Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

1. Risk Analytics: Using your Data to Solve Security Challenges www.skyboxsecurity.com Gidi Cohen CEO and Founder, Skybox Security Infosec Europe, 1 May 2014

2. © 2014 Skybox Security Inc. 2 Skybox Security Overview  Powerful security management platform – Vulnerability and threat management – Firewall assessment – Network change management  Customers include: Risk Analytics for Cyber Security

3. © 2014 Skybox Security Inc. 3 Risk Analytics: Using your Data to Solve Security Challenges Agenda  Cyber Attacks - The Management Challenge  Risk Analytics - Attack Surface Visibility  Making Use of Risk Analytics – Network Security Management – Vulnerability and Threat Management

4. © 2014 Skybox Security Inc. 4 Enterprises are Unable to Defend Against Cyber Attacks  Hacking incidents reported in 20131 63,000 110 Million Data records lost at Target stores alone1 £7 Million  Annual cost of cyber attacks reported by enterprise2 Sources: 12013 Verizon Data Breach Report, 2 2013 Ponemon Cost of Cyber Crime Study Coordinated ATM heist2

5. © 2014 Skybox Security Inc. 5 Attackers Understand Your Attack Surface …You Don’t Expansion Drivers Vulnerabilities Endpoints Exploits Contraction Drivers Network segmentation Fixing vulnerabilities Technical Controls Minutes to attack, months to defend

6. © 2014 Skybox Security Inc. 6 Security Processes Can’t Keep Up Will spend more on 2014 security3 Common Problems  Too much data  Too many changes  Disruptive  No context  Difficult to analyze  Unable to take action 48% Source: 32014 Cyberthreat Defense Report by CyberEdge Group

7. © 2014 Skybox Security Inc. 7 Take HeartBleed, Please!  Attacks using publicly known vulnerabilities in commercial software4 75% Old data  Over half of organizations have vulnerability data over 90 days old3  In April, HeartBleed vulnerabilities revealed by Apple, Cisco, Google, Symantec, Oracle, IBM, Fortinet, McAfee, HP… Source: 4“Raising the Bar for Cybersecurity”, J.A. Lewis, Center for Strategic and Intl Studies, Feb 2013

8. © 2014 Skybox Security Inc. 8 Network Visibility: Topology Routing Policies Firewalls Endpoints Visibility: Software Patches Vulnerabilities Classification Use Risk Analytics to Understand Your Attack Surface - Continuously Attack Vectors Risk Metrics Remediation Plan Network Visualization Contextual Analysis

9. © 2014 Skybox Security Inc. 9 Network Visibility  Hosts, devices, zones  Firewall rules(ACLs)  Routing, NAT, VPN  Path Analysis Firewall allows port open from the internet Complete understanding of network topology, segmentation and connectivity

10. © 2014 Skybox Security Inc. 10 Device Level Analysis  Access Policy Compliance  Rule base analysis – Usage – Shadowed / Redundant rules  Platform configuration compliance  IPS Signatures analysis

11. © 2014 Skybox Security Inc. 11 Endpoint Visibility – Servers, Desktops, Mobile, Cloud  Installed software and versions  Installed and missing patches  Vulnerabilities  Asset classification Detailed understanding of configuration and vulnerabilities of all hosts

12. © 2014 Skybox Security Inc. 12 Analytic Approach to Scanless Vulnerability Discovery Hosts & Network Devices Installed products, missing patches (CPE) Vuln List (CVE) Create a profile of the products Apply rules to extract vulnerabilities System config repository

13. © 2014 Skybox Security Inc. 13 Analytics Give You a Continuous View of Vulnerabilities Time Month 1 Month 2 Month 3 50% Combining active scanning and analytics based vulnerability detection 100% Active scanner Analytics -based detection

14. © 2014 Skybox Security Inc. 14 Network and Endpoint Visibility  Threat Origins and Exploitable Vulnerabilities Internet Hacker Compromised Partner Rogue Admin Vulnerabilities CVE 2014-0160 CVE 2014-0515 CVE 2014-1776

15. © 2014 Skybox Security Inc. 15 Add Attack Simulation  Automatic Identification of Attack Vectors Internet Hacker Compromised Partner Attack Simulations Rogue Admin Vulnerabilities CVE 2014-0160 CVE 2014-0515 CVE 2014-1776

16. © 2014 Skybox Security Inc. 16 Look for “Hot Spots” Risk and Exposure Based Prioritization Enabling Optimal and Timely Remediation Attack Vectors Virtual pen test Target concentrations of vulns to reduce overall risk Target attack vectors against critical assets Look for Attack Vectors Target specific high risk attack vectors to assets Vendor Security Bulletins Business Units Vulnerability Severity Geo/ Tech Group

17. © 2014 Skybox Security Inc. 17 Verify Compliance Model Network Applying Risk Analytics to Network Security Management Processes Analyse Firewalls Manage Changes Find security gaps in all firewalls Check internal and external policies Correlate network security data Saves time Answers in minutes Stay compliant Avoid risk Check planned changes in advance

18. © 2014 Skybox Security Inc. 18 RemediateDiscover Minutes not months Analyse Threat Response Scanless Cover entire infrastructure Find all risks automatically Prioritize by risk Context- driven remediation Applying Risk Analytics to Vulnerability and Threat Management Identify relevant threats Focus Fix Monitor

19. © 2014 Skybox Security Inc. 19 In Summary • Continuous visibility of attack surface is critical • Combine network and endpoint data • Use analytics to examine attack vectors Focus on the Attack Surface • Drive automation at every step • Stay ahead of the attacks Integrate into Security Processes

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

Recommandé

Contenu connexe

Tendances

Tendances(20)

Similaire à Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

Similaire à Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges(20)

Plus de Skybox Security

Plus de Skybox Security(16)

Dernier

Dernier(20)

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges