STOP LOOKING FOR VULNERABILITIES.START FIXING THEM.F-Secure Radar

THE RISK IS HUGE

Sources: 1) AV Test2) National Vulnerability Database3) PwC, The Global State of Information Security® Survey 2015

Instances of malware

have almost doubled

every year

since 2006 (1

On average, 19 new

vulnerabilities emerge

daily (2

In 2014, cyber

attacks reached

117,339 per day 3)

3

YOUR COMPANY IS A TARGET

Sources: 1) Gartner2) HP 2015 Cyber Risk Report3) SANS Institute4) National Vulnerability Database

75% of attacks occur at

the application layer (1

86% of web

applications have serious security issues (2

52% of the issues

are long-

known

Patch deployment is not

immediate (3

Third party

applications amount

to80% of

vulnerabilities (4

WHERE’S THE RISK?

4

Out-dated software Misconfigured systems Insecure web applications

Continuous vulnerability scanning

Strict vulnerability management processes

Cover all your assets: Servers, desktops, printers, routers, etc.

HOW TO TACKLE IT?

5

MEET F-SECURE RADARA VULNERABILITY MANAGEMENT SOLUTION THAT GIVES YOU

THE TOOLS AND CONTROL TO MANAGE THE RISK

6

COMPLETE CONTROL OVER VULNERABILITY MANAGEMENTFrom automated scan scheduling to

verification scans

Unlimited scans with one single license

Flexible API for integration with your ticketing systems

7

THIS IS F-SECURE RADARDISCOVERY map network assets

SCAN systems & applicatio

ns

MANAGE priorities

and assign system owners

REPORT customizab

le for technicians

and executives

VERIFY rescan and spot changes

8

GET SMARTER ANALYSIS Intuitive, browser based

graphical interface Instant information Sophisticated tools for

deeper analysis

STREAMLINE WORKFLOWS Schedule automated

vulnerability scans Monitor vulnerabilities

efficiently

GET THE BIG PICTURE Map all your system

assets Get a total overview of

the current security level

GET IN CONTROL Assign, follow and

manage security issues with your system administrators, software developers, testers, auditors and security team

BETTER EVERY TIME Continuously

developed and improved

Automatically updated High quality

vulnerability checks and scanning engines

GET REPORTS THE WAY YOU WANT THEM Customizable reports

with reliable benchmarking

In the format you need

© F-Secure Confidential9

KEY BENEFITSTO YOU • Map your true attack surface before

someone else does• Measure yourself against PCI compliance• Improve your security measures with easy

management• Get customized reports that fit your

company’s needs• Scale and adapt F-Secure Radar to your

needs• Use seamless API integration with 3rd

party solutions

10

RADARFEATURESDETECT AND MANAGE THOUSANDS OF

ASSETS AND VULNERABILITIES IN ONE SOLUTION

Discovery Scan

System Scan

Web ScanF-Secur

e Radar Securi

ty Cente

r

3 IN 1 SCANNING SOLUTION

12

F-SECURE RADAR SECURITY CENTERF-Secure

Radar Security Center

F-Secur

e Radar Securi

ty Cente

r

• Centralized reporting with uniform look and feel

• Vulnerability management and ticketing system

• API interface• Add vulnerabilities manually• Portal in English

13

F-SECURE RADAR DISCOVERY SCANF-Secure

Radar Security Center

• A fast and reliable port scanner• Based on an asynchronous port

scanning techniques• Fast host discovery mode (to be

used on internal networks)• Supports service and operating

system detection• Scan speed can be easily adjusted to

suit your network capacity

A scanning process that maps your whole network and all its assets

F-Secur

e Radar Securi

ty Cente

r

14

F-SECURE RADAR SYSTEM SCANF-Secure

Radar Security Center

• A platform scanner - able to identify known vulnerabilities systems and software

• Capable of scanning any network device that talks IP

• Support authenticated scanning on Windows and Linux

• Low number of false positive and false negative

• Constantly kept up-to-date based on- Public vulnerability databases such as

National Vulnerability Database and others

- Vulnerabilities discovered by our security consultants

• Certified as a PCI ASV scanning tool

Identifies vulnerabilities associated with configuration

errors, improper patch management, implementation

oversights etc.

F-Secur

e Radar Securi

ty Cente

r

15

F-SECURE RADAR WEB SCANF-Secure

Radar Security Center

• A web application scanner - able to identify vulnerabilities in custom applications

• Supports simple form-based authentication• Supports assisted crawling (aka.

recordings)• Scalable to cover expanding needs• Certified PCI ASV scanning tool

Tests for numerous web application vulnerabilities

F-Secur

e Radar Securi

ty Cente

r

PICK YOUR PREFERRED WAY OF IMPLEMENTATION16

17

Run as an on-site solution

where everything is behind your corporate

firewall

F-SECURE RADAR CLOUDF-SECURE RADAR PRIVATERun scans from the

cloud as a true SaaS with scan nodes within

the service

F-SECURE RADAR CLOUDF-SECURE

RADAR SCAN NODE

18

PUBLICLY AVAILABLE NETWORK

FIREWALL

WEB INTERFACE

LOCAL NETWORK

F-SECURE RADAR SECURITY CENTER• No limitations!• Accessible from anywhere• Always up-to-date• Unlimited scan nodes included• Tie our managed cyber security

services together with your F-Secure Radar solution

F-SECURE RADAR

SCAN NODE

19

FIREWALL

LOCAl NETWORK

• Store your data in-house• Deploy F-Secure Radar in isolated

environments• Installed by F-Secure experts• Scan nodes support two-way

communication- Initiated by scan node- Initiated by F-Secure Radar Security

Center

LOCAL ONSITE SOLUTIONS WEB INTERFACE

F-SECURE RADAR PRIVATEF-SECURE

RADAR SCAN NODE

20

F-SECURE RADAR AS A SERVICELET EXPERTS RUN F-SECURE RADAR FOR YOU TO GET THE BEST OUT OF THE SOLUTION

© F-Secure Confidential21

Missing the big overview

• What kind of action plan / recommendations should be delivered to the management?

• What do we need the most right now?

COMMON CUSTOMER CHALLENGESLacking internal knowledge

• Not enough knowledge about the vulnerabilities?

• Troubles configuring the scans in an optimal way?

• Overwhelmed by all the findings?

Lacking the time or resources

• No time to review results?

• No time to delegate vulnerabilities to be corrected?

• No time to follow up, re-scan and verify corrections?

22

• F-Secure Radar license required• You define the scope and frequency• Experts will regularly (monthly)

- Configure scans- Review scan results- Follow up on existing tickets- Assign new tickets to system owners- Deliver executive summary reports- Attend quarterly status meeting

HOW IT WORKS?

F-SECURE RADAR AS PART OF CYBER SECURITY23

© F-Secure Confidential24

Security & Risk AssessmentSecurity Advisory

Compliance & Security Improvement

Vulnerability ManagementTraining & Security Culture

End-Point ProtectionE-Mail & Web Traffic ScanningCentral Security Management

ForensicsIncident ResponseSecurity Monitoring & Alerting

PREDICT

PREVENT

DETECT

RESPOND

AN ELEMENT OF HOLISTIC CYBER SECURITY

F-SECURE RADAR AS AN INTEGRATED PART OF YOUR BUSINESS SECURITY

© F-Secure Confidential25

Security Improvement Program

Security Management

Incident Response Services

Secure Software Development

PCI Compliance

Vulnerability Assessment

PCI ASV Scans

MANAGE

ENHANCE

ASSESS

End-Point and Network Protection - the basis of every security strategy

F-SECURE RADAR

• Select and analyze subsets of scans• Create, save and edit custom reports• Flexible and editable report formats to

suit your needs Word and Excel reports Traditional CSV or XML reports Or access data using the F-Secure Radar API

• Add notes to vulnerabilities• Change vulnerability state (Confirmed,

Accepted risk, False positive..)• Add your own vulnerabilities

HIGHLY CUSTOMISABLE REPORTING CENTRE

© F-Secure Confidential26

AN INTEGRAL PART OF YOUR PCI COMPLIANCE PROGRAM An approved PCI ASV scanning solution Validate your compliance Complement your Qualified Security

Assessor (QSA) Vulnerability scans performed according to

the PCI requirements Available for regular testing and for

identifying newly discovered vulnerabilities Reporting tools to deliver the associated

scanning reports© F-Secure Confidential27

DETAILS

28

© F-Secure Confidential29

Pricing

• Based on the number of hosts/IPs scanned for vulnerabilities

• License starts at min. 100 IPs

• Choose monthly or yearly billing

• Volume discounts

F-SECURE RADARSIMPLE PRICING MODELBenefits

• No feature limitations• Access to all scanning

engines• Access to Karhu API• No hidden costs

Benefits

• Unlimited number of scan nodes

• Unlimited number of scans against your licensed systems

• Unlimited number of user accounts

• No scanning restrictions

30

F-SECURE

IN A ROW – BEST ENDPOINT

PROTECTION

www.f-secure.com/business

4 YEARS

A recognized European vendor in penetration testing, vulnerability assessment, security consulting

and training.

Developed by experts, based on years of experience in the field.

Flexible development together with customers.

A leading European cyber security specialist.

A LEADING EUROPEAN CYBER SECURITY SPECIALIST