an "intelligence" approach to vulnerability risk management
DESCRIPTION
Security professionals juggle many tasks, with the prioritization and management of vulnerabilities requiring a significant amount of time and resources. Add to that the continuous push back from the business. Have you ever heard of this objection, “Why do I need to patch this? What makes this such a priority?” This session will highlight how a major food distributor partnered with Dell SecureWorks, Qualys, and Risk I/O to turn the conversation with the business into one that is focused on vulnerability risk management, to drive down risk scores and effectively communicate their exposure to active Internet breaches.TRANSCRIPT
SecureWorks
An “Intelligence” Approach to Vulnerability Risk Management
Powered by:
David French, Risk I/O VP of Business Development Chris Collard, Dell SecureWorks Product Management
+
2
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Setting the Stage • Company Profile: Leading national
distributor of natural, organic specialty foods
• IT Footprint: Over 11,000 IT computing assets
• Qualys VM user through partnership with Dell SecureWorks
• Core focus on patch management
• Biggest challenge: Limited IT resources for vulnerability remediation
3
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
VMware ESX and ESXi
Physical Scanners
Browser Plugins
Mobile Agents
Virtual Scanners
Hypervisor
IaaS/PaaS Perimeter Scanners
Qualys Drives Continuous Visibility • Weekly scanning of both external and internal environment
• Authenticated Scanning of Windows environments
• Identifying over 1M CVE vulnerabilities!
4
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Challenges with Vulnerability Remediation
• Overwhelmed and can’t keep up with vulnerability volume
! Playing vulnerability “whack-a-mole” "
• Lack of visibility due to vulnerability silos (Application / Network / Code)
• Resource constrained w/ few resources dedicated to VMP
• Threat intelligence is disconnected from remediation decision making
• Vulnerability metrics do not reflect actual, real-world risk
5
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Customer’s Business Specific Challenges
• Reduction of risk is tied to quarterly bonus structure
• Limited resources for vulnerability remediation – From both Security & IT Operations
• Issues with SLA integrity and consistency – There is a significant need to remove the guesswork
• Constantly receives pushback from IT operations – “Why do we need to remediation these vulnerabilities?”
• Constantly challenged by management to “do more with less” – Budgetary and resource-wise
6
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Dell SecureWorks – Vulnerability Threat Processing
Proactive, automated service providing 24/7 prioritization of the vulnerabilities putting you most at risk of a security breach
Seamless integration with vulnerability scanners
Turns the conversation into “Vulnerability Risk Management”
+
7
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Fully Integrated with Dell SecureWorks
• Assets managed and correlated within Managed Service
• No software, No hardware to install or maintain
• Secure Single Sign-On
• 24/7 Vulnerability Threat Processing
8
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Prevent Vulnerability Breaches Save time and resources. Visualize where, when, and how you are exposed to actively breached vulnerabilities.
9
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
How does Vulnerability Threat Processing work? • QUALYS identifies 2,483 assets with 280,566 vulnerabilities, of which over 145,000
vulnerabilities are ranked high severity
• This is a daunting volume! Where do you start?
10
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
24/7 Vulnerability Threat Processing
Internet Threat Intelligence is matched with your vulnerabilities.
Internet Threat Data - Attacks and Threats “in the wild”
- Web Applications Threats
- Popular Threat Targets
- Zero Day Threats
Automated prioritization of the vulnerabilities putting you most at risk of a security breach. Vulnerability data is matched 24/7 with Internet Threat data:
11
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Internet Threat Intelligence Sources A growing list of Internet threat intelligence sources are used by the service and include:
• CTU Intelligence • Open Threat Exchange (OTX)
• SANS ISC
• National Vulnerability Database (NVD)
• WASC
• The Exploit DB
• SHODAN
• Metasploit Project • 6Scan
12
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Real-Time Threat Trends Visibility into threats “in-the-wild” that impact your organization today
✓ Active Breaches ✓ Web Attacks ✓ Volume & Velocity
13
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
The Result of Vulnerability Threat Processing: • Actionable results: 455 assets that have 1,290 vulnerabilities matching active Internet
breaches. – Immediately focus on the vulnerabilities posing the greatest risk!
• Saves significant amounts of time and remediation resources.
14
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
The Kill Chain – Vulnerability Weaponization
Target Defined
Objective Met
Recon
Vulnerability / Weaponization
Distribution & Delivery
Persistence / Lateral
Movement
Action on Target
Command & Control
Exfiltration Exploitation
Cost to resist Lowest Highest
14 Confidential
Vulnerability Monitoring & Prioritization prevents vulnerability exploitation
15
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Proactively Break the Kill Chain Example of an old Adobe Acrobat vulnerability (phishing)
16
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Quick Visibility of Threats Across Your Environment
Easily Customize Your Risk Meter Dashboard
17
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Visibility - Risk Meter Dashboard Effectively communicate & measure risk to vulnerability breaches
✓ Configurable ✓ Servers, Apps ✓ Technologies
Configure for every stakeholder
18
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Prioritization - Fix What Matters
Prioritize the vulnerabilities putting you most at risk.
Quick Lists
Remediation Lists
Improve your security posture.
19
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Benefits to Dell SecureWorks Customer
• Leverages existing investment in QUALYS and other scanners
• SLA’s now tied to Risk Meter scores and risk of vulnerability breach
• Connects Threat Intelligence together with Vulnerability Management
• Realize significant time and resource savings on remediation
! Stop playing the “vulnerability whack-a-mole” game "
• Effective communication of real-world risk to vulnerabilities being actively breached across the Internet
20
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Questions?
David French - [email protected] | 773-551-3402 Chris Collard – [email protected] | 770-870-6331
Vulnerability Threat Processing