continuous vulnerability assessment and remediation...network packets analysis by plugins os version...

Continuous vulnerability assessment and remediation

Andrii Solomko senior pre-sale engineer

Tenable Solution Components

INTEGRATEDPLATFORM

SCCV HOSTDATA

PASSIVELISTENING

INTELLIGENT CONNECTORS

AGENT SCANNING

ACTIVESCANNING

Cloud DevicesUsersEndpointNetworksWeb VirtualMobile

Security Center Continuous View

Nessus Network Monitor™

former PVS

PASSIVE VULNERABILITY

SCANNER

LCE™

LOG CORRELATION ENGINEEVENT

EVENT

EVENT

NESSUS®

AGENT

SECURITYCENTER™

CONTINUOUS VIEW

NESSUS®

SCANNER

TENABLE.IO®

CLOUD

INTERNET

DMZ

Branch Office

SOC

Corporate HQVMware ESXi

VM VM VM

VMware ESXi

VM VM VM

VMware ESXi

VM VM VM

Scan

Collect

Sense

SC

Scan

Collect

ScanNA

NA

SenseLCLC

NCcloudservices

NESSUS®

VULNERABILITY SCANNER

Nessus Network Scan

Opened Network Port (TCP / UDP)

Vulnerabilities

Default Password

Network Based Scanning

NESSUS®

VULNERABILITY SCANNER

Nessus Credential Scan

Details System Information

Programs and DLLs version

OS Version

Vulnerabilities

Running Services

Unwanted Service

Established Connections

Compare Against Botnet

Database

Host connected with botnet

(Compromised)

Running Process

Known Malware (Compare with 29 AV Vendors)

Compromised Host

Known Good Software

Unknown Process

Compromised Host

System Configuration

Compare Against Security

Baseline

Out of Compliance

System

Files and Folders

Permission

Compare Against Security

Baseline

Out of Compliance

System

File Content Pattern Check

Find out file with Sensitive Pattern

System Configuration Verification

Credential Based Scanning

Active/Agent Scanning

Vulnerability assessment – Security devices – Network devices – ICS/SCADA systems – Storage – OSs – Hypervisors – Databases – Applications


Configuration auditing – Security devices – Network devices – ICS/SCADA systems – Storage – OSs – Hypervisors – Databases – Applications


Malware detection • Unique or unknown

• Executables • Processes • “Autoruns”

Third-Party Data

• Mobile device management • Patch management • Network & security devices • Credential management • Cloud infrastructure • Threat intelligence

Network Packets

Analysis by Plugins

OS Version

Vulnerabilities

Application Running

Unwanted Application, e.g. Bitcoin Mining

Malware Behavior

New / Established Connections

Compare Against Botnet Database


(Compromised)

New Hosts / MAC / Network

Services

Hosts Monitoring, Rouge Host Detection

Connections Type Breakdown

Assist to Identify Suspicious Behavior

Web / DNS Queries

Compare Against Botnet Database


(Compromised)

Failed QueriesMisconfigured / Compromised

Host

Service Usage Summary

NESSUS NETWORK MONITOR™

(formerly PASSIVE VULNERABILITY SCANNER)

Passive Scanning

Passive Listening

Network mapping • General network information • Details by host • Internal host connectivity • Continuous vulnerability

assessment

Passive Listening

● Malware and backdoor ● Botnet ● Data leakage ● Porn ● Gaming ● Peer-to-peer ● Tunneling

Network Traffic● VPN ● Policy concerns ● CGI ● Internet services ● Internet messaging ● Non-standard traffic

Log Correlation Engine (LCE)

Host Data

● Suspicious events; e.g. ○ Login failures ○ Error spikes ○ DNS query failures

● New software ● Never-before-seen ● Anomalous behavior

How Tenable Can Help with GDPR?

Security FrameworksAutomate assessment and conformance

VISIBILITYContinuous

Critical

Decisive

CONTEXT

ACTION

Tenable automates the assessment of most technical controls

Centralized data store for controls so you can extract precise data for audits/reports

Assurance Report Cards (ARCs) communicate status and areas needing improvement

Security FrameworksDashboards & Assurance Report Cards (ARCs)

CIS Critical Security Controls

What are the CIS Critical Security Controls?

Technical measures to detect, prevent, respond, and mitigate damage from the most common to the most advanced attacks.

Five Critical Tenets • Offense Informs Defense • Prioritization • Metrics • Continuous Monitoring • Automation

Foundational Cyber Hygiene Controls

Highest payback. Foundation for subsequent controls.

• CSC 1: Inventory of Authorized and Unauthorized Devices

• CSC 2: Inventory of Authorized and Unauthorized Software

• CSC 3: Secure Configurations for Hardware and Software…

• CSC 4: Continuous Vulnerability Assessment and Remediation

• CSC 5: Controlled Use of Administrative Privileges

ISO:IEC 27001/27002 Details

What is ISO/IEC 27001/27002?

ISO 27001: Information Security Management Systems – Requirements

ISO 27002: Code of Practice for Information Security Controls

Benefits ✓ Improved Information

Security ✓ Business Alignment ✓ Compliance Foundation ✓ Internationally Recognized ✓ Available Certification

ISO 27002: Administrative and Technical Controls

Administrative (~75%); e.g. ● Policies ● Processes and Procedures ● Roles and Responsibilities

Technical (~25%); e.g. ● Controls Against Malware ● Event Logging ● Vulnerability Management

Tenable Automates Mst ISO 27002 Technical Controls

CSC ARCs and Dashboards

▪ Automation▪ Communication▪ Consolidation

SecurityCenter CV Benefits

Thank you! Andrii Solomko [email protected]

mailto:[email protected]

continuous vulnerability assessment and remediation...network packets analysis by plugins os version...

Documents