Think Like an Attacker The Core Security Attack Intelligence Platform
Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An Alumni of SANS, Jackie has been very active with ISSA, serving as VP and Program Manager for over 5 years in Orange County. To increase attendance at ISSA meetings, she launched a recurring series of CISO Panels in Orange County and worked to improve meeting content to bring relevance and support membership drives. Jackie recently served as Program Manager for ISSA in San Diego to help increase attendance in that Chapter, bringing her concept of the CISO/Executive Panel format with her drive to drive attendance. Most recently, Jackie has worked with ISSA International in contributing her ideas for increasing attendance, putting on conferences and working with vendors.. As part of her current role at Core Security, Jackie hosts a series of thought leadership events including regular executive dinners to connect executives with their peers and provide them with opportunities to exchange ideas. 2
About CORE Security Leading provider of predictive security intelligence solutions Established: 1996, first commercial product: Core Impact 2001 Headquartered in Boston; engineering in Boston, Buenos Aires and India 1,600 customers, ~200 employees Segment leadership recognized by analysts, test labs Consistent award recognition from industry groups and media Diverse, experienced organization Experienced leadership Sophos, CA, Symantec, Seagate, IBM Active Customer Advisory Board and Core Customer Community Groundbreaking research & product development Leading edge consulting services brings field experience CoreLabs vulnerability research team world renowned High profile research community involvement Professional product and exploit development organization 6 patents approved / 7 pending Publish more than 200 exploits a year 3
CORE Security The Leading Provider of Predictive Security Intelligence Enterprise Class Security Intelligence Platform Identifies vulnerabilities and quantifies risk to critical assets on a continuous basis Commercial grade Penetration Testing Platform In depth, exploit based testing across web apps, network systems, end users & Wi Fi/mobile networks Premiere Support & Professional Services Organization Professional and consulting services, implementation, training and technical support Awards and Recognition 4
Assuring Effective Missions Objective: Utilize tools and techniques that enable efficient models of blue, grey, and red behavior (cyber and kinetic) to determine the correct course of action in the cyber domain Validate critical vulnerabilities to expedite remediation (reduce operational expenses by 50%+) Increase efficiency by pinpointing critical threats from amongst disparate data feeds Gain actionable information on the level of risk (helps CISO demonstrate business value) Demonstrate how security is enabling the organization to reach business goals Test security controls (only way to know if they are working is to test them) Determine if security investments are warranted by measuring their efficacy Scale security assessments via continuous monitoring (traditional testing does not scale) Expand scope, reach & frequency of testing without adding headcount or consulting Assess and analyze application vulnerabilities (improve SDLC processes) Reduce risk & save development $ by revealing web app. exposures before go live Test end users and endpoints (phish your end users, test security awareness program) Proactively address lapses in security awareness & reduce organizational threat surface Achieve comprehensive asset visibility (find and protect all critical assets) Reveal and track previously unknown systems and attack targets Understand your risk to prioritize remediation
Current State of Information Security Focused on detection and response Desire to reduce detection to response time through analytics Detect Analyze Respond 6
Proactive Security Mitigates Risk Lower Risk Profile Predict Remediate Proactive Detect Respond Reactive Mitigated Risk Higher Risk Profile 7
Are Your Critical Assets at Risk? Collect Remediate Nessus MVM IP360 Qualys Nexpose Etc. DATA Mountains of Data Thousands of Vulnerabilities No Relevance to Business The traditional solution is to try and patch everything. epo GRC SIEM Remediation IT/Network Ops Trustwave NTO App Scan Qualys Web Inspect Etc. 8
Are Your Critical Assets at Risk? Collect Analyze Remediate Nessus MVM IP360 Qualys Nexpose Etc. DATA Attack Intelligence Platform Consolidate security data Simulate attack paths Actionable Information epo GRC SIEM Prioritize business risk Validate vulnerabilities Remediation IT/Network Ops Trustwave NTO App Scan Qualys Web Inspect Etc. 9
Think Like an Attacker Identify attack paths to key business assets Protect against the most likely threats Simulate the behavior of an actual attacker Prioritize remediation (compensating controls, system patching, firewall, etc) Greater knowledge of the attacker Attacker behavior Spend less time reacting to incidents Predict Attack Intelligence Remediate 10
2 Attack Paths to Your Critical Assets Attack Point Web Application Server Vulnerable Database Pivot Point Print Server Critical Business Asset (Ex. credit card database) Further test and validate vulnerable systems on attack paths 11
Slide 11 2 Add text explaining how all systems are vulnerable here, but only the ones along the attack path matter. Todd Harris, 3/17/2014
Extensible Attack Intelligence Platform Information Gathering Network Discovery Vulnerability Scanning Phishing Risk Analysis Attack Simulation Threat Modeling Exploit Correlation Exploit Validation Attack Path Testing Penetration Testing Compliance & Reports Risk Reports Role based Reports Business Reports Compliance Reports Attack Paths Correlation Rules Critical Asset Risk Attack Intelligence Platform Integration Framework Service Desk Remediation Vulnerability data Asset data Event alerts VM GRC SIEM 12
Core Security Attack Intelligence Attack Intelligence Core Insight Extensible platform to identify attack paths to critical business assets Protect against the most likely threats based on what an attacker would do Core Impact Pro Commercial grade penetration testing solution In depth, exploit based testing across web apps, network systems, end users & Wi Fi/mobile networks Core Security Consulting Services Specialized security services Advanced penetration testing, PCI compliance testing, application security testing Core Security Attack Intelligence Platform 13
About Core Security Leading provider of Attack Intelligence solutions Established: 1996, first commercial product: Core Impact 2001 Headquartered in Boston; engineering in Boston and Buenos Aires 1,600 customers, ~200 employees 15 years of accumulated experience 12,000+ Exploits Attack Planner research since 2003 Groundbreaking research & product development Advanced security consulting services Core Labs vulnerability research team world renowned Professional product and exploit development organization 8 patents approved / 4 pending 14
Convergence of Markets Security Analytics Security & Vulnerability Management Network Security Management Security Analytics CORE Network & Firewall Configuration Management 15 Attack Intelligence
Be More Proactive with Attack Intelligence Fewer Incidents, Lower Risk Proactive Pre breach Reactive Post breach Threat Vulnerability Incident Lower Risk Profile Higher Risk Profile 16
Attack Intelligence Will Tell You Attackers figure out a complete attack path through the layers of security stitching together multiple weaknesses into a complete path to the sensitive data or app. Multi vector (net, web, user/client) Goals: What are most important processes/assets are the jewels of your business? Payments? Ability to deliver services? Prioritization: Knowledge of attack paths allows apply patch or compensating security controls at the best spot. 17
Thank You Jackie Kalter Core Security jkalter@coresecurity.com 18