an "intelligence" approach to vulnerability risk management

SecureWorks

An “Intelligence” Approach to Vulnerability Risk Management

Powered by:

David French, Risk I/O VP of Business Development Chris Collard, Dell SecureWorks Product Management

+

2

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Setting the Stage •  Company Profile: Leading national

distributor of natural, organic specialty foods

•  IT Footprint: Over 11,000 IT computing assets

•  Qualys VM user through partnership with Dell SecureWorks

•  Core focus on patch management

•  Biggest challenge: Limited IT resources for vulnerability remediation

3

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

VMware ESX and ESXi

Physical Scanners

Browser Plugins

Mobile Agents

Virtual Scanners

Hypervisor

IaaS/PaaS Perimeter Scanners

Qualys Drives Continuous Visibility •  Weekly scanning of both external and internal environment

•  Authenticated Scanning of Windows environments

•  Identifying over 1M CVE vulnerabilities!

4

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Challenges with Vulnerability Remediation

•  Overwhelmed and can’t keep up with vulnerability volume

! Playing vulnerability “whack-a-mole” "

•  Lack of visibility due to vulnerability silos (Application / Network / Code)

•  Resource constrained w/ few resources dedicated to VMP

•  Threat intelligence is disconnected from remediation decision making

•  Vulnerability metrics do not reflect actual, real-world risk

5

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Customer’s Business Specific Challenges

•  Reduction of risk is tied to quarterly bonus structure

•  Limited resources for vulnerability remediation –  From both Security & IT Operations

•  Issues with SLA integrity and consistency –  There is a significant need to remove the guesswork

•  Constantly receives pushback from IT operations –  “Why do we need to remediation these vulnerabilities?”

•  Constantly challenged by management to “do more with less” –  Budgetary and resource-wise

6

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Dell SecureWorks – Vulnerability Threat Processing

Proactive, automated service providing 24/7 prioritization of the vulnerabilities putting you most at risk of a security breach

Seamless integration with vulnerability scanners

Turns the conversation into “Vulnerability Risk Management”

+

7

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Fully Integrated with Dell SecureWorks

•  Assets managed and correlated within Managed Service

•  No software, No hardware to install or maintain

•  Secure Single Sign-On

•  24/7 Vulnerability Threat Processing

8

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Prevent Vulnerability Breaches Save time and resources. Visualize where, when, and how you are exposed to actively breached vulnerabilities.

9

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

How does Vulnerability Threat Processing work? •  QUALYS identifies 2,483 assets with 280,566 vulnerabilities, of which over 145,000

vulnerabilities are ranked high severity

•  This is a daunting volume! Where do you start?

10

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

24/7 Vulnerability Threat Processing

Internet Threat Intelligence is matched with your vulnerabilities.

Internet Threat Data -  Attacks and Threats “in the wild”

-  Web Applications Threats

-  Popular Threat Targets

-  Zero Day Threats

Automated prioritization of the vulnerabilities putting you most at risk of a security breach. Vulnerability data is matched 24/7 with Internet Threat data:

11

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Internet Threat Intelligence Sources A growing list of Internet threat intelligence sources are used by the service and include:

•  CTU Intelligence •  Open Threat Exchange (OTX)

•  SANS ISC

•  National Vulnerability Database (NVD)

•  WASC

•  The Exploit DB

•  SHODAN

•  Metasploit Project •  6Scan

12

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Real-Time Threat Trends Visibility into threats “in-the-wild” that impact your organization today

✓  Active Breaches ✓  Web Attacks ✓  Volume & Velocity

13

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

The Result of Vulnerability Threat Processing: •  Actionable results: 455 assets that have 1,290 vulnerabilities matching active Internet

breaches. –  Immediately focus on the vulnerabilities posing the greatest risk!

•  Saves significant amounts of time and remediation resources.

14

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

The Kill Chain – Vulnerability Weaponization

Target Defined

Objective Met

Recon

Vulnerability / Weaponization

Distribution & Delivery

Persistence / Lateral

Movement

Action on Target

Command & Control

Exfiltration Exploitation

Cost to resist Lowest Highest

14 Confidential

Vulnerability Monitoring & Prioritization prevents vulnerability exploitation

15

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Proactively Break the Kill Chain Example of an old Adobe Acrobat vulnerability (phishing)

16

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Quick Visibility of Threats Across Your Environment

Easily Customize Your Risk Meter Dashboard

17

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Visibility - Risk Meter Dashboard Effectively communicate & measure risk to vulnerability breaches

✓  Configurable ✓  Servers, Apps ✓  Technologies

Configure for every stakeholder

18

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Prioritization - Fix What Matters

Prioritize the vulnerabilities putting you most at risk.

Quick Lists

Remediation Lists

Improve your security posture.

19

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Benefits to Dell SecureWorks Customer

•  Leverages existing investment in QUALYS and other scanners

•  SLA’s now tied to Risk Meter scores and risk of vulnerability breach

•  Connects Threat Intelligence together with Vulnerability Management

•  Realize significant time and resource savings on remediation

! Stop playing the “vulnerability whack-a-mole” game "

•  Effective communication of real-world risk to vulnerabilities being actively breached across the Internet

20

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Questions?

David French - david@risk.io | 773-551-3402 Chris Collard – ccollard@secureworks.com | 770-870-6331

Vulnerability Threat Processing