Upload
itrust
View
701
Download
0
Embed Size (px)
DESCRIPTION
ITrust is a Security Software Vendor based in Toulouse, France. The company was founded in January 2007, by Jean-Nicolas Piotrowski, former CSO of BNP Paribas, and Henri Piotrowski, former CEO of EADS ATR. The combined experiences in both banking and aeronautics sectors brought ITrust to be a key player in security sector. ITrust has more than 70 customers in France and has started to build strong partnerships all over the world. In its first years of existence, ITrust has essentially provided security services such as penetration testing, code and configuration audits, counsel in security architecture and training in security. ITrust has quickly been recognized as a trustworthy partner thanks to its professionalism, its customer support and its wish to help SMEs as well large companies. The company innovated since 2009, in adapting security assessments to SME: flash audit has been created and is still successful today. Security services are only provided in France. Research and development has always been an essential part in the company strategy. Considering that current security tools were not adapted to all, or only reserved to high-qualified security professionals, ITrust started the development of IKare, its security monitoring solution. In 2012, ITrust has been repositioned as Security Software provider and started to market IKare as an European vulnerability and monitoring solution. IKare is independent from any State Regulations and not under Patriot Act rule. That mean for our clients we provide them a safe environment, because they keep control on all their data. Since July 2012, ITrust is supported by the the French Government, and lead a major Research and Development project that includes its solution. The goal has always been the company baseline: “providing security solution able to detect targeted attacks or unknow vulnerabilities”. IKare® is both our international company and official brand, ITrust being the parent company.
Citation preview
IKARE®
VULNERABILITY MANAGEMENT & MONITORING
Updated on April 2013
Copyright IKARE®, 2013. Vulnerability Management And Monitoring.
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 2
ABOUT US
2007: ITrust is founded in France as a Consulting company.
January 2012: ITrust is repositionned as a global provider of VA and monitoring solution, but continues to offer security services in France.
January 2012: ITrust started to market IKare in France.
Since 2012: ITrust lead the project « Secured Virtual Cloud », supported by French governmental investments (12 Million EUR = 15 Million AUD).
2013: ITrust starts the international development of its security solution IKareAustralia - Benelux - Germany - MoroccoITrust is member of security and industrial associations in France and Australia:
Started 2013
Intended
International development
Head offices
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 3
CLIENTS WHO RELY ON IKARE®
Aeronautics/Engineering Bank Healthcare
Food industry
SME/AssociationLeading IT provider Education
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 4
COMMON BELIEFS ABOUT SECURITY
Firewall/Proxy + Antivirus = Complete protection
What about vulnerabilities?
> Operating systems and applications have always been plagued by vulnerabilities. > Vulnerabilities are high-value assets and « easy entries » to a network.> Successful attacks via the internet are often a result of exploited vulnerabilities.« The current generation of threats is not the work of kids but of serious professionals of three varieties:• Criminals are using advanced malware to find valuable information or to commandeer computers for
illegal or nefarious purposes.• State and non-state actors are seeking to penetrate computer networks for espionage.• State and non-state actors are waging war using malware, seeking to damage critical infrastructure to
harm other nations or companies. »Aziz ASHAR, CEO of FireEye, Forbes
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 5
WHAT PENTESTING REVEALS
• ITrust has 6 Years experience in Penetration testing
• A bout 90 % of security breaches (all types of businesses) and vulnerabilities faced by our customers come from three sources: • default or weak passwords, • misconfigured equipment and/or servers, • systems and applications not updated.
Conclusion: Vulnerability Assessment and continuous monitoring has become essential to prevent hacking, carried out between your regular security audits.
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 6
CYBER CRIME & SECURITY REPORT 2012 - AUSTRALIA
“…the most common responses as to why incidents were successful, were that they used powerful automated attack tools, or exploited unpatched or unprotected software vulnerabilities or misconfigured operating systems, applications or network devices.”
“Over 90% of respondents deployed firewalls, anti-spam filters anti-virus softwares…”
But report also concludes:
“IT security technology such as firewalls and spam filters are not always effective in preventing or detecting sophisticated attacks ”
Source: CERT Australia (https://www.cert.gov.au/)
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 7
VA IS RECOMMENDED AS A CRITICAL CONTROL
“The concept of Vulnerability Management is a critical process that should be followed in large and small organizations as a way to identify, assess and respond to new threats before they become a reality. »
Source: SANS Institute
“Vulnerability scanning is an important security control that should be implemented by any organization wishing to secure their IT infrastructure. It is recommended by the SANS Institute as a Critical Control and by the US based NIST as a Security Management Control.”
Source : HackerTarget
Copyright IKARE®, 2013. Vulnerability Management And Monitoring.
8
« Simplicity is the ultimate sophistication. » - Leonardo daVinci
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 9
ABOUT IKARE
What Vulnerability scanner AND Monitoring (security, QoS, QoE,…)
Origin Security Consultants have automated a large number of scripts to accelerate their penetration tests
Why Vulnerability Management is now a MUST HAVE.
Who(Users)
• Developers: Application Lifecycle Management
• Network operational: Assets management, monitoring, patching
• CIO/CSO: Dashboards
• Top management: Risk Assessment
How(Deployment)
• Virtual Machine into customer’s network (preferred solution)
• Cloud-based delivery from ITrust secure Data Center (or MSP network)
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 10
FEATURES
Automated discovery
Manage your assets and applications
Vulnerability audits
Reduce your exposure to attacks
Therefore increase your level of security
Security trends
Evaluate your efforts to maintain a good level of security
Identification of security risks in advance
Targeted security alerts
Facilitate IT roles in operational maintenance
Tailored and comprehensible Reports
Details are tailored to your role in the company
11
SUPPORTED TECHNOLOGIES
• Web Servers: Apache, Microsoft ISS; iPlanet; Lotus Domino; IpSwitch; Zeus; full support for virtual hosting.
• SMTP/POP Servers: Sendmail; Microsoft Exchange; Lotus Domino; Netscape Messaging Server; QMail.
• FTP Servers: IIS FTP Server; WuFTPd; WarFTPd.
• Firewalls: Check Point Firewall-1/VPN-1 and NG; Cisco PIX; Juniper NetScreen; Gauntlet; CyberGuard; Raptor.
• Databases: Oracle; Sybase; MS SQL; PostgreSQL; MySQL.
• eCommerce: Icat; EZShopper; Shopping Cart; PDGSoft; Hassan Consulting Shopping; Perishop.
• LDAP Servers: Netscape; IIS; Domino; Open LDAP.
• Load Balancing Servers: Cisco CSS, Alteon, F5 BIG IP; IBM Network Dispatcher; Intel Routers; Administrable.
• Switches and Hubs: Cisco; 3Com; Nortel Networks; Cabletron; Lucent; Alcatel.
• Wireless Access Points: Cisco; 3Com; Symbol; Linksys; D-Link; Netgear; Avaya; Apple Airport; Nokia; Siemens.
Copyright IKARE®, 2013. Vulnerability Management And Monitoring.
12
SCOPE OF VULNERABILITIES
• Back Doors and Trojan Horses (bypass authentication systems).
• Brute force attacks (defies cryptography by systematically trying different keys).
• CGI (exploits the Common Gateway Interface).
• Databases.
• DNS and Bind (exploits Domain Name Services).
• E-commerce applications.
• File sharing.
• File Transfer Protocol.
• Firewalls.
• General Remote Services.
• Hardware and network appliances.
• Information/Directory Services.
• SMB/Netbios Windows (exploits application-layer protocols for sharing network services).
• SMTP and e-mail applications.
• SNMP (exploits Simple Network Management Protocol).
• TCP/IP (exploits Transmission Control Protocol and Internet Protocol).
• Web servers.
• Wireless access points.
• X-Windows (exploits display protocol).
Copyright IKARE®, 2013. Vulnerability Management And Monitoring.
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 13
BENEFITS
Reduce your risk exposure & be proactive with a critical security control
Automate your cyber-defence & focus on your business through a comprehensive security assessment
Eliminate or mitigate risk faster with a very intuitive UI and prioritized alerts
Reliable results, reduce the number of false positives through powerful cross-correlation (next releases)
Save time and be free of maintenance with automated daily-updates
Comply with regulationsISO 27000X, PCI-DSS (in progress)
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 14
PRODUCT DEMONSTRATION
https://ikare.itrust.fr
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 15
ROADMAP (1/2)
1.9 Version: Available
– UI:
• Filters in assets’ view:– Filter on the status of a host: Up/Down/Archived– Filter on the status of a scan: Enabled/Disabled/Running– Filter by mark: above or below a value– Filter by FQDN/IP/OS/Vendor
• Back-up of a filtered view• Graphic improvements:
– Display of the operating system detected– Display of the number of hosts in a group– Display of the status UP/DOWN of the host– Contextual help– Evolution of the mark of a group or asset
• Erasing the mark of a non-scanned host• Term of use notification
– REPORT:
• New report design adapted to the product graphic design• Reports display differences between two successive scans
– DISCOVERING:
• Discovering process is more fast• Discovering is updated if a group is modified
– SYSTEM MENU:
• Display of actual settings• Network connectivity tests
1.10 Version: End Q1 2013
– UI:
• Management of users privileges:– Defined roles: Contact /User/Operator/Group Manager/
Administrator– Audit of the actions by user
• Automatic update of the product via the GUI.• Graphic improvements:
– Modification of the detected OS or equipment– Exploit availability by vulnerability– New definition of the targets in a group
– ENGINE:
• Adaptation of the scan according to the host status
– REPORT:
• Executive Summary• CSV export• Trend improvement between successive scans • Report customization
– API:
• Performance improvement• API opening
– LICENCE:
• 15 day trial version before entering a licence
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 16
ROADMAP (2/2)
• 1.11 Version: End Q2 2013
– ALERTING:• Setting out of GUI and Email alerts
– UI:• Filters improvements: research by version, patch,
vulnerability, ...• Report generation by view• Display of the groups’ arborescence in the dashboard view• Adding a non-found host• Trending: a graphic is displayed in the GUI• Installation wizard
– ENGINE: • Integration of the “Quality of Service” (QoS) module• Integration of cross-correlation security through scenario
• 1.12 Version: End Q3 2013 • Scan policy• Risk management: host can be classified by criticality• IKare distributed mode: multi sensors
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 17
OUR VISION TO FIGHT CURRENT GENERATION OF THREATS
GUIs
• SOC consoles• Alerts and escalations• Ad-hoc queries• Reports & audit documentation
Logs (host, servers, routers, applications, database, events)
Apps & Protocols (app usage, app content, document content,
protocol activity & anomalies)
Databases (DB transactions, privileged user activity, schema
changes, session details)
Users (id & privileges)
Perimeter (assets, port-scans, exploits, injections, malware, DOS-attacks, vulnerabilities)
Collectors
Taxonomies &
N
ormalization
Indexing/Database
Archive & Offline Storage
Forensic Queries
Reports and Audits
Real-time Analytics
• Filtering• Rules-based
correlation
QoS & QoE Collectors
Binding strings
Other cloud-relevant events & information
Norm
alization
• Proprietary advanced algorithms (statistical analysis, neural networks, etc.)
SIEMprovider
‘Secure Virtual Cloud’ project
18
BUSINESS MODEL PROPOSAL
Consulting Licence End-user Licence Managed Security Services
• Punctual vulnerability audit
• Licence for one user• Unlimited use (up to
1024 IPs)
• Continuous VA and monitoring
• Licence to partner’s existing customers or prospects
• Limited perimeter • Unlimited scans
• The partner manages the security:• Access to IKare
dashboard• Reporting• Remediation
• End-user licence• Limited perimeter• Unlimited scans
Copyright IKARE®, 2013. Vulnerability Management And Monitoring.
• No direct sales in Australia • > Through partners which provide high quality security services• Lead generation to our partner• Interesting discount and margin (20-30%)
19
NEXT STEP?
• Technical meeting with Partner’s engineers:– Technical demonstration– Questions & Answers
• Free 30-day trial licence (up to 32 IPs)
Copyright IKARE®, 2013. Vulnerability Management And Monitoring.
Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 20
CONTACT
Australia
Physical Address:
Level 1, 60 York Street, Sydney NSW 2000Postal address:
PO Box Q1553, QVB NSW 1230
Mobile: 0497 076 [email protected]
www.ikare-monitoring.com
Head Office
55 l’Occitane 31670 Labège, France+33 5 673 [email protected] www.itrust.fr
Product support
Julien [email protected]
+33 567 346 783