SecureWorks
An “Intelligence” Approach to Vulnerability Risk Management
Powered by:
David French, Risk I/O VP of Business Development Chris Collard, Dell SecureWorks Product Management
+
2
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Setting the Stage • Company Profile: Leading national
distributor of natural, organic specialty foods
• IT Footprint: Over 11,000 IT computing assets
• Qualys VM user through partnership with Dell SecureWorks
• Core focus on patch management
• Biggest challenge: Limited IT resources for vulnerability remediation
3
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
VMware ESX and ESXi
Physical Scanners
Browser Plugins
Mobile Agents
Virtual Scanners
Hypervisor
IaaS/PaaS Perimeter Scanners
Qualys Drives Continuous Visibility • Weekly scanning of both external and internal environment
• Authenticated Scanning of Windows environments
• Identifying over 1M CVE vulnerabilities!
4
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Challenges with Vulnerability Remediation
• Overwhelmed and can’t keep up with vulnerability volume
! Playing vulnerability “whack-a-mole” "
• Lack of visibility due to vulnerability silos (Application / Network / Code)
• Resource constrained w/ few resources dedicated to VMP
• Threat intelligence is disconnected from remediation decision making
• Vulnerability metrics do not reflect actual, real-world risk
5
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Customer’s Business Specific Challenges
• Reduction of risk is tied to quarterly bonus structure
• Limited resources for vulnerability remediation – From both Security & IT Operations
• Issues with SLA integrity and consistency – There is a significant need to remove the guesswork
• Constantly receives pushback from IT operations – “Why do we need to remediation these vulnerabilities?”
• Constantly challenged by management to “do more with less” – Budgetary and resource-wise
6
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Dell SecureWorks – Vulnerability Threat Processing
Proactive, automated service providing 24/7 prioritization of the vulnerabilities putting you most at risk of a security breach
Seamless integration with vulnerability scanners
Turns the conversation into “Vulnerability Risk Management”
+
7
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Fully Integrated with Dell SecureWorks
• Assets managed and correlated within Managed Service
• No software, No hardware to install or maintain
• Secure Single Sign-On
• 24/7 Vulnerability Threat Processing
8
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Prevent Vulnerability Breaches Save time and resources. Visualize where, when, and how you are exposed to actively breached vulnerabilities.
9
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
How does Vulnerability Threat Processing work? • QUALYS identifies 2,483 assets with 280,566 vulnerabilities, of which over 145,000
vulnerabilities are ranked high severity
• This is a daunting volume! Where do you start?
10
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
24/7 Vulnerability Threat Processing
Internet Threat Intelligence is matched with your vulnerabilities.
Internet Threat Data - Attacks and Threats “in the wild”
- Web Applications Threats
- Popular Threat Targets
- Zero Day Threats
Automated prioritization of the vulnerabilities putting you most at risk of a security breach. Vulnerability data is matched 24/7 with Internet Threat data:
11
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Internet Threat Intelligence Sources A growing list of Internet threat intelligence sources are used by the service and include:
• CTU Intelligence • Open Threat Exchange (OTX)
• SANS ISC
• National Vulnerability Database (NVD)
• WASC
• The Exploit DB
• SHODAN
• Metasploit Project • 6Scan
12
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Real-Time Threat Trends Visibility into threats “in-the-wild” that impact your organization today
✓ Active Breaches ✓ Web Attacks ✓ Volume & Velocity
13
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
The Result of Vulnerability Threat Processing: • Actionable results: 455 assets that have 1,290 vulnerabilities matching active Internet
breaches. – Immediately focus on the vulnerabilities posing the greatest risk!
• Saves significant amounts of time and remediation resources.
14
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
The Kill Chain – Vulnerability Weaponization
Target Defined
Objective Met
Recon
Vulnerability / Weaponization
Distribution & Delivery
Persistence / Lateral
Movement
Action on Target
Command & Control
Exfiltration Exploitation
Cost to resist Lowest Highest
14 Confidential
Vulnerability Monitoring & Prioritization prevents vulnerability exploitation
15
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Proactively Break the Kill Chain Example of an old Adobe Acrobat vulnerability (phishing)
16
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Quick Visibility of Threats Across Your Environment
Easily Customize Your Risk Meter Dashboard
17
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Visibility - Risk Meter Dashboard Effectively communicate & measure risk to vulnerability breaches
✓ Configurable ✓ Servers, Apps ✓ Technologies
Configure for every stakeholder
18
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Prioritization - Fix What Matters
Prioritize the vulnerabilities putting you most at risk.
Quick Lists
Remediation Lists
Improve your security posture.
19
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Benefits to Dell SecureWorks Customer
• Leverages existing investment in QUALYS and other scanners
• SLA’s now tied to Risk Meter scores and risk of vulnerability breach
• Connects Threat Intelligence together with Vulnerability Management
• Realize significant time and resource savings on remediation
! Stop playing the “vulnerability whack-a-mole” game "
• Effective communication of real-world risk to vulnerabilities being actively breached across the Internet
20
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Questions?
David French - [email protected] | 773-551-3402 Chris Collard – [email protected] | 770-870-6331
Vulnerability Threat Processing