Threat Centric Vulnerability Management

Similar documents
Threat Centric Vulnerability Management

Reinvent Your 2013 Security Management Strategy

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Automated, Real-Time Risk Analysis & Remediation

The Evolution of : Continuous Advanced Threat Protection

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

RSA NetWitness Suite Respond in Minutes, Not Months

K12 Cybersecurity Roadmap

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Chapter 5: Vulnerability Analysis

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA IT Security Risk Management

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Un SOC avanzato per una efficace risposta al cybercrime

Transforming Security from Defense in Depth to Comprehensive Security Assurance

From Managed Security Services to the next evolution of CyberSoc Services

Business Context: Key for Successful Risk Management

A Risk Management Platform

Skybox Vulnerability Control

Designing and Building a Cybersecurity Program

Skybox. Change Manager Help

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

See What You ve Been Missing

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Speed Up Incident Response with Actionable Forensic Analytics

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

CCNA Cybersecurity Operations. Program Overview

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

RiskSense Attack Surface Validation for IoT Systems

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cyber Security. Our part of the journey

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

A Practical Guide to Efficient Security Response

Symantec Ransomware Protection

TRIPWIRE VULNERABILITY RISK METRICS CONNECTING SECURITY TO THE BUSINESS

Cisco Ransomware Defense The Ransomware Threat Is Real

Cisco Advanced Malware Protection against WannaCry

Total Security Management PCI DSS Compliance Guide

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

10 FOCUS AREAS FOR BREACH PREVENTION

ForeScout Extended Module for Splunk

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

INTRODUCING SOPHOS INTERCEPT X

Vulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database

8 Must Have. Features for Risk-Based Vulnerability Management and More

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

External Supplier Control Obligations. Cyber Security

The Threat & Vulnerability Management Maturity Model

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

CYBER SOLUTIONS & THREAT INTELLIGENCE

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cybowall Solution Overview

Building Resilience in a Digital Enterprise

Think Like an Attacker

Skybox Firewall Assurance

Cisco Firepower NGFW. Anticipate, block, and respond to threats

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

How enterprises can use cyber threat information effectively? Shimon Modi,

with Advanced Protection

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Proactive Approach to Cyber Security

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Service Provider View of Cyber Security. July 2017

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cybersecurity for Service Providers

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

ABB Ability Cyber Security Services Protection against cyber threats takes ability

AMP for Endpoints & Threat Grid

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

An Aflac Case Study: Moving a Security Program from Defense to Offense

Cyber Defense Operations Center

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Understanding the Changing Cybersecurity Problem

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Gujarat Forensic Sciences University

Best Practices for PCI DSS Version 3.2 Network Security Compliance

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Integrated, Intelligence driven Cyber Threat Hunting

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Managed Security Services - Endpoint Managed Security on Cloud

Technology Incident Response and Impact Reduction. May 9, David Litton

Transcription:

Threat Centric Vulnerability Management

Q. Which vulnerabilities should I address first? A. Your EXPOSED vulnerabilities AND the ones criminals are using.

Agenda Understanding exploited vulnerabilities Prioritizing vulnerabilities Threat-centric vulnerability management 3

Need to Modernize Vulnerability Management The top 10 vulnerabilities account for 85% of successful exploit traffic the other 15% consists of over 900 CVEs, which are also being exploited in the wild. Verizon DBIR 2016 Vulnerabilities and their exploitation are still the root cause of most breaches. IT security leaders should refocus their attention on how vulnerabilities are being managed and should track this metric to provide visibility as to how to reduce the biggest risks of being breached. Gartner, September 2016 It s Time to Align Your Vulnerability Management Priorities With the Biggest Threats 4

Overwhelming Number of Vulnerabilities 600-1200 new vulnerabilities EACH MONTH 5

Number of Vulnerabilities Vulnerabilities Exploited by Severity Most exploited vulnerabilities were not ranked critical 700 600 500 400 MEDIUM 300 HIGH 200 100 CRITICAL 0 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 LOW IBM X-Force/Analysis by Gartner, September 2016 6

Number of Vulnerabilities Successfully Exploited 120 100 80 60 40 85% of exploited vulnerabilities were more than 2 years old 20 0 2015 2013 2011 2009 2007 2005 2003 2001 1999 Verizon Data Breach Investigations Report 7

Distributed Cybercrime Growth of distributed attacks; technology infrastructure supports distributed model Ransomware is everywhere 25 new ransomware families are released every quarter Market leaders: Locky, Cerber, CryptXXX Hundreds of thousands of victims Consumers and businesses Source: Multi-State Information Sharing & Analysis Center $1B+ extorted from enterprises and institutions in 2016 8

Number of Vulnerabilities Ransomware Preys on a Few Key Vulnerabilities 40 35 30 25 20 15 10 5 Known vulnerabilities associated with all ransomware families 0 2015 2014 2013 2016 2012 2010 2011 Year Recorded Future, September 2016 9

Ask the Right Questions Is my data complete and up to date? Which critical assets are exposed? What exploits are publicly available? What exploits are involved in active attack campaigns? 10

Ingredients for Effective Vulnerability Prioritization Vulnerability-Centric Criticality of vulnerability (CVSS score, exploitation impact, public exploit available) Threat Centric Actively being targeted by malware, ransomware, exploit kits and threat actors in the wild Requires multiple perspectives Context Centric Business criticality, value and exposure of an asset (internet-facing, third party access, contains sensitive data, provides businesscritical functions) 11

Threat-Centric Vulnerability Management Attack Surface Model Context: Asset Exposure/Criticality Vulnerability Intelligence Prod FW Backbone Core Router Vulnerabilities + Exploits in the Wild Main Router GatewayEastA Main FW GatewayEastA IPS 12

Threat-Centric Vulnerability Management Attack Surface Model Context: Asset Exposure/Criticality Vulnerability Intelligence Analytics Prioritize Prod FW Imminent Threat High-priority remediation/mitigation Backbone Core Router Vulnerabilities + Exploits in the Wild Main Router Potential Threat Gradual risk reduction GatewayEastA Main FW GatewayEastA IPS 13

URGENCY Threat-Centric Vulnerability Prioritization IMMINENT THREAT High-priority remediation/mitigation Exposed to direct attack Exploited in the wild POTENTIAL THREAT Gradual risk reduction Vulnerabilities with known exploits Existing vulnerabilities 14

Importance of Prioritization Reduce To A Manageable Number IDENTIFY ALL KNOWN VULNERABILITIES TOTAL IDENTIFIED: 60K Skybox Vulnerability Database Potential Threat IDENTIFY YOUR VULNERABILITIES TOTAL IDENTIFIED: 7,122 Third-party scanners, Skybox Vulnerability Detector Potential Threat IDENTIFY EXPLOITS TOTAL IDENTIFIED: 1,105 Skybox Research Lab real-time threat intelligence Imminent Threat CORRELATE TO CVSS TOTAL IDENTIFIED CRITICAL: 3,578 CVSS scoring Potential/Imminent Threat IDENTIFY EXPOSURES TOTAL IDENTIFIED: 141 Skybox network modeling and attack vector analytics Imminent Threat IDENTIFY EXPOSED & EXPLOITED BIGGEST RISKS TOTAL IDENTIFIED: 13 Skybox Vulnerability Control Prioritization Center Imminent Threat 15

Detecting Vulnerabilities Through the Skybox Security Intelligence Feed Vulnerability and Threat Intelligence Skybox Research Lab + + 30+ security data sources: NVD, scanners, advisories, threat intelligence feeds, IPS security catalogs Partnership with Recorded Future: processing 700,000 dark web sites, gathering intelligence of exploits available and used in the wild Research analysts analyse, edit and verify vulnerability and threat intelligence 16

TCVM & WannaCry MARCH 14 Threat alert reported: SMB Remote code execution vulnerability APRIL 18 Identified as Exploited In The Wild MAY 12 WannaCrypt ransomware uses vulnerability APRIL 14 Vulnerability definition updated: SMBv2 exploits (EternalBlue) 17

Visualize Your Entire Attack Surface From Multiple Perspectives US Unsecure Device Configuration (Total: 72) Vulnerability Exposure Risky Access Rules Last 4 Months Name: UDP reply packets filtered Policy: Checkpoint FW Standard Policy Name: Encrypted Line Password - required Policy: Cisco IOS RTR Standard Policy #Violations: 1 #Violations: 1 Exploited in the Wild Vulnerabilities 311 Assets 5 Firewalls Site Details Unsecure Device Configuration March April May June Current Name: IP source routing - prohibited Policy: Cisco IOS RTR Standard Policy Name: Password Encryption Service - required Policy: Cisco IOS RTR Standard Policy Name: SNMPv3 Group - required Policy: Cisco IOS RTR Standard Policy #Violations: 1 #Violations: 1 #Violations: 1 Exploitable Vulnerabilities 18

Summary Discovery/Inventory Predict Vulnerability Assessment Assess Vulnerabilities/Exposures Threat Predict Intelligence Attacks Baseline Systems Penetration Testing Respond Patch Management Remediate/Make Change Design/Model Change Change Management Investigate/Forensics Continuous Integrated Monitoring & Solution Analytics Secure Configuration Prevent Anti-Malware Harden and Isolate Systems Divert Firewalls/IPS Attackers Prevent Attacks Detect Anti-Malware Detect Incidents Confirm and Prioritize Firewalls/IPS Contain Incidents 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback