Real world security webinar (v2012-05-30)
-
Upload
ncircle-a-tripwire-company -
Category
Technology
-
view
250 -
download
1
Transcript of Real world security webinar (v2012-05-30)
![Page 1: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/1.jpg)
© 2012 nCircle. All rights reserved.
Real World SecurityMaximizing the Value of Your Security Investments
![Page 2: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/2.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Meet Your Presenters
Bill RudiakDirector, Professional Services
nCircle
Seth BrombergerPrincipal
NCI Security
![Page 3: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/3.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
2fundamental
tasks…
As a Security Professional responsible for your organization’s VM and/or Compliance Program
You have
![Page 4: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/4.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
DOSOMETHING
to improve your organization’s security
![Page 5: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/5.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
PROVE IT!and
![Page 6: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/6.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• Why did your organization establisha VM and compliance program inthe first place?
• What are (were) the specific goalsof your program?
• Do all stakeholders understand theprogram and their role in it?
• Do your tools and processes support effective measurement of program performance? How are you doing?
• What’s happening in your organization now (or soon) that will impact your program?
But First, Let’s Get Back to Basics (Some Key Questions)
![Page 7: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/7.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
A CMM for Assessing Your Program’s Effectiveness
currency
coverage
remediation
reporting
depth
frequency
![Page 8: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/8.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Do Something – Your Scanning Regimen
• Coverage– Scan everything– Scan white space to
discover new assets
• Depth– Scan with Credentials
• Frequency– Scan critical assets more
frequently– Align scan frequency
with regular change management windows
![Page 9: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/9.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
CISO/
CSO
Do Something – Closed Loop Process
• Vulnerability and Compliance Management is a closed loop process and requires continuous refinement
• Participants in the process have different spans of control or concern
• Infosec Operations often lacks direct visibilityto Remediation
• Communication among stakeholders is essential to present a common picture of the organization’s risk and compliance posture
Audit &Complianc
e
ITOperation
s
InfosecOperation
s
Internal Policies
New Threats
Regulatory Standards
Vulnerabilities/Compliance Tests
![Page 10: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/10.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• Position your Infosec teamas Security Analysts whoprovide a valuable service tothe organization
• Provide C-level reinforcement and support for Infosec’s mandate — improving compliance and reducing risk
• Build and maintain collaborative relationships with system owners
• Leave the data munging to the computers
Do Something – Equip & Support Your Team
![Page 11: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/11.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Do Something – Automate via Integration
Remember — more tools mean…
• More integration points
• More possibly conflicting data and information
• More overlaps or gaps in solution functionality
• More overall impact when your environment changes
$$$
Glue can be VERY expensive!
Vulnerability /Compliance
Management
IT ServiceManagement
NetworkEngineering
Real-TimeSecurity
EventMonitoring
PatchManagement
SecurityPerformanceManagement
Identity andAccess
Management
IntrusionPrevention and
Detection
Anti-Virus andMalware
Prevention
AssetManagement
![Page 12: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/12.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• What is it?(There are different flavors of it depending on your audience)
• Is it believable?
• Can you explain and defend it?
• Can your audience easily acquire it?
• Is it useful to its intended audience?
• Does it support the goals of your program?
Prove It (First, More Questions about “It”)
![Page 13: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/13.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to ExecutivesProgram Maturity(trailing 2 quarters)
n Q4 2011n Q1 2012
![Page 14: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/14.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to Business Management
Operations
Business
2011Q1
2011Q2
2011Q3
2011Q4
2012Q1
2012Q2
5,791,465
2,357,126
Key Messages
• 59.3% vulnerability risk reduction in past 18 months
• Focus on patching the operations network resulted in majority of risk reduction in the past 6 months
• Business network risk decreased despite deployment of over 200 new servers and 800 new end-user devices in 2011
Ente
rpris
e Vu
lner
abili
ty R
isk
Vulnerability Risk by NetworkQ1 2011 - Present
![Page 15: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/15.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to IT Management
Win Server UNIX Clients Mobile Other0
50000
100000
150000
200000
250000
San FranciscoTorontoMunich
Average Host Scoreby device type/location
![Page 16: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/16.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to IT StaffTop 10 Enterprise Vulnerabilities
by % of total risk Key Messages
• The top 10 vulnerabilities represent 71.2% of the totalrisk score
• Application of 4 Microsoft patches would immediately reduce the score by 11.5%
• Enforcement of strong credentials would reduce the score by 54.4%
Vulnerability Hosts Score Total% of Total
Easily Guessed SSH Credentials 45 54748 2463660 42.5%
IP360 Default Login Enabled 8 48315 386520 6.7%
MS06-035: Mailslot Heap Overflow 6 33151 198906 3.4%
Weak SNMP Community String 'public' Found 24 8052 193248 3.3%
MS05-043: Print Spooler Service Buffer Overflow 5 35681 178405 3.1%
MS06-040: Server Service Remote Code Execution 5 32931 164655 2.8%
SSHv1 Protocol Man-In-The-Middle Vulnerability 20 7702 154040 2.7%
SSHv1 Protocol Available 20 7522 150440 2.6%
MS08-067: Server Service RPC Handling Remote Code Execution
5 25809 129045 2.2%
Easily Guessed Telnet Credentials 2 54748 109496 1.9%
![Page 17: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/17.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• Sustainability of your VM/Compliance Program requires continuous refinement — re-commit to it!
• Revisit your goals and revise them if necessary
• Measure and manage security program performance — tie output to risk reduction and compliance goals
• Make intelligent decisions about your toolset
• Use the Maturity Model to assess your program and track improvement over time
• Maintain visibility of your program by getting the right information to stakeholders and other outreach activities
In Conclusion…
![Page 18: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/18.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
nCircle Whitepaper
![Page 19: Real world security webinar (v2012-05-30)](https://reader036.fdocuments.us/reader036/viewer/2022062418/555a07b2d8b42ad00a8b53cf/html5/thumbnails/19.jpg)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Questions from the Audience…
??
??