20
IKARE ® VULNERABILITY MANAGEMENT & MONITORING Updated on April 2013 Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

IKare Firm

  • Upload
    itrust

  • View
    701

  • Download
    0

Embed Size (px)

DESCRIPTION

ITrust is a Security Software Vendor based in Toulouse, France. The company was founded in January 2007, by Jean-Nicolas Piotrowski, former CSO of BNP Paribas, and Henri Piotrowski, former CEO of EADS ATR. The combined experiences in both banking and aeronautics sectors brought ITrust to be a key player in security sector. ITrust has more than 70 customers in France and has started to build strong partnerships all over the world. In its first years of existence, ITrust has essentially provided security services such as penetration testing, code and configuration audits, counsel in security architecture and training in security. ITrust has quickly been recognized as a trustworthy partner thanks to its professionalism, its customer support and its wish to help SMEs as well large companies. The company innovated since 2009, in adapting security assessments to SME: flash audit has been created and is still successful today. Security services are only provided in France. Research and development has always been an essential part in the company strategy. Considering that current security tools were not adapted to all, or only reserved to high-qualified security professionals, ITrust started the development of IKare, its security monitoring solution. In 2012, ITrust has been repositioned as Security Software provider and started to market IKare as an European vulnerability and monitoring solution. IKare is independent from any State Regulations and not under Patriot Act rule. That mean for our clients we provide them a safe environment, because they keep control on all their data. Since July 2012, ITrust is supported by the the French Government, and lead a major Research and Development project that includes its solution. The goal has always been the company baseline: “providing security solution able to detect targeted attacks or unknow vulnerabilities”. IKare® is both our international company and official brand, ITrust being the parent company.

Citation preview

Page 1: IKare Firm

IKARE®

VULNERABILITY MANAGEMENT & MONITORING

Updated on April 2013

Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

Page 2: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 2

ABOUT US

2007: ITrust is founded in France as a Consulting company.

January 2012: ITrust is repositionned as a global provider of VA and monitoring solution, but continues to offer security services in France.

January 2012: ITrust started to market IKare in France.

Since 2012: ITrust lead the project « Secured Virtual Cloud », supported by French governmental investments (12 Million EUR = 15 Million AUD).

2013: ITrust starts the international development of its security solution IKareAustralia - Benelux - Germany - MoroccoITrust is member of security and industrial associations in France and Australia:

Started 2013

Intended

International development

Head offices

Page 3: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 3

CLIENTS WHO RELY ON IKARE®

Aeronautics/Engineering Bank Healthcare

Food industry

SME/AssociationLeading IT provider Education

Page 4: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 4

COMMON BELIEFS ABOUT SECURITY

Firewall/Proxy + Antivirus = Complete protection

What about vulnerabilities?

> Operating systems and applications have always been plagued by vulnerabilities. > Vulnerabilities are high-value assets and « easy entries » to a network.> Successful attacks via the internet are often a result of exploited vulnerabilities.« The current generation of threats is not the work of kids but of serious professionals of three varieties:• Criminals are using advanced malware to find valuable information or to commandeer computers for

illegal or nefarious purposes.• State and non-state actors are seeking to penetrate computer networks for espionage.• State and non-state actors are waging war using malware, seeking to damage critical infrastructure to

harm other nations or companies. »Aziz ASHAR, CEO of FireEye, Forbes

Page 5: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 5

WHAT PENTESTING REVEALS

• ITrust has 6 Years experience in Penetration testing

• A bout 90 % of security breaches (all types of businesses) and vulnerabilities faced by our customers come from three sources: • default or weak passwords, • misconfigured equipment and/or servers, • systems and applications not updated.

Conclusion: Vulnerability Assessment and continuous monitoring has become essential to prevent hacking, carried out between your regular security audits.

Page 6: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 6

CYBER CRIME & SECURITY REPORT 2012 - AUSTRALIA

“…the most common responses as to why incidents were successful, were that they used powerful automated attack tools, or exploited unpatched or unprotected software vulnerabilities or misconfigured operating systems, applications or network devices.”

“Over 90% of respondents deployed firewalls, anti-spam filters anti-virus softwares…”

But report also concludes:

“IT security technology such as firewalls and spam filters are not always effective in preventing or detecting sophisticated attacks ”

Source: CERT Australia (https://www.cert.gov.au/)

Page 7: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 7

VA IS RECOMMENDED AS A CRITICAL CONTROL

“The concept of Vulnerability Management is a critical process that should be followed in large and small organizations as a way to identify, assess and respond to new threats before they become a reality. »

Source: SANS Institute

“Vulnerability scanning is an important security control that should be implemented by any organization wishing to secure their IT infrastructure. It is recommended by the SANS Institute as a Critical Control and by the US based NIST as a Security Management Control.”

Source : HackerTarget

Page 8: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

8

« Simplicity is the ultimate sophistication. » - Leonardo daVinci

Page 9: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 9

ABOUT IKARE

What Vulnerability scanner AND Monitoring (security, QoS, QoE,…)

Origin Security Consultants have automated a large number of scripts to accelerate their penetration tests

Why Vulnerability Management is now a MUST HAVE.

Who(Users)

• Developers: Application Lifecycle Management

• Network operational: Assets management, monitoring, patching

• CIO/CSO: Dashboards

• Top management: Risk Assessment

How(Deployment)

• Virtual Machine into customer’s network (preferred solution)

• Cloud-based delivery from ITrust secure Data Center (or MSP network)

Page 10: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 10

FEATURES

Automated discovery

Manage your assets and applications

Vulnerability audits

Reduce your exposure to attacks

Therefore increase your level of security

Security trends

Evaluate your efforts to maintain a good level of security

Identification of security risks in advance

Targeted security alerts

Facilitate IT roles in operational maintenance

Tailored and comprehensible Reports

Details are tailored to your role in the company

Page 11: IKare Firm

11

SUPPORTED TECHNOLOGIES

• Web Servers: Apache, Microsoft ISS; iPlanet; Lotus Domino; IpSwitch; Zeus; full support for virtual hosting.

• SMTP/POP Servers: Sendmail; Microsoft Exchange; Lotus Domino; Netscape Messaging Server; QMail.

• FTP Servers: IIS FTP Server; WuFTPd; WarFTPd.

• Firewalls: Check Point Firewall-1/VPN-1 and NG; Cisco PIX; Juniper NetScreen; Gauntlet; CyberGuard; Raptor.

• Databases: Oracle; Sybase; MS SQL; PostgreSQL; MySQL.

• eCommerce: Icat; EZShopper; Shopping Cart; PDGSoft; Hassan Consulting Shopping; Perishop.

• LDAP Servers: Netscape; IIS; Domino; Open LDAP.

• Load Balancing Servers: Cisco CSS, Alteon, F5 BIG IP; IBM Network Dispatcher; Intel Routers; Administrable.

• Switches and Hubs: Cisco; 3Com; Nortel Networks; Cabletron; Lucent; Alcatel.

• Wireless Access Points: Cisco; 3Com; Symbol; Linksys; D-Link; Netgear; Avaya; Apple Airport; Nokia; Siemens.

Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

Page 12: IKare Firm

12

SCOPE OF VULNERABILITIES

• Back Doors and Trojan Horses (bypass authentication systems).

• Brute force attacks (defies cryptography by systematically trying different keys).

• CGI (exploits the Common Gateway Interface).

• Databases.

• DNS and Bind (exploits Domain Name Services).

• E-commerce applications.

• File sharing.

• File Transfer Protocol.

• Firewalls.

• General Remote Services.

• Hardware and network appliances.

• Information/Directory Services.

• SMB/Netbios Windows (exploits application-layer protocols for sharing network services).

• SMTP and e-mail applications.

• SNMP (exploits Simple Network Management Protocol).

• TCP/IP (exploits Transmission Control Protocol and Internet Protocol).

• Web servers.

• Wireless access points.

• X-Windows (exploits display protocol).

Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

Page 13: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 13

BENEFITS

Reduce your risk exposure & be proactive with a critical security control

Automate your cyber-defence & focus on your business through a comprehensive security assessment

Eliminate or mitigate risk faster with a very intuitive UI and prioritized alerts

Reliable results, reduce the number of false positives through powerful cross-correlation (next releases)

Save time and be free of maintenance with automated daily-updates

Comply with regulationsISO 27000X, PCI-DSS (in progress)

Page 14: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 14

PRODUCT DEMONSTRATION

https://ikare.itrust.fr

Page 15: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 15

ROADMAP (1/2)

1.9 Version: Available

– UI:

• Filters in assets’ view:– Filter on the status of a host: Up/Down/Archived– Filter on the status of a scan: Enabled/Disabled/Running– Filter by mark: above or below a value– Filter by FQDN/IP/OS/Vendor

• Back-up of a filtered view• Graphic improvements:

– Display of the operating system detected– Display of the number of hosts in a group– Display of the status UP/DOWN of the host– Contextual help– Evolution of the mark of a group or asset

• Erasing the mark of a non-scanned host• Term of use notification

– REPORT:

• New report design adapted to the product graphic design• Reports display differences between two successive scans

– DISCOVERING:

• Discovering process is more fast• Discovering is updated if a group is modified

– SYSTEM MENU:

• Display of actual settings• Network connectivity tests

1.10 Version: End Q1 2013

 – UI:

• Management of users privileges:– Defined roles: Contact /User/Operator/Group Manager/

Administrator– Audit of the actions by user

• Automatic update of the product via the GUI.• Graphic improvements:

– Modification of the detected OS or equipment– Exploit availability by vulnerability– New definition of the targets in a group

– ENGINE:

• Adaptation of the scan according to the host status

– REPORT:

• Executive Summary• CSV export• Trend improvement between successive scans • Report customization

– API:

• Performance improvement• API opening

– LICENCE:

• 15 day trial version before entering a licence

Page 16: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 16

ROADMAP (2/2)

• 1.11 Version: End Q2 2013 

– ALERTING:• Setting out of GUI and Email alerts

– UI:• Filters improvements: research by version, patch,

vulnerability, ...• Report generation by view• Display of the groups’ arborescence in the dashboard view• Adding a non-found host• Trending: a graphic is displayed in the GUI• Installation wizard

– ENGINE: • Integration of the “Quality of Service” (QoS) module• Integration of cross-correlation security through scenario

• 1.12 Version: End Q3 2013 • Scan policy• Risk management: host can be classified by criticality• IKare distributed mode: multi sensors

Page 17: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 17

OUR VISION TO FIGHT CURRENT GENERATION OF THREATS

GUIs

• SOC consoles• Alerts and escalations• Ad-hoc queries• Reports & audit documentation

Logs (host, servers, routers, applications, database, events)

Apps & Protocols (app usage, app content, document content,

protocol activity & anomalies)

Databases (DB transactions, privileged user activity, schema

changes, session details)

Users (id & privileges)

Perimeter (assets, port-scans, exploits, injections, malware, DOS-attacks, vulnerabilities)

Collectors

Taxonomies &

N

ormalization

Indexing/Database

Archive & Offline Storage

Forensic Queries

Reports and Audits

Real-time Analytics

• Filtering• Rules-based

correlation

QoS & QoE Collectors

Binding strings

Other cloud-relevant events & information

Norm

alization

• Proprietary advanced algorithms (statistical analysis, neural networks, etc.)

SIEMprovider

‘Secure Virtual Cloud’ project

Page 18: IKare Firm

18

BUSINESS MODEL PROPOSAL

Consulting Licence End-user Licence Managed Security Services

• Punctual vulnerability audit

• Licence for one user• Unlimited use (up to

1024 IPs)

• Continuous VA and monitoring

• Licence to partner’s existing customers or prospects

• Limited perimeter • Unlimited scans

• The partner manages the security:• Access to IKare

dashboard• Reporting• Remediation

• End-user licence• Limited perimeter• Unlimited scans

Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

• No direct sales in Australia • > Through partners which provide high quality security services• Lead generation to our partner• Interesting discount and margin (20-30%)

Page 19: IKare Firm

19

NEXT STEP?

• Technical meeting with Partner’s engineers:– Technical demonstration– Questions & Answers

• Free 30-day trial licence (up to 32 IPs)

Copyright IKARE®, 2013. Vulnerability Management And Monitoring.

Page 20: IKare Firm

Copyright IKARE®, 2013. Vulnerability Management And Monitoring. 20

CONTACT

Australia

Physical Address:

Level 1, 60 York Street, Sydney NSW 2000Postal address:

PO Box Q1553, QVB NSW 1230

Mobile: 0497 076 [email protected]

www.ikare-monitoring.com

Head Office

55 l’Occitane 31670 Labège, France+33 5 673 [email protected] www.itrust.fr

Product support

Julien [email protected]

+33 567 346 783