greenbone vulnerability assessment - networkshop44

15
Greenbone vulnerability assessment Dirk Schrader

Upload: jisc

Post on 19-Jan-2017

1.132 views

Category:

Education


1 download

TRANSCRIPT

Page 1: Greenbone vulnerability assessment  - Networkshop44

Greenbone vulnerability assessment

Dirk Schrader

Page 2: Greenbone vulnerability assessment  - Networkshop44

what‘s bad on your network:tackling it withVulnerability Management

Dirk SchraderUniversity of Manchester; March 24th, 201609:45 – 10:15, Theatre A

Page 3: Greenbone vulnerability assessment  - Networkshop44

Introduction• Greenbone Networks• Develops Vulnerability

Management Solutions since 2004• Open Source and Transparency• Your data is your data:

NO CLOUD• German

• Dirk Schrader

• CISSP (by ISC2) in good standing

• CISM (by ISACA)in progress• 20+ years in IT Sec

• German, too

www.greenbone.net

Page 4: Greenbone vulnerability assessment  - Networkshop44

What should be considered as ‚bad‘?

www.greenbone.net

Susceptibility Accessibility

Capability

Anything which is susceptible to misuse and accessible by an adversary with sufficient capabilities.That can be:

• Software flaws• Defaults or misconfigurations• Unauthorized or

unsuspected installations• Compliance deviation

or Non-Compliance• Policy deviation or violation

Page 5: Greenbone vulnerability assessment  - Networkshop44

Start with a different perspective, ..

www.greenbone.net

Processes, Policies& Awareness

Physical

Perimeter

Network

Host & OS

Application

Data

Authentication

NG Firewall

N-IDPS

H-IDPS

AV-System

SIEM / ISMS

VulnerabilityManagement

insid

e –

ou

t

view

outside – in view

Page 6: Greenbone vulnerability assessment  - Networkshop44

.. then prepare,• Define secure configurations• Whitelist systems and

applications• Map to security controls

• Still, if none is there:start simple, enhance stepwise

www.greenbone.net

Policies

Compliance

Guidelines

Page 7: Greenbone vulnerability assessment  - Networkshop44

.. identify,• Import and/or discover

assets• Scan assets• Scan them authenticated

• CPE information is vital

www.greenbone.net

Page 8: Greenbone vulnerability assessment  - Networkshop44

.. classify,• use CVSS, CVE, and CPE• enhance with add SecInfo

• most important, tag with Asset Criticality info

www.greenbone.net

Page 9: Greenbone vulnerability assessment  - Networkshop44

.. prioritize,• based on Score, Quality of Detection,

and available Solution Type• adding Asset Criticality Information

• Attack status confirms

www.greenbone.net

Page 10: Greenbone vulnerability assessment  - Networkshop44

.. assign,• use Reports, Alerts, or a Ticket

System• based on Knowlegde,

Experience, and Role

• track and trace assignment

www.greenbone.net

Page 11: Greenbone vulnerability assessment  - Networkshop44

.. mitigate and remediate,• patch and/or upgrade• block and/or isolate• work around

• override is also a temporary option

www.greenbone.net

Page 12: Greenbone vulnerability assessment  - Networkshop44

.. store and repeat,..• predict and trend assets• handle changes in infrastructure• time-stamped data supports Forensics

• average of 40 high severity flawspublished per week• 24h/48h ‚Window of Vulnerability‘

www.greenbone.net

Page 13: Greenbone vulnerability assessment  - Networkshop44

.. and improve!• Eases implementation of Updates

and Changes to Policies,Guidelines, and Compliance• Meaningful KPIs for the IT Security

documented• The number of vulnerabilities over time is

not meaningful• But the time needed to mediate/mitigate

(reduced by..)• The time needed to identify

(faster by x)• Fail/pass ratio of adherence to policy,

compliance (increased by ..)

www.greenbone.net

Page 14: Greenbone vulnerability assessment  - Networkshop44

the process of Vulnerability Management

www.greenbone.net

prepare

identify classify

prioritize

assign

mitigate &remediate

store &repeat

improve

Page 15: Greenbone vulnerability assessment  - Networkshop44

•Thank you,•ready for questions ?!