Think Like an Attacker

Transcription

1 Think Like an Attacker Using Attack Intelligence to Ensure the Security of Critical Business Assets

2 Current State of Information Security Focused on detection and response Desire to reduce detection to response time through analytics Detect Analyze Respond 2

3 Proactive Security Mitigates Risk Lower Risk Profile Predict Remediate Proactive Detect Respond Reactive Mitigated Risk Higher Risk Profile 3

4 Are Your Critical Assets at Risk? Collect Remediate Nessus MVM IP360 Qualys Nexpose Etc. DATA Mountains of Data Thousands of Vulnerabilities No Relevance to Business The traditional solution is to try and patch everything. epo GRC SIEM Remediation IT/Network Ops Trustwave NTO App Scan Qualys Web Inspect Etc. 4

5 Are Your Critical Assets at Risk? Collect Analyze Remediate Nessus MVM IP360 Qualys Nexpose Etc. DATA Attack Intelligence Platform Consolidate security data Simulate attack paths Actionable Information epo GRC SIEM Prioritize business risk Validate vulnerabilities Remediation IT/Network Ops Trustwave NTO App Scan Qualys Web Inspect Etc. 5

6 Intelligence Drives Decisions

7 Think Like an Attacker Holistic view Across Organizations and Geographic boundaries Phishing Multi Vector Web Network Goal Oriented Focus on high value assets Credit Card info SSN numbers Confidential Documents 7

8 Be More Proactive with Attack Intelligence Fewer Incidents, Lower Risk Proactive Pre breach Reactive Post breach Threat Vulnerability Incident Lower Risk Profile Higher Risk Profile 8

9 Attack Intelligence Will Tell You Attackers figure out a complete attack path through your layers of security stitching together multiple weaknesses into a complete path to the sensitive data or application Multi vector (net, web, user/client) What are most important processes/assets are the jewels of your business? Payments? Credit card data? Ability to deliver services? Knowledge of attack paths also allows you to apply patches or compensating security controls at the best spot. 9

10 Vulnerability Counts Vs. Business Objectives Security teams think in terms of vulnerability counts Keeping track of vulnerability counts in different locations Businesses think in terms of business risk Financial impact of losing customer credit card data Loss of brand value if website is defaced Measuring ROI of budgeted items Modeling Risk allows you to map vulnerabilities to business objectives Identify Vulnerabilities which can result in loss of credit card information 10

11 Problem with Vulnerability Data A single exploit is often sufficient to gain illegal access Can a single low vulnerability separate an attacker from access to your Credit Card database Source: Tenable Web Site 11

12 Problem with Vulnerability Data A single exploit is often sufficient to gain illegal access Vulnerability Counts are a Poor Indicator of the Real World Threats Can a single low vulnerability separate an attacker from access to your Credit Card database Source: Tenable Web Site 12

13 Try Analyzing This Manually

14 Attack Paths to Your Critical Assets Further test and validate vulnerable systems on attack paths Attack Point Web Application Server Vulnerable Database Pivot Point Print Server 14 Critical Business Asset (Ex. credit card database)

15 How Do You Measure Risk? Traditional vulnerability solutions Focus on defenses of individual systems Do not factor in attack strategy Poor indicator of overall enterprise risk Attackers Strategize Use emerging threats Evolve To understand risk: Think Like an Attacker 15

16 Threat Modeling: Complex Attack Paths in Insight 16

17 Visualizing Risk Prioritizing Remediation Simulation of threat models using: Scan identifies potential Location of high value assets issues in most environments. Firewall rules and network topologylive Testing zeros in on hot This leads to My security Web and Network vulnerability information problem areas which were dashboard is all Red Phishing exploitable by Insight Scan Simulation Test (Vulnerability Validation) 17

18 Insight Operation and Management Designed for hands off operation Automatically discovers new information New systems Router changes Automatic scans New vulnerabilities and exploits After initial setup users are not required to login Periodic reports are automatically sent to users with Newly discovered threats Updated risk profile 18

19 Extensible Attack Intelligence Platform Information Gathering Network Discovery Vulnerability Scanning Phishing Risk Analysis Attack Simulation Threat Modeling Exploit Correlation Exploit Validation Attack Path Testing Penetration Testing Compliance & Reports Risk Reports Role based Reports Business Reports Compliance Reports Attack Paths Correlation Rules Critical Asset Risk Attack Intelligence Platform Integration Framework Service Desk Remediation Vulnerability data Configuration data Asset data Event data VM NSM GRC SIEM 19

20 Core Security Attack Intelligence Attack Intelligence Core Insight Extensible platform to identify attack paths to critical business assets Protect against the most likely threats based on what an attacker would do Core Impact Pro Commercial grade penetration testing solution In depth, exploit based testing across web apps, network systems, end users & Wi Fi/mobile networks Core Security Consulting Services Specialized security services Advanced penetration testing, PCI compliance testing, application security testing Core Security Attack Intelligence Platform 20

21 About Core Security Leading provider of Attack Intelligence solutions Established: 1996, first commercial product: Core Impact 2001 Headquartered in Boston; engineering in Boston and Buenos Aires 1,600 customers, ~200 employees 15 years of accumulated experience 12,000+ Exploits Attack Planner research since 2003 Groundbreaking research & product development Advanced security consulting services Core Labs vulnerability research team world renowned Professional product and exploit development organization 8 patents approved / 4 pending 21

22