Threat Centric Vulnerability Management Solution Brief When it comes to vulnerability management, security leaders continue struggle to identify which of the thousands even millions of vulnerabilities in their environment are actually putting the organization at risk. Traditional approaches don t take into account all factors that influence vulnerability risk. This leaves security teams wasting resources on issues attackers may never find or want to exploit. And for programs relying on spreadsheets and manual analysis, the problems of gaining contextual understanding and effectively using resources only increase. It s Time for a Different Approach Threat centric vulnerability management (TCVM) from Skybox Security signals a fundamental shift in the approach to managing and prioritizing vulnerabilities. TCVM changes vulnerability management from an exercise of trying to patch everything all the time to focused, intelligent action that considers real threats and intelligently automates a variety of tasks. Using up to date intelligence of your network and the threat landscape, Skybox gives you the power to target action where it matters most and be proactive against the threats of ransomware, malware, exploit kits and targeted attacks. TCVM for Skybox Vulnerability Control prioritizes vulnerabilities the smart way, putting imminent threats at the top of your to do list and helping you systematically deal with potential threats over time. Skybox looks for vulnerabilities which are: Exposed, based on your network and its security controls Exploited in the wild or used in crimeware Known to have an exploit code published Exist in your network but have no known exploit With attack surface visualization, vulnerability and threat intelligence, and attack vector analytics, TCVM gives you the automated tools and context needed to zero in on the vulnerabilities posing a real risk and fix them immediately. Total visibility. Focused protection.
The TCVM Process Discovery Collect and assess information on assets, network topology, security controls and vulnerabilities in your environment, including physical IT, cloud and operational technology (OT) networks. Gather information on the current threat landscape. Prioritization Correlate vulnerability data with threat intelligence and exploitability information. Using network modeling, analyze potential attack paths to prioritize remediation according to the threat posed to critical assets. Remediation Apply patches or use IPS signatures, access rules, segmentation, etc. to block attack paths. Address imminent threats first and deal with potential threats over time. Oversight Track progress and analyze trends to find areas that need more attention or resources. Monitor remaining vulnerabilities for changes in exposure or use in the wild. Automation is Key The TCVM process uses a vast amount of data from a variety of sources, and analyzes that data from multiple perspectives with an understanding of the interdependencies of internal and external factors. As such, the TCVM process must be automated. Below is a description of some of the automated tasks performed by Skybox. Imports data from your third-party vulnerability scanners Imports data from asset and patch management systems and other system information to perform passive, scanless vulnerability assessments Imports threat intelligence feeds Imports asset and configuration data into a network model, and regularly back up the model and update it with the Skybox intelligence feed Simulates attacks analyzing paths from any threat origin to a vulnerable asset to identify direct exposures; direct exposures are used as the threat origin in secondary simulations to simulate pivot attacks and identify indirect exposures Analyze data to identify which of vulnerabilities are exposed, actively exploited in the wild, used in crimeware or have sample exploit code available Tasks can also be sequenced and scheduled to create automated workflows that run regularly. The result of Skybox s TCVM automation is actionable intelligence at your fingertips and clear remediation priorities for day-to-day operations or incident response planning. 2
Target the Biggest Threats With Skybox TCVM, security leaders can focus on the vulnerabilities that pose the biggest threat to their organization, rolling out patches or compensating controls immediately. posing potential threats are also identified, so they can be queued for systematic, gradual risk reduction. See your entire attack surface, including vulnerabilities and potential attack vectors, in an interactive, visual model Reduce patching needs by pinpointing imminent threats to your organization, and prioritize the most needed patches in OT networks which limited opportunities to carry out updates Automate vulnerability managment processes from assessment to remediation and oversight, and integrate contextual intelligence throughout Collaborate with IT operations to use efficient patching alternatives and improve remediation service level agreements (SLAs) Measure and track risk reduction efforts to identify where more resources may be needed, and demonstrate progress the C suite and board. IDENTIFY KNOWN VULNERABILITIES Total identified vulnerabilities via Skybox intelligence feed CORRELATE TO CVSS CVSS critical score POTENTIAL OR All Known IDENTIFY YOUR VULNERABILITIES Third party scanners and Skybox Vulnerability Detector Your Critical Severity PINPOINT BIGGEST RISKS Skybox Vulnerability Control Prioritization Center (HIGHEST PRIORITY) Exposed + Exploitable Exploited in the Wild Exposed IDENTIFY EXPLOITS Skybox Research Lab threat intelligence IDENTIFY EXPOSURES Skybox network modeling and attack vector analytics Figure 1: Representation of TCVM prioritization results 3
TCVM in Skybox Vulnerability Control Figure 2: Vulnerability Control s Prioritization Center dashboard showing an overview of risk by exploitability level (left) and a detailed view of sites containing vulnerabilities exploited in the wild (right) Figure 3: List of vulnerability occurrences detected in Skybox Vulnerability Control, showing contextualized risk scores, exposure, exploitability and other details 4
Enhanced Vulnerability and Threat Management from Skybox Skybox has offered context based vulnerability prioritization and management techniques since the first Skybox product in 2004. TCVM is the latest refinement of our approach, adding real time threat intelligence to Skybox s contextual analysis of vulnerabilities. Impact analysis quantifies the relationship between the vulnerability and the asset, reducing false positives and identifying vulnerabilities that are particularly risky on a specific asset Exposure analysis evaluates the relationship between the asset with a vulnerability and the infrastructure s defense in depth strategy to identify assets that are exposed to likely threat origins, producing a risk score Up to date exploitability values are derived from efforts of the Skybox Research Lab who examine a variety of resources and feeds including sites in the dark web Vulnerability density reveals hot spots where a large number of high priority vulnerabilities exist on a group of assets. These typically indicate an area where more remediation attention is needed Skybox s understanding the relationship between patches and vulnerabilities shows you not only which patches are available, but which patch will remediate the greatest number of vulnerabilities in your environment Skybox considers the age of a vulnerability in a network, as there is a direct correlation between the length of time a vulnerability exists in the network and the likelihood it will be exploited Skybox identifies which IPS signatures you should enable given the vulnerability occurrences in your environment About Skybox Security Skybox provides the industry s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world s largest organizations. REQUEST A DEMO www.skyboxsecurity.com info@skyboxsecurity.com +1 408 441 8060 Copyright 2018 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 03082018