RiskSense Attack Surface Validation for IoT Systems

Similar documents
RiskSense Attack Surface Validation for Web Applications

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Trustwave Managed Security Testing

Vulnerability Assessments and Penetration Testing

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Election System Security Under Scrutiny

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Protect Your Organization from Cyber Attacks

Vulnerability Management

Security Solutions. Overview. Business Needs

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA NetWitness Suite Respond in Minutes, Not Months

align security instill confidence

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

TRUE SECURITY-AS-A-SERVICE

8 Must Have. Features for Risk-Based Vulnerability Management and More

CYBER RESILIENCE & INCIDENT RESPONSE

RSA INCIDENT RESPONSE SERVICES

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

WHITE PAPER. The New Enterprise Security Model: Intelligent, Risk-Based Vulnerability Prioritization and Management

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

RSA INCIDENT RESPONSE SERVICES

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Cyber Security For Business

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Symantec Security Monitoring Services

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Chapter 5: Vulnerability Analysis

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

CYBER SOLUTIONS & THREAT INTELLIGENCE

Integrated, Intelligence driven Cyber Threat Hunting

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

SIEMLESS THREAT DETECTION FOR AWS

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Cylance Axiom Alliances Program

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

ForeScout Extended Module for Splunk

CyberArk Privileged Threat Analytics

Continuous Monitoring and Incident Response

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Automating the Top 20 CIS Critical Security Controls

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

IoT & SCADA Cyber Security Services

K12 Cybersecurity Roadmap

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

INTELLIGENCE DRIVEN GRC FOR SECURITY

MITIGATE CYBER ATTACK RISK

SIEMLESS THREAT MANAGEMENT

deep (i) the most advanced solution for managed security services

Machine-Based Penetration Testing

Choosing the Right Security Assessment

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

Risk Informed Cyber Security for Nuclear Power Plants

empow s Security Platform The SIEM that Gives SIEM a Good Name

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

CYBERSECURITY MATURITY ASSESSMENT

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Machine-Based Penetration Testing

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The New Era of Cognitive Security

MIS Week 9 Host Hardening

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Space Cyber: An Aerospace Perspective

An ICS Whitepaper Choosing the Right Security Assessment

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Building Resilience in a Digital Enterprise

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

The Perfect Storm Cyber RDT&E

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Best Practices in Securing a Multicloud World

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

A Common Cyber Threat Framework: A Foundation for Communication

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Threat Hunting in Modern Networks. David Biser

Transcription:

RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc.

Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing value in the way we used to select providers since we are now driving business growth through IoT projects. We needed to move beyond a typical assessment to one that challenged my development team from code review to creating exploits. Industrial Manufacturer creating IoT solutions. There are too many elements in the IoT systems today that can expose business and the ecosystem of users or entities that they touch. These systems may change frequently or are designed for decades of use, like connected building technologies. Before launching this new initiative, our customer needed to know the most likely attack scenarios and help them define priorities for remediation. RiskSense analysts provided the thoroughness and rigor that they hadn t experienced with other providers. They appreciated the modern way RiskSense delivered findings as they were found. Under pressure to get to market, they were able to keep their timelines and address vulnerabilities they had not considered in the design process. Assessment reports quickly lose value, however the RiskSense Security Score and active findings within the RiskSense platform were referenced helping the team to continuously improve their process and design. The RiskSense Attack Surface Validation for Internet of Things (IoT) Systems provides discovery of exposure for organizations delivering and incorporating IoT into their business operations. Going beyond the penetration testing IoT devices themselves, RiskSense thoroughly reviews the development, code, environments, and processes used from end-to-end. Our security experts have the deepest knowledge and experience with IoT systems. Interconnected networks, vendors, platforms, programmable interfaces, and protocols, all contribute to vulnerabilities within an IoT system creating double exposure business risk. RiskSense Attack Surface Validation for IoT systems and manufacturers covers interconnected vulnerability insight for: Connected Operations where operational technology and Information technology domains now cross-over for near-zero downtime efficiency with integrated supply chain partners Remote Operations asset management, logistic and quality tracking, update and control of devices in the field and on the move, open to network impacts or physical tampering Predictive Maintenance enhanced services for remote high-value equipment, integrated building technologies, and widely deployed connected control devices Analytics and Telemetry data-driven business innovations Unlike others, RiskSense does not take months to deliver results. Engage with our experts as they progress through the phases of their assessment. As vulnerabilities are found our team discloses the details and priorities for remediation through our easy to access platform. They also ensure that you have the details to reproduce the vulnerabilities and understand the scope of risk exposure. The RiskSense Attack Surface Validation for IoT Systems provides: Identification of vulnerabilities and the various paths and tactics that could be used by adversaries to compromise or subvert Threat intelligence mining to elevate the most likely attack scenarios Penetration testing to verify vulnerabilities, elimination of false-positives through automated testing and manual expert-driven investigations Immediate access to findings as they become available. All relevant documentation, including automated and manual scanning details and technical configuration information is delivered through the RiskSense platform Recommendations for the remediation of identified security gaps and vulnerabilities Executive level reports that provide an overall exposure health score, very much like a credit score, that can be used to benchmark improvements over multiple engagements as major changes or updates are developed Page 1

Methodology RiskSense performs attack surface validation for IoT systems for organizations ranging from specialized manufacturers to Fortune 500 corporations. The RiskSense attack surface methodology is continuously updated to align with the latest industry information and attack trends. Our methodology is comprised of five distinct phases: 1. Information Gathering Data Aggregation Threat Correlation Exploit Documentation Infiltration Vector Lateral Kill Chain Vulnerability Prioritization Remediation Playbooks Cyber Risk Quantification 4. Attack Validation Device Documentation Source Code Web Interface Network Architecture Network IP Addresses 2. Usage Patterns 5. Reporting Exploit Development Vulnerability Exploitation Attack Vectors Code Execution Data Injection and Manipulation Data Exfiltration Phase 1: Information Gathering: Analysts perform in-depth information gathering to obtain a holistic view of the IoT system. This includes, but is not limited to, the following elements: policies and procedures, source code, design specifications, network architecture, web application interfaces, and ranges of IP addresses and device environments. Phase 2: Usage Patterns: Analysts design tests to demonstrate and then alter intended functionality and usage of the target systems. The following is done during this phase: Part I: Analysts will simulate intended and normal functionality of the IoT system for observations Part II: Detailed packet capture, while simulating intended functionality, is used to observe the normal communication paths and baseline behavior Part III: Fuzz Testing, a software technique to discover coding errors and security vulnerabilities is initiated. Unusual data formats, volume, and other unexpected scenarios are used to make the system perform in unintended ways Phase 3: Attack Surface Enumeration: RiskSense analysts will enumerate the attack surface of the devices, software, and networks utilized in the IoT system. Simulate Intended Functionality of Test Device Packet Capture Normal Communication Paths Perform Fuzz Testing Software Attack Surface Web Application User Interfaces Access Controls URL Crawling/Spidering Business Logic Identification Identification of Input Vectors and Reflection 3. Attack Surface Enumeration Network Attack Surface Target IP Address Operating System Versions Ports, Protocols, Services Device: Operating system, ports, protocols, services, and channels and specific design and architectural elements Software: The software environment, interfaces, web applications, and tools available to authorized users that may be used to perform intended and unintended functions within the IoT environment Network: The environment and communication with accessible routers, switches, servers, laptops, and other communicating or controlling entities Phase 4: Attack Validation: Information collected from the previous phases are used in developing exploits and penetration tests. From configuration review and source code analysis tests are created with an adversarial intent to gain unauthorized access or control within the IoT system. Target elements will be tested for privilege escalation with analysts who try to escalate access levels through the identification of misconfigurations, missing critical patches, and weak security processes. They will attempt to perform a lateral attack and gain access to sensitive data, re-direct control, and other risks that can be harmful. The deepest possible analysis is conducted, utilizing publicly available tools coupled with RiskSense innovations, to identify as many vulnerabilities as possible. Page 2

Phase 5: Reporting: All evidence from the previous testing phases in the form of screenshots, requests, responses, and commands used are collected and made available. Findings report details the exploited vulnerabilities, their severity and recommendations for remediation. Enhanced Value with Modern Delivery of Results RiskSense Attack Surface Validation for IoT Systems leverages the RiskSense platform as a key component of the service and value we provide to clients. The experience allows clients to begin to take remediation steps even before the full assessment has been completed. It s recommended for IoT manufacturers, or soon to launch IoT initiatives within corporations, to have this service performed during the quality assurance cycle allowing time to take actions to mitigate cyber risk exposure. As with other assessments a yearly review or reassessment when major architectural changes occur should be performed. Our clients benefit from the standardized risk profile security score, allowing them to baseline and measure improvements upon subsequent Attack Validation services. A Clinical Analysis Results from the Attack Surface Enumeration and Validation are delivered through the RiskSense platform, customers see the progression and depth of coverage this service provides. Findings and associated data are passed into the platform, quickly identifying all of the relevant vulnerabilities with risk ranking and remediation recommendations. Our clients receive their IoT System Security Posture Report through the platform allowing them to produce.pdf reports on demand, but also on specific focus areas. Page 3

About RiskSense RiskSense, Inc. provides vulnerability prioritization and management to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world s most dangerous cyber adversaries. As part of a team that collaborated with the U.S. Department of Defense and U.S. Intelligence Community, RiskSense founders developed Computational Analysis of Cyber Terrorism against the U.S. (CACTUS), Support Vectors Intrusion Detection, Behavior Risk Analysis of Vicious Executables (BRAVE), and the Strike Team Program. RiskSense Platform the industry s most comprehensive, risk-based vulnerability prioritization and management platform. Contact us today to learn more about risksense RiskSense, Inc. +1 844.234.RISK +1 505.217.9422 www@risksense.com CONTACT US SCHEDULE A DEMO READ OUR BLOG SB_RSASVIoTSystems_10192018

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback