Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
-
Upload
alienvault -
Category
Technology
-
view
842 -
download
1
description
Transcript of Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
![Page 1: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/1.jpg)
THREAT INTELLIGENCE: THE KEY TO A COMPLETE VULNERABILITY MANAGEMENT STRATEGY
Sandy HawkeVP, Product Marketing
@sandybeachSF
![Page 2: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/2.jpg)
KEY DISCUSSION POINTS
2
Rethinking Vulnerability ManagementOvercoming challengesOverview of vulnerability scanning techniques Benefits of shared threat intelligenceCustomer feedbackKey takeawaysQ & A
![Page 3: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/3.jpg)
WHY DO WE DO VULNERABILITY MANAGEMENT?
![Page 4: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/4.jpg)
BECAUSE THAT’S WHAT ATTACKERS EXPLOIT.
WHY DO WE DO VULNERABILITY MANAGEMENT?
![Page 5: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/5.jpg)
SO WHY ISN’T VULNERABILITY MANAGEMENT DONE IN THE CONTEXT OF ACTUAL THREATS?
Historical: limitations of initial products to market
Became part of a “silo’ed” process
Many have taken the “checklist” mindset in approaching this problem.
![Page 6: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/6.jpg)
OVERCOMING OPERATIONAL CHALLENGES
![Page 7: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/7.jpg)
With vulnerability management programs
COMMON CHALLENGES
Prioritizing remediation tasks • Which vulnerability matters most?
• What’s the larger risk context? Active threats?
Removing false positives• What can I do to reduce this “noise”?
Optimizing workflows• How do I minimize disruption but maximize accuracy?
• How do I go from a static report to active remediation?
(e.g. who owns this vulnerable asset anyway?)
![Page 8: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/8.jpg)
IS THIS WHAT YOUR VULNERABILITY REPORT LOOKS LIKE?
What are you supposed to do with this?
![Page 9: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/9.jpg)
Avoiding the “vulnerability visibility vacuum”
PRIORITIZING VULNERABILITIES
• View vulnerabilities inside the context of actual threats – both global and local
• At a glance, be able to understand:
• What other software is installed on these systems?
• What type of traffic do these vulnerable hosts generate?
• Who owns these systems?
• Have these systems been targeted by known attackers?
• Are there recent alarms in my SIEM that have been triggered involving vulnerable systems?
![Page 10: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/10.jpg)
VIEWING VULNERABILITIES IN THE CONTEXT OF THREATS
Step 2: Review vulnerabilities on assets that are being targeted in active threats.
Step 1: Immediately identify known malicious IPs targeting these vulns.
Step 3: Follow step-by-step guidance in responding to the threat.
![Page 11: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/11.jpg)
Leverage a variety of scanning techniquesREMOVING FALSE POSITIVES
Continuous Vulnerability Monitoringcorrelate data from asset discovery & inventory scans with the latest known vulnerabilities Benefits: avoids network
“noise”; minimizes system impact; requiresminimal resources
Active Network Scanningactively scan to identify vulnerable services and software. Authenticated – more
accurate, but potentially more impactful
Unauthenticated – less accurate, but less impactful
![Page 12: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/12.jpg)
Breaking down silosOPTIMIZING WORKFLOWS
Streamline this process: Run the scan, vet the data, prioritize
remediation* based on global and local threat intelligence, then re-run a validation scan.
Document the process: Integrated ticketing system makes this much
easier. Secret to success?
Having all of the essential functionality in one place.
*sometimes this is a patch, and sometimes it’s a workaround.
![Page 13: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/13.jpg)
USING A UNIFIED, THREAT-BASED APPROACH FOR VULNERABILITY MANAGEMENT
![Page 14: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/14.jpg)
Piece it all together
Look for strange activity which could
indicate a threat
Start looking for threats
Identify ways the target could be compromised
What functionality do I need?
Figure out what is valuable
14
![Page 15: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/15.jpg)
Piece it all together
Look for strange activity which could
indicate a threat
Start looking for threats
Identify ways the target could be compromised
15
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
What functionality do I need?
![Page 16: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/16.jpg)
Piece it all together
Look for strange activity which could
indicate a threat
Start looking for threats
16
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
What functionality do I need?
![Page 17: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/17.jpg)
Piece it all together
Look for strange activity which could
indicate a threat
17
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
What functionality do I need?
![Page 18: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/18.jpg)
Piece it all together
18
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
BehavioralMonitoring What
functionality do I need?
![Page 19: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/19.jpg)
19
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
BehavioralMonitoring
Security Intelligence• SIEM Event Correlation• Incident Response
SecurityIntelligence
What functionality do I need?
![Page 20: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/20.jpg)
20
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
BehavioralMonitoring
Security Intelligence• SIEM Event Correlation• Incident Response
SecurityIntelligence
Unified Security
Management
![Page 21: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/21.jpg)
WHY ALIENVAULT USM?
All-in-one functionality Vulnerability assessment within a broader
context Targeted remediation, easier to manage
Flexible reporting, multiple modules, formats & queries… as detailed as you want it.
Threat intelligence from AlienVault Labs Know WHO is targeting vulnerabilities,
HOW they’re doing it and WHAT to do about it
21
![Page 22: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/22.jpg)
ALIENVAULT LABS THREAT INTELLIGENCE: SECURITY FOR YOU, POWERED BY ALL
22
![Page 23: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/23.jpg)
ALIENVAULT LABS THREAT INTELLIGENCE:COMPLETE COVERAGE TO STAY AHEAD OF THE THREAT
23
Network and host-based IDS signatures – detects the latest threats in your environment
Asset discovery signatures – identifies the latest OS’es, applications, and device types
Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems
Correlation rules – translates raw events into actionable remediation tasks
Reporting modules – provides new ways of viewing data about your environment
Dynamic incident response templates – delivers customized guidance on how to respond to each alert
Newly supported data source plug-ins – expands your monitoring footprint
![Page 24: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/24.jpg)
CUSTOMER SUCCESS
![Page 25: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/25.jpg)
ACHIEVING COMPLETE VULNERABILITY MANAGEMENT
Unify your security monitoring controls for better visibility into vulnerabilities
Use emerging threat intelligence to prioritize remediation
Evolve from checklist reporting to true risk reduction
![Page 26: Threat Intelligence: The Key To A Complete Vulnerability Management Strategy](https://reader034.fdocuments.us/reader034/viewer/2022052619/555a6a45d8b42ae7218b4dc2/html5/thumbnails/26.jpg)
NOW FOR SOME Q&A…
Three Ways to Test Drive AlienVault
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http
://www.alienvault.com/live-demo-site
Join us for a LIVE Demo!
http
://www.alienvault.com/marketing/alienv
ault-usm-live-
demo
Questions? [email protected]