2012-12-12 seminar mcafee risk management
DESCRIPTION
In de praktijk blijkt het vaak lastig te bepalen welke risico’s een organisatie loopt en wat daarvoor een passend beveiligingsniveau is. Deze kennis is echter wel noodzakelijk om de juiste maatregelen te nemen en effectief in informatiebeveiliging te investeren. Pinewood organiseerde op 12 december 2012 in samenwerking met McAfee een seminar die hierop inspeelde. Handige tools zoals Risk Management en McAfee Nitro (het SIEM product van McAfee) en de pragmatische aanpak van Pinewood bieden concrete handvatten en inzicht om tot een effectief informatiebeveiligingsbeleid te komen.TRANSCRIPT
Risk Management Fix what matters most….first
Drs. René Pieëte, CISSP
Senior SE Manager Northern Europe
December 12th , 2012
Current Threat Landscape
Playstation breach called one
of the largest ever; Sony
should have alerted customers
sooner, some say
TJ MAXX first large database
breach. 45 mln. credit card
records stolen.
Biggest breach so far, over
150 mln. credit card records
stolen.
Security leak in MySQL easy
to use. Huge amount of
exploits expected by security
experts. (CVE-2012-2122)
50% of EMEA healthcare
organizations unaware of
security threats
Mcdonald's and Walgreens:
email addresses, birth dates
stolen by hackers
Lockheed strengthens network
security after hacker attack
Hackers get Symantec anti-
virus source code
“TJ MAXX’s $1 billion
data breach”
The Need
Companies struggle to determine where to focus security efforts
Threats increasing at an alarming rate
97% of organizations lack visibility into risk posture
CURRENT APPROACH
to dealing with threats
MINUTES HOURS DAYS WEEKS
LOG FILES PHONE CALLS/EMAILS CONSOLES SPREADSHEETS
RISK AND COMPLIANCE
Holistic Approach
DIAGNOSE PROTECT MANAGE
HR
63 BPM
62 60 64 61
Risk & Compliance: Diagnose
DISCOVER ASSESS QUANTIFY RISK
Automatic asset discovery
Comprehensive and customized views
Uncover vulnerabilities
Audit configurations and policies
Real-time risk profile
Address highest risks to optimize protection and
minimize cost
Eliminate disruption to critical business apps
McAfee Vulnerability Manager
DIAGNOSE PROTECT MANAGE
MVM Web
MVM Database
Policy Auditor
MVM
• Agentless Vulnerability Scanner with the broadest checks of any in the
market (>40,000 and growing)
• Automatic asset discovery includes a dozen techniques to find everything
• Scalable to millions of IP addresses
• Detects over 437 operating system types
• False positives next to zero
• Credentialed, non-credentialed
• Open database allows unparalleled access to vulnerability data
• Integration with McAfee products and your applications via an open API
• Deployment options include appliance, software, virtual, and SaaS
MVM for Web Apps
DIAGNOSE PROTECT MANAGE
• Web Application Scanner fully integrated into MVM assets and workflow
• Web app discovery/crawl and map; sitemap report
• Scanning covers OWASP, PCI, CWE
• Capable of authenticating and scanning protected web applications
• Web scan configurations (entry URLs, exclude URLs, etc) and credential
sets
• Meaningful reports: request made, injection point, response given
• “Safe mode” scanning
Policy Auditor
MVM
MVM Database
MVM Web
MVM for Databases
DIAGNOSE PROTECT MANAGE
• Over 4,300 vulnerability checks
Patch levels, Weak passwords, Configuration baselining (CIS/STIG)
Backdoor detection, Sensitive data discovery (PII, SSN, etc)
Vulnerable PL/SQL code, Unused features, Custom checks
• Reports in countless formats according to stakeholders:
DBA, Developers, InfoSec, Audit
• Fully Managed from ePO
MVM Web
Policy Auditor
MVM
MVM Database
McAfee Policy Auditor
DIAGNOSE PROTECT MANAGE
Policy Auditor
Policy Auditor Patch
Status Dashboard
McAfee Policy Auditor
DIAGNOSE PROTECT MANAGE
• Agent based audit automation against regulations, standards, and best
practices
PCI, SOX, HIPAA, FISMA
ISO, COBIT
CIS, DISA, FDCC, STIG
• Broad Win/UNIX/Linux/Mac support
• Supports industry standard SCAP and supporting protocols
(CVE, CPE, CCE, OVAL, XCCDF, CVSS)
• Integration with MVM for agentless SCAP scanning
• PA Content Creater
• Gold system baselining
• ePO Integration
MVM Web
MVM
MVM Database
Policy Auditor
Risk & Compliance: Protect
ENFORCE DENY ACCESS CONTROL
Enforce policies
Real-time change monitoring
Prevent compliance drift by enforcing policies and
configurations
Deny unauthorized access Dynamic Application Whitelisting
Zero-day protection
Protection for embedded systems
Increase control and visibility
Improve system integrity, availability and performance
Reduce operating expense
McAfee Application Control
DIAGNOSE PROTECT MANAGE
Change Control
Application
Control
Database Activity
Monitoring
• Dynamic Whitelisting prevents unauthorized applications from
running
Application attempts to launch
Could be an executable or OS component
MAC verifies binary code from Whitelist
If not in Whitelist, then program is not launched
Attempt is logged for alerts and auditing
• Memory Protection (three different types) protects against known
and unknown buffer overflow attacks
• Image deviation allows customers to compare their deployed
images to a desired standard image with on-demand reporting.
McAfee Change Control
DIAGNOSE PROTECT MANAGE
• Integrity Monitoring alerts on critical and unauthorized changes
• File Integrity Monitoring provides real-time tracking across
Win/UNIX/Linux
• Change Reconciliation tracks changes to their corresponding
Change Requests within Remedy
• Change Prevention selectively prevents out-of-policy changes
and logs any attempted out-of-policy change
Change Control
Application
Control
Database Activity
Monitoring
McAfee Database Activity Monitoring
DIAGNOSE PROTECT MANAGE
• “Inside Out” protection leveraging unique memory-based, read-only sensor in memory
• Just another process at OS level
• No kernel changes or reboots
• No database packages or scripts
• High performance, zero latency
• Full segregation of duties and audit trails
DBA, sysadmins, InfoSec
• Optimized for Virtualization & Cloud
Memory-based monitoring sees VM-to-VM traffic
Agent-based model supports distributed /cloud environments
• Virtual Patching (vPatch) protects against known and unknown attacks without downtime
or code changes until you can patch
Change Control
Application
Control
Database Activity
Monitoring
McAfee Risk Advisor
DIAGNOSE PROTECT MANAGE
• Correlates vulnerabilities, global threat data, and countermeasures
• Improves security effectiveness using risk scores and ROI of deployed security products
• Enables risk-based approach to critical patching decisions
• Fully customizable IT Risk Dashboards
• Rule driven alerts
• “What If” Analysis for new countermeasures
MAC
NSP
HIPS
AV
Vulnerabilities Configuration Patch level Applications
Threat feed
Stuxnet
Aurora
Conficker
001 100 110 010011 100 1001 100110 11 1 110 10 010011
010011 100 1001 100110 11 100 1 110 10 010011 001 100 110
11 001 100 010011 100 10010001 100110 11 1 110 10 110
HIGH LOW
System State
COUNTERMEASURE AWARE
Risk Management
Countermeasures
McAfee Risk Advisor
GTI
Critical systems
