5 steps to reduce your window of vulnerability
TRANSCRIPT
Michelle CobbVice President, Worldwide Marketing
Best Practices for Reducing Your Attack Surface: 5 Steps to Shrinking Your Window of Vulnerability
© 2015 Skybox Security Inc.
There Are No Silver Bullets in Security
96% of breaches avoidable through standard controls1
© 2015 Skybox Security Inc.
SANS 20 Critical Security Controls
1: Inventory of Devices
2: Inventory of Software
3: Secure Configurations for Hardware and Software on Computers
4: Continuous Vulnerability Assessment and Remediation
5: Malware Defenses
6: Application Software Security
7: Wireless Access Control
8: Data Recovery Capability
9: Security Skills Assessment and Training
10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
11: Limitation and Control of Network Ports, Protocols, and Services
12: Controlled Use of Administrative Privileges
13: Boundary Defense
14: Maintenance, Monitoring, and Analysis of Audit Logs
15: Control Access Based on Need to Know
16: Account Monitoring and Control
17: Data Protection
18: Incident Response and Management
19: Secure Network Engineering
20: Penetration Testing
© 2015 Skybox Security Inc.
Step 1: Increase Your Understanding of Your Attack Surface
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
- Sun Tzu, The Art of War
Sans Critical Controls1: Inventory of Devices 2: Inventory of Software
© 2015 Skybox Security Inc.
Your Attack Surface Has Many Layers
© 2015 Skybox Security Inc.
Your Attack Surface Has Many Layers
Security ControlsFirewalls
IPSVPNs
© 2015 Skybox Security Inc.
Your Attack Surface Has Many Layers
Security ControlsFirewalls
IPSVPNs
Network TopologyRouters
Load BalancersSwitches
© 2015 Skybox Security Inc.
Your Attack Surface Has Many Layers
Security ControlsFirewalls
IPSVPNs
Network TopologyRouters
Load BalancersSwitches
AssetsServers
WorkstationsNetworks
© 2015 Skybox Security Inc.
Your Attack Surface Has Many Layers
Security ControlsFirewalls
IPSVPNs
Network TopologyRouters
Load BalancersSwitches
AssetsServers
WorkstationsNetworks
VulnerabilitiesLocationCriticality
© 2015 Skybox Security Inc.
Your Attack Surface Has Many Layers
Security ControlsFirewalls
IPSVPNs
Network TopologyRouters
Load BalancersSwitches
AssetsServers
WorkstationsNetworks
VulnerabilitiesLocationCriticality
ThreatsHackersInsidersWorms
© 2015 Skybox Security Inc.
Provide a Straight-Forward Representation
192.170.33.1Prod FW
192.169.1.1Main FW
200.160.1.3Partner 1 FW
200.160.3.0 / 24Partner 1 VPN
192.170.1.65Finance FW
192.170.1.64IPS
192.170.8.1Main Router
192.170.8.4Core Router
192.170.27.1Core Router
192.170.27.254BigIP Load Balancer
200.160.1.0 / 24Partner 1
0.0.0.0 / 0Internet
200.160.2.0 / 24Partner 2
192.170.34.0 / 24db
192.170.33.0 / 24dmz
192.170.35.0 / 24app0
192.170.36.0 / 24app1
192.170.8.0 / 24Backbone
192.169.1.0 / 28GatewayEastA
192.170.1.64 / 28GatewayNorth
192.170.1.80 / 28GatewaySouth
192.170.25.0 / 24financeWindows
192.170.27.0 / 24financeServers
192.170.26.0 / 24financeUnix
Automatically created and maintained, interactive, normalized model of your network
© 2015 Skybox Security Inc.
It Might Not be as Easy as You Think
© 2015 Skybox Security Inc.
Step 2: Evaluate Critical Threats to Your Network
Sans Critical Controls20: Penetration Testing
© 2015 Skybox Security Inc.
Penetration testing– True test of network
security– Performed infrequently at
preplanned time
Vulnerability scanning– Detect vulnerabilities on a
regular basis– Lack network context
Traditional Means Are a Good Start
© 2015 Skybox Security Inc.
Virtual Penetration Testing
© 2015 Skybox Security Inc.
VulnerabilitiesCVE 2014-0160CVE 2014-0515CVE 2014-1776
Virtual Penetration Testing
© 2015 Skybox Security Inc.
Internet Hacker
Compromised Partner
Rogue AdminVulnerabilitiesCVE 2014-0160CVE 2014-0515CVE 2014-1776
Virtual Penetration Testing
© 2015 Skybox Security Inc.
Internet Hacker
Compromised Partner
Attack Vectors
Rogue AdminVulnerabilitiesCVE 2014-0160CVE 2014-0515CVE 2014-1776
Virtual Penetration Testing
© 2015 Skybox Security Inc.
Poll Question
Is your organization still dealing with the Heartbleed vulnerability? – Yes– No
© 2015 Skybox Security Inc.
Step 3: Stay on Top of New Threats
2
Sans Critical Controls4: Continuous Vulnerability Assessment and Remediation
© 2015 Skybox Security Inc.
The Media is Playing a Role in Your Security
Heartbleed, POODLE, Schannel, and Sandworm were all observed being
exploited within a month of CVE publication date3
© 2015 Skybox Security Inc.
Everyone Needs to Know the Answer Faster4
1. Scan more
2. Scan differently
© 2015 Skybox Security Inc.
Scanless Vulnerability Detection:Identify Vulnerabilities Without a Scan
Vulnerability Deduction
Product Catalog(CPE)
OS version & patch levelApplication versions
Vulnerability List
(CVE)
VulnerabilityDatabase
Prod
uct P
rofil
ing
Asset / PatchManagement
NetworkingDevices
Active Scanner
© 2015 Skybox Security Inc.
Determine Impact of a New Threat in Hours
Typical scanner Analytical Scan
250 hosts/hour
100,000host/hour
© 2015 Skybox Security Inc.
Poll Question
How mature is your process for maintaining effective security controls (firewalls, IPSs, patching vulnerabilities)– We have a formal document and audited process to which we
strictly adhere– We have an undocumented informal process– Process? Huh?
© 2015 Skybox Security Inc.
Step 4: Close Network Device Security Gaps
Sans Critical Controls10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
© 2015 Skybox Security Inc.
Step 4: Close Network Device Security Gaps
© 2015 Skybox Security Inc.
Monitor Firewalls and Network Devices for Security Gaps
Complete visibility of– Hosts, devices, zones– Firewall rules (ACLs)– Routing, NAT, VPN
Analysis– Risky access paths– Access policy compliance– Rule usage– Platform configuration
Firewall allows port open from the internet
© 2015 Skybox Security Inc.
Improved Success Through Automation
Old Process Automated Solution
Full firewall analysis 2 - 4 days Less than 1 hour
Per change analysis speed 2 hours 5 minutes
Analysis accuracy 70% 99%
Compliance audits Annual, and VERY stressful
Daily or on-demand, automated, easy
Employee burnout Measured in weeks! None
Window of exposure Days/months Minutes/hoursCompliance process
costs Expensive 80%+ reduction
© 2015 Skybox Security Inc.
Identify Critical Unremediated Vulnerabilities
99.9% of the exploited vulnerabilities were compromised more than a year after the CVE was published 3
Top Ten Most Exploited
1. CVE-2002-00122. CVE-2002-00133. CVE-1999-05174. CVE-2001-05405. CVE-2014-35666. CVE-2012-01527. CVE-2001-06808. CVE-2002-10549. CVE-2002-193110. CVE-2002-1932
Mitigation Options
• Patching• Removal• Configuration• IPS• Firewall rules
© 2015 Skybox Security Inc.
Step 5: Assess Risk of Planned ChangesChange Management - Optimize Workflow
Technical Details
Change Request
Risk Assessment
Change Implementation
Reconcile and Verify
Automate the change management process
Monitor changes Assess risk before change
is made Identify devices involvedDeliver access path
information immediatelyHandle exceptionsReconcile changes
© 2015 Skybox Security Inc.
Skybox Product Portfolio
Skybox Platform• Network model, security context,
visualization, predictive analytics, workflow, reporting, dashboards, API
• Vulnerability and threat intelligence
Solutions• Vulnerability & Threat Management
• Vulnerability assessment and prioritization• Threat impact analysis
• Security Policy Management– Firewall assessment and optimization– Network compliance monitoring– Network change management
Scalable, Context-Aware, Automated, Actionable
© 2015 Skybox Security Inc. 33
Financial Services Technology HealthcareGovernment
& Defense ConsumerService Providers
Energy & Utilities
Global 2000 Organizations Worldwide Choose Skybox Security
© 2015 Skybox Security Inc.
Use CaseVulnerability and Patch Management
• 26 countries
• 46 regulations
• 100,000+ vulnerabilities• 1,000+ changes per day
Business Challenge
Skybox Solution
Network Assurance and Vulnerability Control Map and analyze infrastructure in minutes Patch critical vulnerabilities in 1 day Reduce risk exposure
Fragmented vulnerability and patch process Lack continuous monitoring and analysis
© 2015 Skybox Security Inc.
Use CaseFirewall Management and Compliance
Business Challenge
Skybox Solution
Maintain continuous firewall compliance Reduce compliance costs 70 firewalls, 40,000 active firewall rules Manual firewall management, weeks to analyze
Firewall Assurance Achieved daily compliance with ISO27001, SOX 20% productivity gain – security diagnosis in minutes Easy implementation of rule changes
© 2015 Skybox Security Inc.
Summary
1. Increase your understanding of your attack surface– Achieve a holistic understanding of your network
2. Evaluate critical threats to your network– Perform regular analysis to help prioritization
3. Stay on top of new threats– Use methods of quick detection
4. Close network device security gaps– Buy yourself time for future threats
5. Assess risk of proposed changes– Don’t introduce future problems
© 2015 Skybox Security Inc. 37
Questions?
www.skyboxsecurity.com
© 2015 Skybox Security Inc. 38
References
1. Best Practices for Reducing Your Attack Surface
2. 2015 Skybox Enterprise Vulnerability Management Trends Report
3. Best Practices for Vulnerability Management
4. 2015 Verizon Data Breech Investigations Report