA DA CHEN Presentation Overview - Background - Preprocessing - Data Mining Methods to Determine Outliers - Finding Outliers - Outlier Validation -Summary

More information

How to meet SWIFT s operational requirements in 2018

How to meet SWIFT s operational requirements in 2018 How to meet SWIFT s operational requirements in 2018 Victor Abbeloos Sven De Kerpel Pat Antonacci 19 September 2018 Transforming the industry together Reinforcing security & driving payments innovation

More information

Machine-Based Penetration Testing

Machine-Based Penetration Testing Always in Control CyBot Suite Machine-Based Penetration Testing www.cronus-cyber.com - April 2016 CyBot PRODUCT SUITE Unique, patented Machine-based Penetration Testing Software with Global Attack Path

More information

Scan Time Start time : Fri May 14 19:16: End time : Fri May 14 19:18:

Scan Time Start time : Fri May 14 19:16: End time : Fri May 14 19:18: 1 / 37 List of hosts 192.168.1.10 192.168.1.10 Scan Time Start time : Fri May 14 19:16:46 2010 End time : Fri May 14 19:18:24 2010 Medium Severity problem(s) found [^] Back Number of vulnerabilities Open

More information