an "intelligence" approach to vulnerability risk management

SecureWorks

An “Intelligence” Approach to Vulnerability Risk Management

Powered by:

David French, Risk I/O VP of Business Development Chris Collard, Dell SecureWorks Product Management

+

2

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Setting the Stage •  Company Profile: Leading national

distributor of natural, organic specialty foods

•  IT Footprint: Over 11,000 IT computing assets

•  Qualys VM user through partnership with Dell SecureWorks

•  Core focus on patch management

•  Biggest challenge: Limited IT resources for vulnerability remediation

3


SecureWorks

VMware ESX and ESXi

Physical Scanners

Browser Plugins

Mobile Agents

Virtual Scanners

Hypervisor

IaaS/PaaS Perimeter Scanners

Qualys Drives Continuous Visibility •  Weekly scanning of both external and internal environment

•  Authenticated Scanning of Windows environments

•  Identifying over 1M CVE vulnerabilities!

4


SecureWorks

Challenges with Vulnerability Remediation

•  Overwhelmed and can’t keep up with vulnerability volume

! Playing vulnerability “whack-a-mole” "

•  Lack of visibility due to vulnerability silos (Application / Network / Code)

•  Resource constrained w/ few resources dedicated to VMP

•  Threat intelligence is disconnected from remediation decision making

•  Vulnerability metrics do not reflect actual, real-world risk

5


SecureWorks

Customer’s Business Specific Challenges

•  Reduction of risk is tied to quarterly bonus structure

•  Limited resources for vulnerability remediation –  From both Security & IT Operations

•  Issues with SLA integrity and consistency –  There is a significant need to remove the guesswork

•  Constantly receives pushback from IT operations –  “Why do we need to remediation these vulnerabilities?”

•  Constantly challenged by management to “do more with less” –  Budgetary and resource-wise

6


SecureWorks

Dell SecureWorks – Vulnerability Threat Processing

Proactive, automated service providing 24/7 prioritization of the vulnerabilities putting you most at risk of a security breach

Seamless integration with vulnerability scanners

Turns the conversation into “Vulnerability Risk Management”

+

7


SecureWorks

Fully Integrated with Dell SecureWorks

•  Assets managed and correlated within Managed Service

•  No software, No hardware to install or maintain

•  Secure Single Sign-On

•  24/7 Vulnerability Threat Processing

8


SecureWorks

Prevent Vulnerability Breaches Save time and resources. Visualize where, when, and how you are exposed to actively breached vulnerabilities.

9


SecureWorks

How does Vulnerability Threat Processing work? •  QUALYS identifies 2,483 assets with 280,566 vulnerabilities, of which over 145,000

vulnerabilities are ranked high severity

•  This is a daunting volume! Where do you start?

10


SecureWorks

24/7 Vulnerability Threat Processing

Internet Threat Intelligence is matched with your vulnerabilities.

Internet Threat Data -  Attacks and Threats “in the wild”

-  Web Applications Threats

-  Popular Threat Targets

-  Zero Day Threats

Automated prioritization of the vulnerabilities putting you most at risk of a security breach. Vulnerability data is matched 24/7 with Internet Threat data:

11


SecureWorks

Internet Threat Intelligence Sources A growing list of Internet threat intelligence sources are used by the service and include:

•  CTU Intelligence •  Open Threat Exchange (OTX)

•  SANS ISC

•  National Vulnerability Database (NVD)

•  WASC

•  The Exploit DB

•  SHODAN

•  Metasploit Project •  6Scan

12


SecureWorks

Real-Time Threat Trends Visibility into threats “in-the-wild” that impact your organization today

✓  Active Breaches ✓  Web Attacks ✓  Volume & Velocity

13


SecureWorks

The Result of Vulnerability Threat Processing: •  Actionable results: 455 assets that have 1,290 vulnerabilities matching active Internet

breaches. –  Immediately focus on the vulnerabilities posing the greatest risk!

•  Saves significant amounts of time and remediation resources.

14


SecureWorks

The Kill Chain – Vulnerability Weaponization

Target Defined

Objective Met

Recon

Vulnerability / Weaponization

Distribution & Delivery

Persistence / Lateral

Movement

Action on Target

Command & Control

Exfiltration Exploitation

Cost to resist Lowest Highest

14 Confidential

Vulnerability Monitoring & Prioritization prevents vulnerability exploitation

15


SecureWorks

Proactively Break the Kill Chain Example of an old Adobe Acrobat vulnerability (phishing)

16


SecureWorks

Quick Visibility of Threats Across Your Environment

Easily Customize Your Risk Meter Dashboard

17


SecureWorks

Visibility - Risk Meter Dashboard Effectively communicate & measure risk to vulnerability breaches

✓  Configurable ✓  Servers, Apps ✓  Technologies

Configure for every stakeholder

18


SecureWorks

Prioritization - Fix What Matters

Prioritize the vulnerabilities putting you most at risk.

Quick Lists

Remediation Lists

Improve your security posture.

19


SecureWorks

Benefits to Dell SecureWorks Customer

•  Leverages existing investment in QUALYS and other scanners

•  SLA’s now tied to Risk Meter scores and risk of vulnerability breach

•  Connects Threat Intelligence together with Vulnerability Management

•  Realize significant time and resource savings on remediation

! Stop playing the “vulnerability whack-a-mole” game "

•  Effective communication of real-world risk to vulnerabilities being actively breached across the Internet

20


SecureWorks

Questions?

David French - [email protected] | 773-551-3402 Chris Collard – [email protected] | 770-870-6331

Vulnerability Threat Processing

an "intelligence" approach to vulnerability risk management

Software

vulnerability volume

vulnerability scannersturns

vulnerability metrics

vulnerability whack

dell secureworks assets

vmp threat intelligence

internet threat data

remediation resources