continuous vulnerability assessment and remediation...network packets analysis by plugins os version...
TRANSCRIPT
Continuous vulnerability assessment and remediation
Andrii Solomko senior pre-sale engineer
Tenable Solution Components
INTEGRATEDPLATFORM
SCCV HOSTDATA
PASSIVELISTENING
INTELLIGENT CONNECTORS
AGENT SCANNING
ACTIVESCANNING
Cloud DevicesUsersEndpointNetworksWeb VirtualMobile
Security Center Continuous View
Nessus Network Monitor™
former PVS
PASSIVE VULNERABILITY
SCANNER
LCE™
LOG CORRELATION ENGINEEVENT
EVENT
EVENT
NESSUS®
AGENT
SECURITYCENTER™
CONTINUOUS VIEW
NESSUS®
SCANNER
TENABLE.IO®
CLOUD
INTERNET
DMZ
Branch Office
SOC
Corporate HQVMware ESXi
VM VM VM
VMware ESXi
VM VM VM
VMware ESXi
VM VM VM
Scan
Collect
Sense
SC
Scan
Collect
ScanNA
NA
SenseLCLC
NCcloudservices
NESSUS®
VULNERABILITY SCANNER
Nessus Network Scan
Opened Network Port (TCP / UDP)
Vulnerabilities
Default Password
Network Based Scanning
NESSUS®
VULNERABILITY SCANNER
Nessus Credential Scan
Details System Information
Programs and DLLs version
OS Version
Vulnerabilities
Running Services
Unwanted Service
Established Connections
Compare Against Botnet
Database
Host connected with botnet
(Compromised)
Running Process
Known Malware (Compare with 29 AV Vendors)
Compromised Host
Known Good Software
Unknown Process
Compromised Host
System Configuration
Compare Against Security
Baseline
Out of Compliance
System
Files and Folders
Permission
Compare Against Security
Baseline
Out of Compliance
System
File Content Pattern Check
Find out file with Sensitive Pattern
System Configuration Verification
Credential Based Scanning
Active/Agent Scanning
Vulnerability assessment – Security devices – Network devices – ICS/SCADA systems – Storage – OSs – Hypervisors – Databases – Applications
Active/Agent Scanning
Configuration auditing – Security devices – Network devices – ICS/SCADA systems – Storage – OSs – Hypervisors – Databases – Applications
Active/Agent Scanning
Malware detection • Unique or unknown
• Executables • Processes • “Autoruns”
Third-Party Data
• Mobile device management • Patch management • Network & security devices • Credential management • Cloud infrastructure • Threat intelligence
Network Packets
Analysis by Plugins
OS Version
Vulnerabilities
Application Running
Unwanted Application, e.g. Bitcoin Mining
Malware Behavior
New / Established Connections
Compare Against Botnet Database
Host connected with botnet
(Compromised)
New Hosts / MAC / Network
Services
Hosts Monitoring, Rouge Host Detection
Connections Type Breakdown
Assist to Identify Suspicious Behavior
Web / DNS Queries
Compare Against Botnet Database
Host connected with botnet
(Compromised)
Failed QueriesMisconfigured / Compromised
Host
Service Usage Summary
NESSUS NETWORK MONITOR™
(formerly PASSIVE VULNERABILITY SCANNER)
Passive Scanning
Passive Listening
Network mapping • General network information • Details by host • Internal host connectivity • Continuous vulnerability
assessment
Passive Listening
● Malware and backdoor ● Botnet ● Data leakage ● Porn ● Gaming ● Peer-to-peer ● Tunneling
Network Traffic● VPN ● Policy concerns ● CGI ● Internet services ● Internet messaging ● Non-standard traffic
Log Correlation Engine (LCE)
Host Data
● Suspicious events; e.g. ○ Login failures ○ Error spikes ○ DNS query failures
● New software ● Never-before-seen ● Anomalous behavior
How Tenable Can Help with GDPR?
Security FrameworksAutomate assessment and conformance
VISIBILITYContinuous
Critical
Decisive
CONTEXT
ACTION
Tenable automates the assessment of most technical controls
Centralized data store for controls so you can extract precise data for audits/reports
Assurance Report Cards (ARCs) communicate status and areas needing improvement
Security FrameworksDashboards & Assurance Report Cards (ARCs)
CIS Critical Security Controls
What are the CIS Critical Security Controls?
Technical measures to detect, prevent, respond, and mitigate damage from the most common to the most advanced attacks.
Five Critical Tenets • Offense Informs Defense • Prioritization • Metrics • Continuous Monitoring • Automation
Foundational Cyber Hygiene Controls
Highest payback. Foundation for subsequent controls.
• CSC 1: Inventory of Authorized and Unauthorized Devices
• CSC 2: Inventory of Authorized and Unauthorized Software
• CSC 3: Secure Configurations for Hardware and Software…
• CSC 4: Continuous Vulnerability Assessment and Remediation
• CSC 5: Controlled Use of Administrative Privileges
ISO:IEC 27001/27002 Details
What is ISO/IEC 27001/27002?
ISO 27001: Information Security Management Systems – Requirements
ISO 27002: Code of Practice for Information Security Controls
Benefits ✓ Improved Information
Security ✓ Business Alignment ✓ Compliance Foundation ✓ Internationally Recognized ✓ Available Certification
ISO 27002: Administrative and Technical Controls
Administrative (~75%); e.g. ● Policies ● Processes and Procedures ● Roles and Responsibilities
Technical (~25%); e.g. ● Controls Against Malware ● Event Logging ● Vulnerability Management
Tenable Automates Mst ISO 27002 Technical Controls
CSC ARCs and Dashboards
▪ Automation▪ Communication▪ Consolidation
SecurityCenter CV Benefits
Thank you! Andrii Solomko [email protected]