Quick Start Guide for Administrators and Operators Cyber Advanced Warning System

Similar documents
ENTERPRISE ENDPOINT COMPARATIVE REPORT

NEXT GENERATION FIREWALL. Tested Products. Environment. SonicWall Security Value Map (SVM) JULY 11, 2017 Author Thomas Skybakmoen

ADVANCED ENDPOINT PROTECTION TEST REPORT

TEST METHODOLOGY. SSL/TLS Performance. v1.0

WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS

NEXT GENERATION FIREWALL COMPARATIVE REPORT

BREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS

ADVANCED ENDPOINT PROTECTION COMPARATIVE REPORT

CONSUMER EPP COMPARATIVE ANALYSIS

THREAT ISOLATION TECHNOLOGY PRODUCT ANALYSIS

CAWS CYBER THREAT PROTECTION PLATFORM API GUIDE. Version 2.3

DATA CENTER IPS COMPARATIVE ANALYSIS

CAWS CONTINUOUS SECURITY VALIDATION PLATFORM API GUIDE VERSION 3.0

Rapid Recovery License Portal Version User Guide

Precise for BW. User Guide. Version x

CAWS CONTINUOUS SECURITY VALIDATION PLATFORM API GUIDE VERSION 3.0

TEST METHODOLOGY. Breach Detection Systems (BDS) v5.0 MARCH 5, 2018

Partner Management Console Administrator's Guide

TEST METHODOLOGY. Virtual Firewall. v2.1 MARCH 13, 2017

Business Intelligence Launch Pad User Guide SAP BusinessObjects Business Intelligence Platform 4.1 Support Package 1

Windows Security Updates for August (MS MS06-051)

Release Information. Revision History. Version: build 018 Release Date: 23 rd November 2011

SmartView. User Guide - Analysis. Version 2.0

One Identity Starling Identity Analytics & Risk Intelligence. User Guide

Fleet Director Help File

User Instructions SPADOC-X508-en-120A December 2018

VMp Technical Support Phone: Online request:

07/20/2016 Blackbaud Altru 4.91 Reports US 2016 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any

Terms of Use. Changes. General Use.

Tanium Asset User Guide. Version 1.1.0

CONSUMER AV / EPP COMPARATIVE ANALYSIS

OBIEE. Oracle Business Intelligence Enterprise Edition. Rensselaer Business Intelligence Finance Author Training

User Manual: Manager

Polycom RealPresence Resource Manager System

They Call It Stormy Monday

HTTP Errors User Guide

Contents. MT Financial Transaction Tax Reporting and Reconciliation. Accountable Party User Guide. Version 1.0

HYCU SCOM Management Pack for Nutanix

FIA Electronic Give-Up Agreement System (EGUS) Version 2.6

Banner 9. Navigation Guide Revised for Ithaca College Fall The URL for Banner 9 is

SADP Software User Manual

TEST METHODOLOGY. Breach Detection Systems (BDS) v3.0

Message Manager Administrator Guide

Message Manager Administrator Guide for ZA

Scribe Monitor App. Version 1.0

Contents. Mapping. Mapping 2. Constituent Density Map 3 Address Geocodes 4 Map Entities 4 Map Instances 8

rat Comodo EDR Software Version 1.7 Administrator Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

ALM. Tutorial. Software Version: Go to HELP CENTER ONLINE

Creating Dashboard Widgets. Version: 16.0

MySonicWall Secure Upgrade Plus

Quick Reference Card for Timestamp Hourly View Employees

Assurance Features and Navigation

Avigilon Gateway Web Client User Guide. Version 6.10

Colleague by Ellucian Guide to User Interface 4.4 and 4.4.1

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Polycom RealAccess, Cloud Edition

Virtual Communications Express Admin Guide: Call Recording

Table of Contents ADMIN PAGES QUICK REFERENCE GUIDE

Admissions & Intro to Report Editing Participants Guide

Aellius LynX Office Lookup Enhancements

Hosted PBX QUICK START GUIDE. Call Recording SmartRecord V4 SP7

Quick Start Guide Date: > Revision: > 1.1.3

Personalizing CA Clarity PPM User Guide. Release

Guide to User Interface 4.3

Oracle. Field Service Cloud Configuring and Using Reports 18B

RunningBall Trader Client

Odyssey File & Serve. Review Queue User Guide Release 3.11

The Privileged Appliance and Modules (TPAM) Approver Guide

Quick Start Guide Date: > 05/11/2015 Revision: > 1.0.0

Application Launcher User Guide

One Identity Active Roles 7.2. Web Interface User Guide

User Manual: Instructor

User Guide. BlackBerry Docs To Go for Android. Version 1.3.0

X-Sign 2.0 User Manual

Widgets for SAP BusinessObjects Business Intelligence Platform User Guide SAP BusinessObjects Business Intelligence platform 4.1 Support Package 2

Overlap Checker & ENC Coverage User Manual

A Guide to Completing Your Citi Foundation Application Table of Contents

Wholesale Lockbox User Guide

HP Service Manager. Software Version: 9.41 For the supported Windows and UNIX operating systems. SM Reports help topics for printing

Cisco Unified Workforce Optimization

Wired Network Summary Data Overview

Symantec Ghost Solution Suite Web Console - Getting Started Guide

JMP to LSAF Add-in. User Guide v1.1

MicroStrategy Desktop Quick Start Guide

FIA Electronic Give-Up Agreement System (EGUS) Version 2. Administrator Guide

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

Eclipse Messaging. Release 9.0.3

SAS Infrastructure for Risk Management 3.4: User s Guide

AT&T Cloud Solutions Portal. Account and User Management Guide

General User Manual. Copyright , Better Days Enterprises, LLC West Main Street #119 Rapid City, SD

SAP BusinessObjects Live Office User Guide SAP BusinessObjects Business Intelligence platform 4.1 Support Package 2

EFIS User Guide Family Support Programs User

Security Explorer 9.1. User Guide

Release Notes 1 of 5. Release Notes. BlackBerry 7100g BlackBerry 7290 Wireless Handheld.

eschoolplus+ General Information Training Guide Version 2.4

General Features Guide

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

User Guide. General Navigation

N4A Device Manager 4.6.0

Client Portal Client User Manual

Transcription:

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Introduction to the Cyber Advanced Warning System and RiskViewer... 1 Activating Your Account... 2 Adding a New User... 3 Adding a Location Profile... 4 Navigating in the Cyber Advanced Warning System... 6 Using the CAWS Menu Bar... 6 Selecting a Date Range... 6 Using Global Search... 7 Viewing Data Panes... 8 Using the Dashboard to View Threat Summaries... 9 New Exploits... 9 Top 5 Targeted Applications... 9 Exploits Bypassing Security Defenses... 9 Using ThreatViewer to Monitor Active Threats... 10 Number of New Exploits... 10 Top 5 Targeted Applications... 10 New Exploits Detail by NSS ID... 10 Opening a Threat Detail Window in ThreatViewer and ShieldViewer... 12 Using ShieldViewer to Measure Security Against Active Threats... 14 Exploits by Profile... 14 Viewing a Threat Summary Page in ShieldViewer... 15 Exploits Bypassing All Security Products... 15 Application Summary... 15 Security Product Summary... 15 Using RiskViewer to Create and View Scenarios... 16 Creating a RiskViewer Scenario in Default Mode... 16 RiskViewer Performance Tips... 17 Navigating In RiskViewer... 18 Configuration... 18 Block Rate... 18 Block Rate Summary... 18 Threats Bypassing Security Products... 19 Security Product Summary... 19 Threats Targeting Applications... 19 Threat Breakdown by Application... 19 Revisions... 20 Contact Information... 21 2015 NSS Labs, Inc. iii

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs iv 2015 NSS Labs, Inc.

Introduction to the Cyber Advanced Warning System and RiskViewer This Quick Start Guide for Administrators and Operators introduces you to the Cyber Advanced Warning System (CAWS) threat awareness and dynamic threat modeling suite. Use this guide to learn how to activate your account and navigate the suite. The CAWS suite contains four applications: The 3 Day Summary Dashboard displays summaries from ThreatViewer and ShieldViewer. See Using the Dashboard to View Threat Summaries for more information. ThreatViewer displays active threat information, including target applications, platforms, source countries, URLs, source IPs, and file metadata.see Using ThreatViewer to Monitor Active Threats for more information. ShieldViewer displays information about threats to specific locations. Use ShieldViewer to build custom profiles that reflect the attack surfaces and security protection present at each location. See Using ShieldViewer to Measure Security Against Active Threats for more information. RiskViewer allows you to create what-if simulations that compare security products against one another in real-world environments and demonstrate how the products perform over time. See Using RiskViewer to Create and View Scenarios for more information. CAWS has three user levels: Reviewers have read-only access to the system. They can see all data and create simulations in RiskViewer if they have a subscription, but they cannot create or edit profiles. Operators can see all data, create profiles in ShieldViewer, and create simulations in RiskViewer if they have a subscription. However, they cannot create or edit users. Administrators have the same privileges as Operators, but they can also create users and switch the organization to run CAWS in Advanced mode. Job Flow for Default Mode 1. Administrators add users. 2. Administrators and Operators add and edit Location profiles. 3. Administrators, Operators, and Reviewers monitor active threats in the Dashboard and ThreatViewer, see which exploits are bypassing controls in ShieldViewer, and create what-if scenarios in RiskViewer. If you have questions or need technical help, email NSS Labs Technical Support at techsupport@nsslabs.com to trigger an automatic support ticket. An NSS representative will contact you to resolve any issues. 2015 NSS Labs, Inc. 1

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Activating Your Account You will receive an email message that contains a hyperlink to the Cyber Advanced Warning System login page. You must activate your account within 72 hours of receiving the email, or the link will expire. If your link expires, request a new activation email on the login page. To activate your account, perform the following steps: 1. Click the hyperlink in the system-generated email from CAWS. Note: If the link is not active, copy the web address in the email and paste it into the address field of a browser window. NSS supports Google Chrome and Firefox browsers. The website displays the NSS Labs Inc. Cyber Advanced Warning System End User Agreement. 2. Read the end user agreement, scrolling to the end. Click I agree. The end user agreement closes, and the website displays the Set Password page. 3. Type your user name in the User Name or Email Address field. The user name is typically the email address that NSS used to set up your account. 4. Type a secure password in the Password field. The password must have the following characteristics: At least 8 characters or longer At least 1 uppercase letter At least 1 lowercase letter At least 1 numeral or special character No blank spaces 5. Retype or paste the password into the Confirm Password field. 6. Click Submit. CAWS opens in Default mode. 2 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Adding a New User Administrators manage users through the CAWS Administration module. To add a new user, perform the following steps: 1. From the menu bar, select Administration > Manage Users > Add User. The Add User page opens. 2. Type the user s Email Address, First Name, and Last Name in the provided fields. 3. Select the correct role from the User Role drop-down list. Reviewers can view CAWS events and existing Location profiles, and create RiskViewer scenarios. Reviewers cannot perform Operator or Administrator tasks. Operators can create and modify Location profiles and create and deploy RiskViewer scenarios, as well as view CAWS events. If CAWS is running in Advanced mode, Operators can also create and modify Protection, Attack Surface, and Deployment profiles. Operators cannot manage users. Administrators can perform the same tasks as Operators, and can also manage users. Administrators can also perform the organization-level task of switching CAWS to Advanced mode. 4. Select the correct subscription level from the Subscription Level drop-down list. Cyber Advanced Warning System users can use CAWS, but they cannot access the RiskViewer application. RiskViewer users can use both CAWS and RiskViewer. 5. Click Add User. Note: If you want to add more than one user, select the Add Another check box. The page displays a pop-up message stating that the user was successfully added. CAWS sends the new user an automated email with login information. The View and Edit Users page displays the name of the new user. A padlock icon is displayed beside the user name until the user activates the account. 2015 NSS Labs, Inc. 3

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Adding a Location Profile If your organization is running CAWS in Default mode, Administrators and Operators only need to create Location profiles in order to monitor threats and model scenarios. Use Location profiles to associate application groups and protection devices with a specific location in your organization. You can create multiple Location profiles to compare your current security product to various competitors. You can create as many Location profiles as you need to monitor threats and compare security products. To add a Location profile, perform the following tasks: 1. From the menu bar, select ShieldViewer > Manage Locations > Add Location. The Add Location page opens. 2. Type a meaningful Location Name and Location Description in the appropriate fields. 3. Optionally, enter a City name and select a city from the autocomplete results. 4. Select an application group from the Application Groups drop-down list: All Applications: All applications deployed within the CAWS test infrastructure IE Browsers: All versions of Internet Explorer NSS Recommended: Applications that are at the greatest risk of being targeted successfully by exploits Note: The Managed check box is cleared by default. If you select the Managed check box, NSS Labs manages the application group, adding new applications automatically as they are supported and/or considered high risk. If you do not select the Managed check box, you are responsible for adding and deleting applications within this profile. 5. The Email Notifications check box is selected by default. Note: The Email Notifications option generates frequent summary emails of all exploits that bypass any of the security devices associated with this location. To disable email notifications for this profile, clear the check box. 6. Select one or more protection products from the All Protections list. Use Shift and the arrow keys on the keyboard to select multiple products. In the Filter field, you can type the first few letters of a product name or product type to filter for those items on the protection list. For example, if you type the letters mcaf, the list displays only McAfee products. 4 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System 7. Click the Move selected button to add the selected protection products to the Selected Protections list. The Selected Protections list displays the products you added. 8. Click Add Location. Note: If you want to add more than one location, select the Add Another check box. CAWS briefly displays a Success pop-up message stating that the location was added. 2015 NSS Labs, Inc. 5

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Navigating in the Cyber Advanced Warning System After you log in, CAWS displays the 3 Day Summary Dashboard. For more information about each CAWS module, see the following sections: Using the Dashboard to View Threat Summaries Using ThreatViewer to Monitor Active Threats Using ShieldViewer to Measure Security Against Active Threats Using RiskViewer to Create and View Scenarios Using the CAWS Menu Bar The menu bar on the left side of the page contains options for accessing each CAWS module. To expand the menu bar, click the arrow. The menu bar expands to display navigation options. The arrow now points left. To collapse the menu bar, click the arrow again. Selecting a Date Range The Dashboard always displays the last three days of information, but you can select a different date range in ThreatViewer, ShieldViewer, and RiskViewer. To select a different date range in those modules, perform the following steps: 1. Click the date icon in the top right corner. 6 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System The date widget expands. 2. Select one of the date range options, or specify a custom range. If you specify a custom range, you can type the appropriate dates in the From and To fields, or you can select the dates from a pop-up calendar. 3. Click Apply. CAWS generates new data for the date range you specified. The date range is applied to each CAWS module except for the Dashboard. Using Global Search Each page in CAWS contains a global search field at the top right. Use this field to search by hashes, URLs, CVEs, and IP addresses. To perform a global search, enter the search term in the field and press Enter. CAWS displays an Advanced Search page where you can enter a more specific search query and view search results. 2015 NSS Labs, Inc. 7

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Viewing Data Panes Data panes in CAWS are interactive, allowing you to view the data in different ways or to view additional information, such as pop-up labels. Hover the cursor over graphic elements to view pop-up messages. If you hover the cursor over a specific point, such as a high point or low point on a trend line, a popup message displays more information. In the example, the pop-up label for the trend line shows the date of the threat and the exploit count. Click and drag left or right within a pane to zoom in on data series. You can also zoom by scrolling the mouse wheel. Click the Save icon to save a data pane as a widget in a separate browser tab. You can then download, save, or print the widget. Click the Reset icon to refresh individual panes. Click the Help icon in RiskViewer to view a pop-up description of the data pane. 8 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Using the Dashboard to View Threat Summaries The Dashboard is the default home page when you log in to CAWS. The Dashboard summarizes critical information from ThreatViewer and ShieldViewer. The displays in the Dashboard are hyperlinked to either ThreatViewer or ShieldViewer. New Exploits New Exploits displays the total number of new, unique exploits CAWS detected in the last three days. Thirty Day Trend displays 30 bars representing the number of exploits detected over the last 30 days. Mouse over a bar to view a pop-up label of the number of exploits detected on that specific day. Top 5 Targeted Applications Top 5 Targeted Applications is a bar graph that summarizes attacks on the top five applications in the last three days. Mouse over each bar to view a pop-up label of the total number of attacks for that application. Note: Click anywhere in the New Exploits or Top 5 Targeted Applications display areas to open ThreatViewer. See Using ThreatViewer to Monitor Active Threats for more information. Exploits Bypassing Security Defenses Exploits Bypassing Security Defenses displays the sum of the exploits that bypassed all security products in all profiles in the last three days. Note: Click anywhere in the Exploits Bypassing Security Defenses display area to open ShieldViewer. See Using ShieldViewer to Measure Security Against Active Threats for more information. 2015 NSS Labs, Inc. 9

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Using ThreatViewer to Monitor Active Threats ThreatViewer shows active exploits and the applications that are targeted in active campaigns. Use ThreatViewer information to help determine the best actions to take for reducing risk, such as changing the security control policy. ThreatViewer displays the following panes: Number of New Exploits Top 5 Targeted Applications New Exploits Detail by NSS ID Number of New Exploits Number of New Exploits is an interactive chart with two tabs: Application Drill-Down and Applications by Country Over Time. Application Drill-Down shows a trend line for threats that occurred in the selected date range. You can use the slider bar to break down the trend lines by application, vendor, and family. Applications by Country Over Time is a graph that displays country abbreviations on the y axis and the date on the x axis, with concentric circles representing the targeted applications. You can hover the mouse over a circle to see a pop-up label for the application name, the date, the country of origin for the exploit, and the number of exploits targeting the application. Top 5 Targeted Applications Top 5 Targeted Applications is a bar graph showing the number of attacks on the five most highly targeted applications. You can toggle between bar graphs with tabs for targeted Applications, software Families, and Vendors. Hover over any bar to view a pop-up label describing the data in more detail. The Dashboard displays a simplified pane showing only the Application data, not the software Families or Vendors. New Exploits Detail by NSS ID New Exploits Detail by NSS ID lists all threats CAWS detected in the specified time range. Mouse over a column header to view a pop-up label describing the column. To sort the data, click a column header. For example, clicking Targeted Application sorts the data alphabetically by application name. Clicking the column header again sorts the data in reverse alphabetical order. To filter the data by victim or application, click the victim or targeted application name, and that term will display in the search box. To filter by victim or targeted application, click the name of the victim or application by which you want to filter the data. 10 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System CAWS inserts the name into the Search text box and filters the table data, displaying only exploits that relate to that search term. Save table data in a different format. Click Excel to export table data to a CSV format file. Click PDF to save the table in PDF format. Click Column Visibility to open a pop-up menu that lists the names of the columns. Select or clear a column s check box to control whether the table displays the column. 2015 NSS Labs, Inc. 11

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Opening a Threat Detail Window in ThreatViewer and ShieldViewer You can open a Threat Detail window in both ThreatViewer and ShieldViewer. In ThreatViewer, locate the New Exploits by NSS ID table and click any NSS ID number. In ShieldViewer, perform the following steps: 1. Locate the Exploits by Profile table and click the appropriate profile name. The profile s Threat Summary page opens. 2. In the Exploits Bypassing All Security Products table, click any NSS ID number. The Threat Detail window for that NSS ID number opens. Click on any hyperlink in the window to open a new window that lists related threats. The Primary Information tab displays specific information about an individual threat, such as its time stamp and targeted application. The CVE Information tab displays information about the threat s common vulnerability exposures, 12 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System including descriptions of specific vulnerabilities within applications that the threat targets. The Detected Files section displays hash information about malicious files associated with the threat. The Outbound Network Connections section displays the IP addresses and port numbers of the outbound connections associated with the threat. 2015 NSS Labs, Inc. 13

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Using ShieldViewer to Measure Security Against Active Threats ShieldViewer displays information about exploits that are threatening specific locations and that may be bypassing security controls. Exploits by Profile Exploits by Profile displays data in the following columns: Profile: The names of the Location profiles in your organization. If you click a Profile name, the Threat Summary page opens for that profile. See Viewing a Threat Summary Page in ShieldViewer for more information. Exploits Targeting Applications: The total number of exploits targeting one or more applications in a Location profile Exploits Bypassing One or More Security Products: The total number of exploits bypassing one or more security products in a Location profile Exploits Bypassing All Security Products: The total number of exploits that have bypassed all security products in a Location profile Note: Monitor the data in this panel regularly, as it provides real-time awareness of the exploits and the security product failures that can directly impact your organization. 14 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Viewing a Threat Summary Page in ShieldViewer To open a Threat Summary page for a specific profile, find the Exploits by Profile table and click the profile name. The Threat Summary page for that location opens, displaying the following panes: Exploits Bypassing All Security Products Exploits Bypassing All Security Products lists all exploits that have bypassed all security products associated with this location. Click an NSS ID to open a Threat Detail pop-up window for a specific threat. Click the arrow to view the same data in a ring graph. Application Summary Application Summary shows which applications have been targeted by exploits during the selected time period. Use the search field in the pane to search by application name. Click the Table tab to view data in a table format. Click an application name to open its Application Threat Summary pop-up window. Click the Families tab to view a bar graph showing the applications grouped by software family. Click the Vendors tab to view a bar graph showing the applications grouped by vendor. Security Product Summary Security Product Summary lists all security products associated with the selected location and indicates the number of threats that have bypassed each security product. Note: If you enable the Watch feature, CAWS generates an hourly email summarizing all exploits that have bypassed security devices associated with this Location profile. The email is sent to your registered email address. When you create a Location profile, email alerts are enabled by default. You can disable email alerts when you create a Location profile or you can disable them in this pane on the Threat Summary page. Click the Table tab to view security product and threat information in a table format. Click Add Device to add another security device to this location. If a product name is a hyperlink, it has threats associated with it. Click the hyperlink to open its Security Product Threat Summary pop-up window. If a product name is not a hyperlink, it has successfully blocked all threats and has no Threat Summary window. Click the Types tab to view a bar graph displaying the security products grouped by type. Click the Vendors tab to view a bar graph displaying the security products grouped by vendor. 2015 NSS Labs, Inc. 15

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Using RiskViewer to Create and View Scenarios RiskViewer is an optional component of the Cyber Advanced Warning System. Use RiskViewer to create dynamic scenarios that test security products and applications against live data. Here are a few examples of how RiskViewer modeling can be used to improve security: Situational awareness: Monitor which applications are being targeted by threat actors and determine how exploits relate to failures in deployed security products. This information can help prioritize security policy changes, patch cycles, and security product updates. Compare security products: Evaluate different security products side by side to compare their efficacy against current threats. Security efficacy of layered solutions: Model new products quickly and easily to determine how a new security product will enhance overall security efficacy of the stack. For example, will a new IPS product complement an existing NGFW product and provide return on investment (ROI), or do the two products fail to detect the same set of exploits? Creating a RiskViewer Scenario in Default Mode If CAWS is running in Default mode, you build scenarios based on any of your current Location profiles. To create a scenario in Default mode, perform the following steps: 1. Select RiskViewer > New Scenario. The RiskViewer Modeling Setup page opens. 2. Select a Location profile from the Locations drop-down list. 16 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System The window displays the configuration details for the Location profile you selected. 3. Click Create Simulation. 4. Click the date widget to select a date range. RiskViewer displays 30 days of data by default to provide the highest degree of accuracy for comparing security products. RiskViewer Performance Tips Note: Use the following tips to render data without affecting browser performance. If you have been rendering data for many applications and the browser is responding slowly, the browser cache memory may be full. Click the Reset icon at the top left to clear the cache memory and refresh RiskViewer. You can also restart the browser to clear the cache memory. You can model all applications without compromising performance. If you delete all applications from the Configuration pane, RiskViewer defaults to all applications and renders them in a single data series. RiskViewer calculates the totals for all applications, but you cannot view results for individual applications. 2015 NSS Labs, Inc. 17

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Navigating In RiskViewer A RiskViewer scenario displays several interactive data panes and graphs, similar to those in ThreatViewer or ShieldViewer. Configuration Use Configuration to perform the following tasks: Create one or more new scenarios to compare against the Baseline scenario Deploy a scenario as a Location profile in CAWS Convert a scenario to printable widgets in a new browser window Configuration displays a Security Products list and an Applications list for the location you selected. You can add or remove security products and applications as needed. Note: if you select more than one security product, RiskViewer restricts the time window to the time period after August 1, 2015. If you select a single product, the time window is unrestricted. Click the arrow icon next to Apply Selection to open a pop-up menu. You can select the following options: Block Rate Block Rate is an interactive line graph that displays trend lines for the security products in the scenario. Each trend line shows the percentage of application threats that a security product detected and blocked over the selected time period. Block Rate Summary Block Rate Summary has two tabs, Block Rate and Critical Threats. Apply Selection applies configuration changes to the current scenario. Apply Selection to New Scenario creates a new scenario with the configuration changes in the Scenarios tab. Reset Current Scenario restores the scenario to its original security products and applications. Print Current Scenario outputs the scenario as printable widgets in a new browser window. Save Current Scenario opens a dialog box where you can provide a name and description for the scenario and save it for future use. Deploy Current Scenario opens a dialog box where you can save the scenario as a new Location profile. Block Rate is a gauge chart that displays the percentage of coverage provided by all products in the scenario. The coverage is calculated as a percentage. Critical Threats is an interactive ring chart. A critical threat is an exploit that targets any of the applications in a scenario and has evaded all of the scenario s security products. The center of the ring displays the total number of relevant threats. Click the center of the ring to open the Application Threat Summary window for Threats Targeting Applications. Each segment of the ring chart 18 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System represents the percentage of relevant threats associated with a particular application. Hover the cursor over each ring segment to view the application name, the number of exploits targeting that application, and the percentage of total exploits represented by that application. Click an application s ring segment to open the Application Threat Summary window for that application. Threats Bypassing Security Products Threats Bypassing Security Products is an interactive line graph that displays trend lines for security products in the scenario. Each trend line shows the number of exploits that bypassed a security product during the selected time period. Security Product Summary Security Product Summary displays two tabs, Block Rate and Exploit Count. Under the Block Rate tab, a bar graph displays the block rate of each security product in the scenario. Mouse over a bar to view the device name and block rate percentage. Under the Exploit Count tab, a bar graph displays the number of unique threats that bypass a security product within each period of the selected time period. For example, if you select a time period of 7 days, each bar represents the sum of the threats that bypassed a device each day of that week. For each tab, you can click a security product s bar to open its Security Product Threat Summary window. The summary window lists threats by NSS ID, test time stamp, platform, and application. You can then click a threat s NSS ID to open a Threat Detail window for the specific threat. Threats Targeting Applications Threats Targeting Applications is a line chart that shows the number of exploits targeting applications over the specified date range. Each application is represented by a series on the chart. Hover the cursor over each series in the chart to view the number of exploits targeting that application at that point in time. Threat Breakdown by Application Threat Breakdown by Application is a ring chart that shows which applications in the scenario are being targeted and the total number of exploits targeting all applications during the selected time period. Hover the cursor over each segment of the chart to view the application name, the number of exploits targeting that application, and the percentage share of the total. Click a ring segment to open its Application Threat Summary window. 2015 NSS Labs, Inc. 19

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs Revisions Date Description CAWS Version 4/07/2015 New RiskViewer panes and options 1.2 4/17/2015 Email notification option on the Threat Summary page 1.3 5/14/2015 Updates to RiskViewer section 1.3 7/31/2015 Updates to user interface 1.4.11 9/21/2015 Updates to user interface 1.5 11/9/2015 Updates to user interface 1.5.1 20 2015 NSS Labs, Inc.

NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Contact Information NSS Labs, Inc. 206 Wild Basin Road Building A, Suite 200 Austin, TX 78746 USA info@nsslabs.com www.nsslabs.com 2015 NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, copied/scanned, stored on a retrieval system, e-mailed or otherwise disseminated or transmitted without the express written consent of NSS Labs, Inc. ( us or we ). Please read the disclaimer in this box because it contains important information that binds you. If you do not agree to these conditions, you should not read the rest of this report but should instead return the report immediately to us. You or your means the person who accesses this report and any entity on whose behalf he/she has obtained this report. 1. The information in this report is subject to change by us without notice, and we disclaim any obligation to update it. 2. The information in this report is believed by us to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at your sole risk. We are not liable or responsible for any damages, losses, or expenses of any nature whatsoever arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY US. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON- INFRINGEMENT, ARE HEREBY DISCLAIMED AND EXCLUDED BY US. IN NO EVENT SHALL WE BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and/or software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet your expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. 2015 NSS Labs, Inc. 21

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System NSS Labs 22 2015 NSS Labs, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback