vulnerability management: what you need to know to prioritize risk

20

Upload: alienvault

Post on 14-Dec-2014

370 views

Category:

Technology


1 download

DESCRIPTION

Abstract: While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security. Join AlienVault for this session to learn: *The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated *Vulnerability scores and how to interpret them *Best practices for prioritizing vulnerability remediation *How threat intelligence can help you pinpoint the vulnerabilities that matter
 most

TRANSCRIPT

Page 1: Vulnerability Management: What You Need to Know to Prioritize Risk
Page 2: Vulnerability Management: What You Need to Know to Prioritize Risk

Vulnerability scansVulnerability scores Vulnerability remediationThreat intelligenceUSM demoQ&A

Agenda

Page 3: Vulnerability Management: What You Need to Know to Prioritize Risk

Unified Security Management

Threat DetectionIncident ResponsePolicy Compliance

About AlienVault

Page 4: Vulnerability Management: What You Need to Know to Prioritize Risk

Vulnerabilities by Vendor – 2013

Yeah, It’s Bad

Source: http://www.gfi.com/blog/report-most-vulnerable-operating-systems-and-applications-in-2013/

Page 5: Vulnerability Management: What You Need to Know to Prioritize Risk

But It’s Always Been Bad

Source: Symantec Internet Security Threat Report - 2013

Page 6: Vulnerability Management: What You Need to Know to Prioritize Risk

Nothing Goes Away…Ever

Source: Symantec Internet Security Threat Report - 2013

Page 7: Vulnerability Management: What You Need to Know to Prioritize Risk

Too many compromises due to:• Unknown systems• Unknown data • Unpatched vulns

Need a process to determine what to patch, work around, or live with

The Need for Vulnerability Management

Page 8: Vulnerability Management: What You Need to Know to Prioritize Risk

Vulnerability Management Lifecycle

Assess

Prioritize

Remediate

Mitigate

Monitor

Page 9: Vulnerability Management: What You Need to Know to Prioritize Risk

How many of you have an active Vulnerability Management program?YesNoDon’t Know

Poll #1

Page 10: Vulnerability Management: What You Need to Know to Prioritize Risk

For those who said No, what is keeping you from deploying a Vulnerability Management program?ToolsStaff timeStaff training I’m protected by UTM / NGFW / IPS /

Advanced Antimalware …Don’t know

Poll #2

Page 11: Vulnerability Management: What You Need to Know to Prioritize Risk

“There's a trend underway in the information security field to shift from a prevention mentality to a focus on rapid

detection”

“Your detection & response capabilities are more important than blocking &

prevention”

Detection is the New Black

Page 12: Vulnerability Management: What You Need to Know to Prioritize Risk

Passive/Continuous: Monitors network trafficActive: Sends data to devices to generate a responseCredential: Logs on to individual systems Agent: Dedicated agent installed on subset of devices

Assessment ScansCombination of Techniques is Ideal

Benefits: Visibility, Assets Values, Grouping

Page 13: Vulnerability Management: What You Need to Know to Prioritize Risk

CVSS: Common Vulnerability Scoring System

• Base Metric Score from 0-10- 7.0 - 10.0 = High- 4.0 - 6.9 = Medium- 0 - 3.9 = Low- Average = 6.8

Vulnerability Prioritization

Sources: www.first.org/cvss www.cvedetails.com

Page 14: Vulnerability Management: What You Need to Know to Prioritize Risk

Other software installed on these systems?What systems communicate with these systems?What traffic do these vulnerable hosts generate?

Are these systems targeted by malicious hosts?Have these systems generated any alarms previously?Is there a patch or workaround available?

Prioritizing Remediation & Mitigation

Understanding the Context

Page 15: Vulnerability Management: What You Need to Know to Prioritize Risk

Correlation is Essential• Correlate asset information with vulnerability

data and threat data • Correlate IDS alarms with vulnerabilities

- Is the host being attacked actually vulnerable to the exploit attempt?

Threat Intelligence• Threat landscape is constantly changing• Tools need to keep pace

Threat Correlation & Intelligence

Risk = Assets x Vulnerabilities x Threats

Page 16: Vulnerability Management: What You Need to Know to Prioritize Risk

Limitations of Vulnerability Management• Can’t patch everything at once• Patch ≠ No Compromise

- Focused, patient attacker will get in• BYOD = No patch • Zero-day = No patch• Do the names Edward Snowden or

Bradley Manning ring a bell?

No Silver Bullet

Page 17: Vulnerability Management: What You Need to Know to Prioritize Risk

1. Think like an attacker• They may not be after your data

2. It all starts with the network• Regular network assessment scans are

essential3. Unify & automate security controls

• You can’t keep up with the data4. Use threat intelligence to prioritize

remediation• Only way to keep up with changing landscape

5. Remember it is an ongoing process• It does not end with a checkbox

5 Tips

Page 18: Vulnerability Management: What You Need to Know to Prioritize Risk

Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software

Inventory

Vulnerability Assessment• Network Vulnerability Testing• Remediation Verification

Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring

Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability

MonitoringSecurity Intelligence• SIEM Event Correlation• Incident Response

Our Approach

Page 19: Vulnerability Management: What You Need to Know to Prioritize Risk

Threat Intelligence Powered by Open Collaboration

OTX + AlienVault Labs

Page 20: Vulnerability Management: What You Need to Know to Prioritize Risk

USM Demo

Tom D’Aquino VP Worldwide Systems Engineering