globant attaka eng
TRANSCRIPT
ATTAKAATTAKA
Vulnerability Assessment and Management Vulnerability Assessment and Management PlatformPlatform
What is a Vulnerability Assessment?
It is a process for the identification of networks and devices vulnerabilities, performed before intruders may exploit such security flaws.
It is a process to detect possible flaws in security policies.
Its result must prove whether the network security complies with the established policies.
The Experts Say…
•"Enterprises that implement a vulnerability management process will experience 90 percent fewer successful attacks than those that make an equal investment only in intrusion detection systems"
• Gartner
•“The Yankee Group recommends vulnerability management services for enterprises that would incur financial risk if their network or key business applications were to become unavailable due to a misconfiguration or cyberattack..”
•“99% of network intrusions result from exploitation of known
vulnerabilities or configuration errors where
countermeasures were available.”
•Carnegie Mellon Univ.
•CERT Recommends
•Vulnerability Assessment
•Mastercard and VISA demand periodic VA to Mastercard and VISA demand periodic VA to maintain active e-commerce websitesmaintain active e-commerce websites
•Heavy Spending
•“Current enterprise security spending tends to be focused on reactive technologies more than proactive technologies” – Amrit Williams, Gartner
Proactivity Reduce Costs!•“Current enterprise security spending tends to be focused on reactive technologies more than proactive technologies” – Amrit Williams, Gartner
•En
d P
oin
tE
nd
Po
int
Inte
llig
ence
Inte
llig
ence
• Top
olog
y
Topo
logy
Inte
llige
nce
Inte
llige
nce
•Threat
Threat
Intelligence
Intelligence
•Regulations/
Regulations/
•PoliciesPolicies
•AccessAccess•Controls
Controls
•TrafficTraffic
•Inspection
Inspection
• Blo
cki
ng
Blo
cki
ng
• Ale
rtin
g
Ale
rtin
g
•Forensics
Forensics
•ProactiveProactive •ReactiveReactive
•Threat Feeds
Threat Feeds
•Co
nfi
gu
rati
on
Man
agem
ent
• Vu
lner
abili
tyM
anag
emen
t•N
etw
ork
Disco
very
•IPS
•Firew
all
•Ant
i-Vir
us
•IDS
•SIM/S
EM
•Identification/Authentication •PKI
•Incident
Response
•Compliance
Systems•NAC
•Asset Intelligence
•&
•Risk Reduction
•Blocking
•&
•Event Mgmt.
•“Stop the Bullets”•“Shrink the
•Targets”
Differences between a Vulnerability Assessment and a Pen Test
•Obtain Information
•Vulnerability
•Assessment
•Information Planning
•Attack
•Report and Analyze results
•Clean
• Pivot
•Collect all the possible information about the target
•Obtain administrator privileges on the attack system
•Take advantages of privileges
•Planning the attack
•Target definition •Target definition
•Vulnerability Assessment
•Report
•YES
•NO
•What to probe?
•Attacker skill.
•Vulnerability Assessment
•Penetration Testing
•Obtain Information
•Ready?
The Birth of Vulnerability Management(agent-less)
•2004•2001
•IP360
•Product
•2002
•Foundscan
•Service/Product
•QualysScan
•Service/Product
•2003
•REM/Retina
•Product
•Lightning Console/Nessus
•2005
•Buffer Overflows Increase Sophistication
•New Attack Vectors emerge
ATTAKA, e different kind of Vulnerability Assessment
VA with “service centric” vision
Attaka allows now to integrate all the participants through internal/external remediation, documentation and reporting workflows
They are not expensive, which allows to repeat them frequently, reinforcing the concept of "security = process", and they help carry out the complex processes to "be in compliance"
Integrates with company's Help Desk to provide greater support to clients
Gives users the possibility of interacting with their companies' security status, in a continuous and cooperative process
•ATTAKA transform in
• “ “An integrated, collaborative and management PlatformAn integrated, collaborative and management Platform””
ATTAKA, e different kind of Vulnerability Assessment
•ATTAKA assesses more than 16000 security vulnerabilities on network environments
•It consists of the following modules:
Discovery:
Asset consolidation and assessment (internal and external).
Reporting:
Interactive, historical and dashboard reports with key indicators and summarized information on vulnerabilities, statistics and current infrastructure state
Remediation:
This includes documentation and workflow. Follow-up, improvement and resolution of issues are recorded in the Patch Management process (vulnerability remediation)
Support:
24/7 on-line access based on a ITIL – Help Desk that provides support
ATTAKA, Key features
Dashboard report
Is recognized by MITRE (http://cve.mitre.org),Searches by CVE code
Vulnerabilities remediation module (patch management)
Performs external and internal audits under the company management supervision
Security news module
Performance and scalability
Possibility of assessing hundreds of IPs per report/session
Integrate 24/7 on-line access based on a ITIL – Help Desk , ISO9001 certified, that provides support
Multi-language capability
ATTAKA service
ATTAKA, sreenshots
ATTAKA, benefits for your business!
Reduces operating costs, minimizing TCO for vulnerability assessment and management tasks.
Reduces human error and false positives, by a double checking with our security specialists and knowledge databases.
Easy operation and implementation – it does not require network changes, special software or experts to make it works.
Complements and adds value to firewalls, IDS and antivirus software, by detecting failures in their configuration.
Speeds up security troubleshooting processes, presenting added information for a quick view the company's vulnerability state, complete details for each vulnerability ranked by risk level, and the recommended action for solving it.
Customers
Our offices
•:: Globant Argentina :: Buenos Aires I
•:: UK :: •London
•:: US ::
Boston
•:: US ::
•Silicon Valley
•Development Centersz
•Commercial Offices
•:: US ::
•Austin
•:: CHile ::
•Santiago
•:: Colombia::
•Bogota
•:: Mexico::
•México DF
•:: Globant Argentina :: Buenos Aires II
•:: Globant Argentina:: La Plata
•:: Globant Argentina :: Tandil
•:: Globant Argentina :: Cordoba
•:Globant Argentina :: Rosario
ATTAKA DemoATTAKA DemoURL: https://security.openware.biz Username: 12345678-attaka
Password: attaka414