Upload
skybox-security
View
323
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Speaker: Gidi Chen, CEO & Founder Skybox Security Infosec Europe 2013 In order to effectively reduce the risks of cyber-attacks, comply with continuous monitoring requirements, and provide visibility to executives, organizations need to manage their vulnerabilities and associated risks on an on-going basis. This is required in order to match or exceed the daily rate of attacks. Why bother to assess your risks every 90 days, if you are attacked daily, given your frequently changed infrastructure? The session will tackle next-generation vulnerability management strategies and best practices to: ensure that vulnerability data is current and accurate; prioritize based on risk to the business; develop a remediation strategy that works and make vulnerability management an essential part of daily change management processes. • Understand how to link vulnerability discovery, risk-based prioritization, and remediation activities to effectively mitigate risks • Have real-world examples of organizations that implemented vulnerability management best practices to effectively and measurably reduce risk • Be armed with pragmatic steps to implement next-generation vulnerability management to eliminate risks and prevent cyber attacks
Citation preview
Gidi Cohen
CEO and Founder, Skybox Security
Infosec London, April 2013
Best Practices for Next-Generation
Vulnerability Management
© 2013 Skybox Security Inc. 2
Skybox Security Overview
Predictive risk analytics for best decision support
Complete visibility of network and risks
Designed for continuous, scalable operations
Leader in Proactive Security Risk Management
Proven Effective in Complex Network Environments
© 2013 Skybox Security Inc. 3
Vulnerability Management is Not Dead
… It Is Just Not Working
Risks Levels Keep Rising
Compliance, continuous monitoring
Proliferation of mobile, cloud
Protect against financial loss due
to cybercrime
Deal with advanced
threats, targeted attacks
Need to secure new services
and users
© 2013 Skybox Security Inc. 4
Is Your Vulnerability Management Program
Keeping Pace?
Then
Now
Find Analyze Fix
© 2013 Skybox Security Inc. 5
2012 Survey Highlights the Vulnerability
Discovery Gap
0
50
100
150
200
250
300
350
60% 70% 80% 90%
Fre
quency c
ycle
s /
year
% of Network Scanned
How often do you scan? How much coverage?
Critical systems, DMZ
Scan every 30 days
50-75% of hosts
To keep pace with threats?
Daily updates
90%+ hosts
?
© 2013 Skybox Security Inc. 6
We just don’t need to scan more
Unable to gain credentialed access to scanportions of the network
The cost of licenses is prohibitive
Some hosts are not scannable due to their use
We don't have the resources to deal withbroader patching activity
We don’t have the resources to analyze more frequent scan data
We are concerned about disruptions fromscanning 59%
58%
41%
34%
29%
12%
5%
Reasons that respondents don’t scan more often
Disruptive, Inaccurate Picture of Risk
Challenges with Traditional Scan Approach
© 2013 Skybox Security Inc. 7
All vulnerabilities in environment
30,000
Identified by scanner
50-75%
Naïve Analysis Results in Costly and
Ineffective Remediation
Attack vectors
using
exploitable
vulnerabilities
Patch/Fix Unneeded
patching
© 2013 Skybox Security Inc. 8
Now
First Generation Vulnerability Management
Processes Are No Longer Effective
30-60 days to scan
and catalog 75% of
vulnerabilities
2-4 weeks to
analyse, and still
get it wrong
60 days to patch,
£ 200,000 per year
Cycle Time: Typically 2-4 months
New vulnerabilities, threats, changes: Hundreds per day
Result: Risk level never reduced
Find Analyze Fix
Big Disconnect …
© 2013 Skybox Security Inc. 9
Self-Test:
What are Your VM Program Challenges?
Discover Analyse and
Prioritise Mitigate
How often is
vulnerability data
collected?
How much of the
network is covered?
Is scanning disruptive
to the business?
Are you able to find
alternatives to
patching?
Do you prioritise
by possible
business
impact?
Are you
considering the
network context?
Is risk level
increasing or
decreasing
over time?
Continuous, Automated, Scalable?
© 2013 Skybox Security Inc. 10
Discover Analyse and
Prioritise Mitigate
Introduction to
Next Generation Vulnerability Management
Non-disruptive
discovery
Scalable
Automated analysis
Risk-based
prioritisation
Using network and
security context
Actionable
Optimal
Easy to track
Scalable Program to Address Critical Vulnerabilities
Continuously and Efficiently
© 2013 Skybox Security Inc. 11
Vulnerability Discovery:
Use the Right Approach for Your Network
Asset Data
Patch Data
Threat Intel.
Active Scanning Non-disruptive
Scan-less Detection
Continuous identification
Relevant vulnerabilities
Infrequent scanning
Large number of vulnerabilities
© 2013 Skybox Security Inc. 12
All vulnerabilities in environment
30,000
Identified vulnerabilities
90+%
Automated Analysis – Attack Surface,
Exploitable Attack Vectors, Risks
Prioritise by
potential
impact Attack
Surface
Patch/
Fix
Efficient
remediation
© 2013 Skybox Security Inc. 13
Risk Analytics: Modeling and Attack Simulation
to Find Exploitable Vulnerabilities
Compromised
Partner
Attack
Simulations
Rogue
Admin
Internet
Hacker
© 2013 Skybox Security Inc. 14
Actionable Remediation Process,
Leveraging Attack Vectors Information
Install security patch on server
Change firewall access
rule
Activate signature on
IPS
© 2013 Skybox Security Inc. 15
High Level Visibility for Vulnerability Management
Monitor Impact and Risk Metrics over Time
Most Critical
Actions
Vulnerabilities
Threats
© 2013 Skybox Security Inc. 16
Comparison – Old and Next Generation VM
Old Generation Next Generation
Discovery Scanning Only Scan-less discovery +
scanning
Analysis Manual; inaccurate Automated; risk-based
Remediation Hit & Miss with Patching Optimal risk mitigation
Scope Limited to traditional
assets
Enterprise-wide
program
Automation Only scanning;
Cycle time 2-4 months
From A-Z;
Continuous process
Effectiveness Costly program; little
benefits
Optimal Risk Mitigation
© 2013 Skybox Security Inc. 17
In Summary –
Steps to Effective Vulnerability Management
• Know what’s really exploitable in your network
• Rank by business impact, end unnecessary patching
• Increase coverage of vulnerability assessment
• Increase frequency of vulnerability discovery
Ensure Frequent & Complete Knowledge of Your Vulnerabilities
• Evaluate alternatives to patching
• Verify impact on risk, and track progress
Close the Loop with Optimal Mitigation and Effective Tracking
Use Risk Analytics to Determine the Exposure
© 2013 Skybox Security Inc. 18
Thank you
www.skyboxsecurity.com