ATTAKAATTAKA

Vulnerability Assessment and Management Vulnerability Assessment and Management PlatformPlatform

What is a Vulnerability Assessment?

It is a process for the identification of networks and devices vulnerabilities, performed before intruders may exploit such security flaws.

It is a process to detect possible flaws in security policies.

Its result must prove whether the network security complies with the established policies.

The Experts Say…

•"Enterprises that implement a vulnerability management process will experience 90 percent fewer successful attacks than those that make an equal investment only in intrusion detection systems"

• Gartner

•“The Yankee Group recommends vulnerability management services for enterprises that would incur financial risk if their network or key business applications were to become unavailable due to a misconfiguration or cyberattack..”

•“99% of network intrusions result from exploitation of known

vulnerabilities or configuration errors where

countermeasures were available.”

•Carnegie Mellon Univ.

•CERT Recommends

•Vulnerability Assessment

•Mastercard and VISA demand periodic VA to Mastercard and VISA demand periodic VA to maintain active e-commerce websitesmaintain active e-commerce websites

•Heavy Spending

•“Current enterprise security spending tends to be focused on reactive technologies more than proactive technologies” – Amrit Williams, Gartner

Proactivity Reduce Costs!•“Current enterprise security spending tends to be focused on reactive technologies more than proactive technologies” – Amrit Williams, Gartner

•En

d P

oin

tE

nd

Po

int

Inte

llig

ence

Inte

llig

ence

• Top

olog

y

Topo

logy

Inte

llige

nce

Inte

llige

nce

•Threat

Threat

Intelligence

Intelligence

•Regulations/

Regulations/

•PoliciesPolicies

•AccessAccess•Controls

Controls

•TrafficTraffic

•Inspection

Inspection

• Blo

cki

ng

Blo

cki

ng

• Ale

rtin

g

Ale

rtin

g

•Forensics

Forensics

•ProactiveProactive •ReactiveReactive

•Threat Feeds

Threat Feeds

•Co

nfi

gu

rati

on

Man

agem

ent

• Vu

lner

abili

tyM

anag

emen

t•N

etw

ork

Disco

very

•IPS

•Firew

all

•Ant

i-Vir

us

•IDS

•SIM/S

EM

•Identification/Authentication •PKI

•Incident

Response

•Compliance

Systems•NAC

•Asset Intelligence

•&

•Risk Reduction

•Blocking

•&

•Event Mgmt.

•“Stop the Bullets”•“Shrink the

•Targets”

Differences between a Vulnerability Assessment and a Pen Test

•Obtain Information

•Vulnerability

•Assessment

•Information Planning

•Attack

•Report and Analyze results

•Clean

• Pivot

•Collect all the possible information about the target

•Obtain administrator privileges on the attack system

•Take advantages of privileges

•Planning the attack

•Target definition •Target definition

•Vulnerability Assessment

•Report

•YES

•NO

•What to probe?

•Attacker skill.

•Vulnerability Assessment

•Penetration Testing

•Obtain Information

•Ready?

The Birth of Vulnerability Management(agent-less)

•2004•2001

•IP360

•Product

•2002

•Foundscan

•Service/Product

•QualysScan

•Service/Product

•2003

•REM/Retina

•Product

•Lightning Console/Nessus

•2005

•Buffer Overflows Increase Sophistication

•New Attack Vectors emerge

ATTAKA, e different kind of Vulnerability Assessment

VA with “service centric” vision

Attaka allows now to integrate all the participants through internal/external remediation, documentation and reporting workflows

They are not expensive, which allows to repeat them frequently, reinforcing the concept of "security = process", and they help carry out the complex processes to "be in compliance"

Integrates with company's Help Desk to provide greater support to clients

Gives users the possibility of interacting with their companies' security status, in a continuous and cooperative process

•ATTAKA transform in

• “ “An integrated, collaborative and management PlatformAn integrated, collaborative and management Platform””

ATTAKA, e different kind of Vulnerability Assessment

•ATTAKA assesses more than 16000 security vulnerabilities on network environments

•It consists of the following modules:

Discovery:

Asset consolidation and assessment (internal and external).

Reporting:

Interactive, historical and dashboard reports with key indicators and summarized information on vulnerabilities, statistics and current infrastructure state

Remediation:

This includes documentation and workflow. Follow-up, improvement and resolution of issues are recorded in the Patch Management process (vulnerability remediation)

Support:

24/7 on-line access based on a ITIL – Help Desk that provides support

ATTAKA, Key features

Dashboard report

Is recognized by MITRE (http://cve.mitre.org),Searches by CVE code

Vulnerabilities remediation module (patch management)

Performs external and internal audits under the company management supervision

Security news module

Performance and scalability

Possibility of assessing hundreds of IPs per report/session

Integrate 24/7 on-line access based on a ITIL – Help Desk , ISO9001 certified, that provides support

Multi-language capability

ATTAKA service

ATTAKA, sreenshots

ATTAKA, benefits for your business!

Reduces operating costs, minimizing TCO for vulnerability assessment and management tasks.

Reduces human error and false positives, by a double checking with our security specialists and knowledge databases.

Easy operation and implementation – it does not require network changes, special software or experts to make it works.

Complements and adds value to firewalls, IDS and antivirus software, by detecting failures in their configuration.

Speeds up security troubleshooting processes, presenting added information for a quick view the company's vulnerability state, complete details for each vulnerability ranked by risk level, and the recommended action for solving it.

Customers

Our offices

•:: Globant Argentina :: Buenos Aires I

•:: UK :: •London

•:: US ::

Boston

•:: US ::

•Silicon Valley

•Development Centersz

•Commercial Offices

•:: US ::

•Austin

•:: CHile ::

•Santiago

•:: Colombia::

•Bogota

•:: Mexico::

•México DF

•:: Globant Argentina :: Buenos Aires II

•:: Globant Argentina:: La Plata

•:: Globant Argentina :: Tandil

•:: Globant Argentina :: Cordoba

•:Globant Argentina :: Rosario

ATTAKA DemoATTAKA DemoURL: https://security.openware.biz Username: 12345678-attaka

Password: attaka414