How to manage evolving threats on evolving ICT assets across Enterprise

Similar documents
Qualys Cloud Platform

Qualys Cloud Platform

Qualys Cloud Platform

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Everything visible. Everything secure.

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Automating Security Practices for the DevOps Revolution

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Qualys 8.7 Release Notes

SYMANTEC DATA CENTER SECURITY

Automating the Top 20 CIS Critical Security Controls

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Copyright 2011 Trend Micro Inc.

Dynamic Datacenter Security Solidex, November 2009

Putting the 20 Critical Controls into Action: Real World Use Cases. Lawrence Wilson, UMass, CSO Wolfgang Kandek, Qualys, CTO

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Reinvent Your 2013 Security Management Strategy

Vulnerability Management

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

RSA IT Security Risk Management

Qualys Release Notes

Business Context: Key for Successful Risk Management

Stopping Advanced Persistent Threats In Cloud and DataCenters

McAfee Database Security

Unlocking the Power of the Cloud

@sec the information security provider

Un SOC avanzato per una efficace risposta al cybercrime

Transforming Security Part 2: From the Device to the Data Center

Speed Up Incident Response with Actionable Forensic Analytics

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Designing and Building a Cybersecurity Program

Device Discovery for Vulnerability Assessment: Automating the Handoff

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Regaining Our Lost Visibility

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Security Configuration Assessment (SCA)

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Securing Your Microsoft Azure Virtual Networks

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Transforming IT: From Silos To Services

align security instill confidence

Investor presentation

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI

Automated Threat Management - in Real Time. Vectra Networks

the SWIFT Customer Security

Investor presentation. Philippe Courtot, Chairman and CEO Melissa Fisher, CFO

Comodo Certificate Manager

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Securing the Modern Data Center with Trend Micro Deep Security

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Seqrite Endpoint Security

Vulnerability Management

Enhanced Threat Detection, Investigation, and Response

Microsoft Security Management

Investor presentation. Philippe Courtot, Chairman and CEO Melissa Fisher, CFO

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

McAfee Public Cloud Server Security Suite

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Threat Centric Vulnerability Management

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

CONTINUOUS COMPLIANCE. Your next cloud compliance audit could be your last. With LayerV s Continuous Compliance Service you re covered

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Imperva Incapsula Website Security

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

with Advanced Protection

Think Like an Attacker

Securing Your Amazon Web Services Virtual Networks

AS Stallion. Security for Virtual Server Environments. Urmas Püss

Datacenter Security: Protection Beyond OS LifeCycle

locuz.com SOC Services

IBM BigFix Compliance

Proactive Approach to Cyber Security

RSA Security Analytics

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Application Security at Scale

IBM Internet Security Systems Proventia Management SiteProtector

Ingram Micro Cyber Security Portfolio

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

The threat landscape is constantly

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cyber Security Audit & Roadmap Business Process and

Tips for Passing an Audit or Assessment

Cisco Tetration Analytics

IBM services and technology solutions for supporting GDPR program

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

RSA NetWitness Suite Respond in Minutes, Not Months

QUALYS SECURITY CONFERENCE Qualys CertView. Managing Digital Certificates. Jimmy Graham Senior Director, Product Management, Qualys, Inc.

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

BUILDING AND MAINTAINING SOC

Trend Micro deep security 9.6

Tenable.io User Guide. Last Revised: November 03, 2017

Transcription:

How to manage evolving threats on evolving ICT assets across Enterprise Marek Skalicky, CISM, CRISC, Qualys MD for CEE November, 2015 Vaš partner za varovanje informacij

Agenda Security STARTs with VISIBILITY What to be afraid of and how to fix it? Follow evolution of new threats and trends. Follow evolution of the ICT Assets Landscape. How can you manage what you don t know? Aggregate, Normalize, Correlate and Prioritize! Security ENDs with ACCOUNTABILITY & CONTINUITY ;-)

What to be afraid of?

Trends by ENISA Threat Landscape 2014 Published on December 2014 Based on +400 Threat Sources and incidents CERT-EU, SANS

What can happen to you?

Can you secure what you don t know? OUTDATED SOFTWARE ACCESS PRIVILEGES VULNERABILITIES CODING WEAKNESSES Dispersed IT Assets, Data and Networks THE EXTENDED ENTERPRISE MIS-" CONFIGURATIONS THREATS INCOMPLETE INVENTORY SOCIAL MEDIA

ICT Infrastructure is not only on premise Physical Data Centers! Virtual Data Centers! Remote Offices! In ONE centralized and unified solution for Mobile Users! Asset Management & ICT Security & Compliance Cloud Data Centers! - Perimeter Network Scanning Internet Cloud Scanners - Internal Network Scanning Internal HW / Virtual Scanners - Virtualized Centers Scanning Hypervisor Scanners - Cloud PaaS/IaaS Scanning Azure Scanners, EC2 Scanners - Cloud Agent Scanning Agents for Mobile Platforms - Passive Network Scanning Monitor traffic for unknown devices 7

LIVING IN A VULNERABLE WORLD YOU HAVE TO PROTECT EVERYTHING THE BAD GUYS ONLY HAVE TO FIND ONE VULNERABILITY BOTNET HACKTIVISM APT DATA LEAKAGE POLICY VIOLATIONS SOCIAL ENGINEERING

Explosion of vulnerabilities 2005 2010 2015 Vendor Name Number of Vulnerabilities 1 Microsoft 166 2 Apple 148 3 Linux 133 4 Redhat 99 5 Mozilla 93 6 Suse 83 7 IBM 81 8 Gentoo 79 9 SUN 75 10 Oracle 61 11 Cisco 54 12 Debian 52 13 Ethereal Group 49 14 GNU 48 15 Ubuntu 44 16 HP 36 17 Mandrakesoft 33 18 BEA 33 19 Phpbb Group 32 20 Trustix 32 Vendor Name Number of Vulnerabilities 1 Microsoft 317 2 Apple 302 3 Adobe 207 4 Oracle 206 5 IBM 202 6 Google 156 7 Cisco 155 8 Linux 125 9 Mozilla 122 10 HP 119 11 SUN 90 12 Realnetworks 55 13 Novell 47 14 Apache 43 15 Opera 40 16 Redhat 40 17 PHP 35 18 Macromedia 30 19 Typo3 26 20 Vmware 24 Vendor Name Number of Vulnerabilities 1 Apple 579 2 Oracle 473 3 Microsoft 463 4 Cisco 412 5 Adobe 339 6 IBM 276 7 Google 254 8 Mozilla 144 9 Novell 127 10 Canonical 126 11 Debian 101 12 HP 80 13 EMC 67 14 Linux 61 15 Redhat 57 16 SAP 43 17 Apache 40 18 Fedoraproject 36 19 Siemens 35 20 Wireshark 32 top 20 celkem 1431 top 20 celkem 2341 top 20 celkem 3745 http://www.cvedetails.com

Vendor Name Big vendors failing Big time 2005 2010 2015 Number of Vulnerabilities 1 Microsoft 166 2 Apple 148 3 Linux 133 4 Redhat 99 5 Mozilla 93 6 Suse 83 7 IBM 81 8 Gentoo 79 9 SUN 75 10 Oracle 61 11 Cisco 54 12 Debian 52 13 Ethereal Group 49 14 GNU 48 15 Ubuntu 44 16 HP 36 17 Mandrakesoft 33 18 BEA 33 19 Phpbb Group 32 20 Trustix 32 Vendor Name Number of Vulnerabilities 1 Microsoft 317 2 Apple 302 3 Adobe 207 4 Oracle 206 5 IBM 202 6 Google 156 7 Cisco 155 8 Linux 125 9 Mozilla 122 10 HP 119 11 SUN 90 12 Realnetworks 55 13 Novell 47 14 Apache 43 15 Opera 40 16 Redhat 40 17 PHP 35 18 Macromedia 30 19 Typo3 26 20 Vmware 24 Vendor Name Number of Vulnerabilities 1 Apple 579 2 Oracle 473 3 Microsoft 463 4 Cisco 412 5 Adobe 339 6 IBM 276 7 Google 254 8 Mozilla 144 9 Novell 127 10 Canonical 126 11 Debian 101 12 HP 80 13 EMC 67 14 Linux 61 15 Redhat 57 16 SAP 43 17 Apache 40 18 Fedoraproject 36 19 Siemens 35 20 Wireshark 32 MICROSOFT 166 317 463 APPLE 148 302 579 ORACLE 61 206 473 CISCO 54 155 412 TOP-20 1431 2341 3745 top 20 celkem 1431 top 20 celkem 2341 top 20 celkem 3745 http://www.cvedetails.com

Attack versus Defense windows 1. PREDICTION 2. PREVENTION 3. DETECTION 4. REACTION http://www.verizonenterprise.com/dbir/2012

Vulnerability Remediation vs. Exploitation Vulnerability Remediation: 100-120 days Vulnerability Exploitation: 40-60 days Vulnerability Half-life in IS: 30 days!!! GAP: 60 days!!! https://www.kennasecurity.com/resources/non-targeted-attacks-report

5-10 years old vulnerabilites still good to go http://www.verizonenterprise.com/dbir/2015

Where is the problem? In scope & Pme Example of typical CEE Enterprise: avg: 100 sec. controls per/ip avg: 1000 IP avg: 20 SW components avg: 20 per/ip Critical: 4 per /IP continuous and automated view on ICT Security and Compliance Attack Surface: 20.000 ICT Asset components 20.000 Vulnerabilities (20% critical) 2.000 Relevant Threats (Expl.&Malware) 100.000 Configuration security controls avg: 2 per/ip Modern approach & solution: Data centralization / normalization / prioritization (Big)Data analytics / automation / workflow Dashboards / Alerts / Reports / Tickets Cloud based architecture

What is solupon? AutomaPon & PrioriPzaPon SANS TOP-7 High and Very-high Critical Controls from TOP-20 Australian Department of Defense: TOP- 4 Strategies to MiPgate Targeted Cyber Intrusions 1 Application Whitelisting only allow approved software to run 2 Application Patching keep apps, plug-ins and other software up to date 3 OS Patching keep operating systems current with the latest fixes 4 Minimize Administrative Privileges prevent malicious software from making silent changes

How to get visibility into ICT Assets and correlate them with Risks and Compliance Application Engines! CM AM VM PCI PC QS MDS WAS WAF LM ASSET DISCOVERY NETWORK SECURITY WEB APP SECURITY THREAT PROTECTION COMPLIANCE MONITORING Sensors! Passive Physical Virtual Cloud Cloud Agent 16

What to do with all that data? Aggregate, Normalize, Correlate, Filter, Report and PrioriPze! DASHBOARDS ALERTS REPORTS WORKFLOWS INTEGRATIONS ICT RISK MANAGEMENT Vulnerabilities Threats Exploits Malware Impact scenario Zero-Days Patches Workarounds Asset Values Security Risk Business Risk ICT ASSET MANAGEMENT OS / Platforms TCP/UDP Ports Services/ Protocols Databases Applications SSL Certificates Localities Responsibilities Dynamic Tagging ICT COMPLIANCE MANAGEMENT Configuration checks Policy Controls Custom Controls Internal Policies External Regulations Customizable Questionnaires BUSINESS PROCESSES / BUSINESS APPLICATIONS 17

set process, roles, goals and measure VM role Responsibility Internal VAS service provider BU Manager IT Asset Owner Scanner Business Owner of IT Asset InfoSec VM policy I I I I I A/R VAS system configuration Asset management A/R R I R C/I I A/R C R I Remediation I R R/A R A I Vulnerability type Network segmnets Perimeter PCI DSS scope Internal network 4 & 5 with remote exploit confirmed X days X days XY days X days (CVSS 4.0 or more) 4 & 5 - confirmed XY days XYZ days XY days (CVSS less than 4.0) 3 - confirmed XYZ days Best effort Best effort 1 i 2 - confirmed Best effort Best effort Best effort 18

filter data and present only need- to- know Technical Reports Executive Reports 19

Qualys at a Glance QualysGuard Cloud Pla_orm for ICT Assets, Security and Compliance 7,700 + Customers 107 + Countries +1 Billion +2 Billions in 2013 In 2014 20

Vaš partner za varovanje informacij

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback