Upload
others
View
24
Download
0
Embed Size (px)
Citation preview
TCVM: A New Approach to Targeting Risk with Context-Aware Vulnerability Management
David Anteliz | Senior Sales Engineer | Central
2
Who We Are
Silicon Valley HQ
Offices around the globe
Fastest–growing company in our space
$270M funding since February 2016
Attack Surface Management
Visibility & Analytics to maintain resilience
700+ active customers
50 countries, all verticals
TMTM
Who Relies on Us
Financial Services
ServiceProviders
Government & Defense
Energy &Utilities
Technology & Manufacturing
Healthcare Consumer
TMTM
Most Breaches are Preventable
No visibility of the environment
Lack of actionable intelligence
Disjointed security tools and data
Lack of cross-functional expertise
skyboxsecurity.com 5
Organizations don’t understand their attack surface
97% of breaches are avoidable through standard controls*
*According to Verizon Data Breech Investigation Report
#1 Overwhelming Number of Vulnerabilities
www.vulnerabilitycenter.com
• 700 – 1,100 new vulnerabilities every month
• Historically systems have been poorly patched
• Scanner generates a LOT of data
• People end up focusing on the “criticals”
Most Exploited Vulnerabilities were Not Ranked “critical”
#2 It’s not just about the criticals
– IBM X-Force/Analysis by Gartner, September 2016
0
100
200
300
400
500
600
700
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
MEDIUM
HIGH
CRITICAL
LOW
Num
ber
of
Vuln
era
bilitie
s
TMTM
#3 Not just a Zero Day problem
85% of exploited vulnerabilities were more than 2 years old
– Verizon Data Breach Investigations Report
0
20
40
60
80
100
120
2015 2013 2011 2009 2007 2005 2003 2001 1999
9
Traditional Approach Causes Pain – Broken Process
Remediation
Hard to convert vulnerability info to patch needs
Difficult to find alternative remediation options
Unnecessary patching
Critical risks open for too long
Poor SLA management
Poor communication
Poor tracking of remediation
Risk Analysis
Too much data
No context of existing controls
Hard to correlate data from multiple sources
Threat landscape is dynamic
Hard to prioritize by business impact
Exploitability is not considered
Likelihood of exploitability is not considered
Lack of prioritisation by SLA/Risk
Discovery
Infrequency of scans
Disruptive scans
Unable to scan all assets
Multiple environments
Lack of authenticated scanning
TMTM
Understanding the IT/OT Asset Relationships
Level 5: Corporate Network
Level 4: Bus Apps
Level 3.5: Data DMZ
Level 3: Control System LAN
Levels 0-2: Basic Control, Supervisory, Process
IT Assets
OT NetworkIT Network
IT Assets IT Assets OT Assets
Skybox: Ingredients for Effective Vulnerability Prioritization
+ +Vulnerability-Centric
Criticality of vulnerability (CVSS score, exploitation
impact, public exploit available)
Context-Centric
Business criticality, value and exposure of an asset
(internet-facing, third-party access, contains sensitive data, provides business-
critical functions)
Threat-Centric
Actively being targeted by malware, ransomware, exploit kits and threat actors
in the wild
Skybox Security Suite Asset Management
SIEM/IT-GRC(Trailing Edge)
DeepSight/iDefense(Leading Edge)
Vulnerability Scanners
Firewalls
IPS Ticketing Systems(Remedy/ServiceNow)
Improve Customer’s Existing Resources
Improve Customer’s Existing Resources
Integrates with 120+ technologies
Cloud/Virtual
Endpoint Security
Vulnerability Management, SIEM
Firewall/Network Security & Infrastructure
TMTM
Skybox Vulnerability Database & Attack Vector Intelligence
16
Skybox Research Lab aggregates 20+ vulnerability and threat feeds
More than 50,000 vulnerabilities on 1,800 products
Including products, vulnerabilities, IPS signatures, patches, malware patterns
CVE compliant, CVSS v3 standard
− Exploitation pre-conditions
− Likelihood of attack
− Conflict resolution
Proprietary intelligence added by analysts
ADVISORIES
AdobeCisco PSIRTMicrosoft Security BulletinOracleRedHat
SCANNERS
eEye RetinaIBM ScannerMcAfee Foundstone
Qualys GuardRapid7
NexposeTenable NessusTripwire IP360
IPS
Fortinet FortiGateHP TippingPointIBM Proventia
McAfee IPSPalo Alto
NetworksCisco Sourcefire
OTHER
CERTIBM X-ForceMitre CVENIST’s NVDOSBDV
Rapid7 MetasploitSecuniaSymantec
DeepSightSymantec Worms
− Vulnerabilities with no CVE
− Remediation solutions
− Cross-references
Updated daily
skyboxsecurity.com
TMTM
Skybox – Security Middleware platform
Asset Management
DeepSight/iDefense(Leading Edge)
Vulnerability Scanners
Firewalls
IPS Ticketing Systems(Remedy/ServiceNow)
SIEM/IT-GRC(Trailing Edge)
25