Embed Size (px)
Citation preview
Vulnerability Management using Open Source Tools
Vikram MehtaSr. Manager – Information Security
MakeMyTrip
2
Agenda
1. Operational Challenges
2. General Vulnerability Management Architecture
3. Automation Possibilities
4. Insight
5. Info sources
3
Agenda
1. Operational Challenges
2. General Vulnerability Management Architecture
3. Automation Possibilities
4. Insight
5. Info sources
Operational Challenges
1. Multiple scanning sources
2. Consolidating vulnerability information
3. Alerting / notification
4. Lack of consolidated dashboards
5. Tracking to closure
5
Agenda
1. Operational Challenges
2. General Vulnerability Management Architecture
3. Automation Possibilities
4. Insight
5. Info sources
6
General Architecture
Scanner 1
Scanner 2
Scanner 3
Manual Results
Consolidation Alerting / Analysis
Tracking
7
General Architecture
Nessus
AlienVault
ZAP
Manual Results
Consolidation Alerting / Analysis
Tracking
8
General Architecture
Nessus
AlienVault
ZAP
Manual Results
Consolidation Alerting / Analysis
Tracking
XML
mySQL
XML
XLS
9
Automation Possibilities
Nessus
AlienVault
ZAP
Manual Results
Consolidation Alerting / Analysis
Tracking
XML
mySQL
XML
XLS
Import JobsDB Connectors
Integration Connectors
mySQL ELSA
BugZillaOTRS
Activiti
10
Agenda
1. Operational Challenges
2. General Vulnerability Management Architecture
3. Automation Possibilities
4. Insight
5. Info sources
Insight - Consolidation
11
Simple DB Connector (ELSA)
1378383608 1936864308 NESSUS 10003 IP: X.X.X.X | Port: 80 | SVC: www | Protocol: tcp | Severity: 0 | NID: 11219 | Plugin Name: Nessus SYN scanner | Plugin Family: Port scanners | Plugin Modification Date: 2011/04/05 | Plugin Type: remote | Risk Factor: None | Synopsis: It is possible to determine which TCP ports are open. 0 80 No CVSS Base Score No CVSS Temporal Score 0 NO FIELD tcp 11219 It is possible to determine which TCP ports are open. www None
Nessus Report Parser (ELSA)
AlienVault
Insight - Consolidation
12
Third Party
Manual Results
XML
CSV
Import Jobs / Custom Code
Database
Insight – Alerting / Analysis
13
Insight – Alerting / Analysis
14
Insight – Alerting / Analysis
15
ELSA - Dashboards
16
Insight – Tracking
17
BugZilla
OTRS
API
SMTP
IntegrationDatabase ActivitiAPI
Insight – Tracking
18
BugZilla
OTRS
API
SMTP
IntegrationDatabase ActivitiAPI
Simple issue tracking
Work-flow, SLA andescalation management
Questions?
20
Info Sources
1. ELSA - https://code.google.com/p/enterprise-log-search-and-archive/
2. BugZilla - http://www.bugzilla.org/
3. Activiti - http://activiti.org/
4. OTRS - http://www.otrs.com/
and a lot of good work already done in this area
