greenbone vulnerability assessment - networkshop44

Greenbone vulnerability assessment

Dirk Schrader

what‘s bad on your network:tackling it withVulnerability Management

Dirk SchraderUniversity of Manchester; March 24th, 201609:45 – 10:15, Theatre A

Introduction• Greenbone Networks• Develops Vulnerability

Management Solutions since 2004• Open Source and Transparency• Your data is your data:

NO CLOUD• German

• Dirk Schrader

• CISSP (by ISC2) in good standing

• CISM (by ISACA)in progress• 20+ years in IT Sec

• German, too

www.greenbone.net

What should be considered as ‚bad‘?

www.greenbone.net

Susceptibility Accessibility

Capability

Anything which is susceptible to misuse and accessible by an adversary with sufficient capabilities.That can be:

• Software flaws• Defaults or misconfigurations• Unauthorized or

unsuspected installations• Compliance deviation

or Non-Compliance• Policy deviation or violation

Start with a different perspective, ..

www.greenbone.net

Processes, Policies& Awareness

Physical

Perimeter

Network

Host & OS

Application

Data

Authentication

NG Firewall

N-IDPS

H-IDPS

AV-System

SIEM / ISMS

VulnerabilityManagement

insid

e –

ou

t

view

outside – in view

.. then prepare,• Define secure configurations• Whitelist systems and

applications• Map to security controls

• Still, if none is there:start simple, enhance stepwise

www.greenbone.net

Policies

Compliance

Guidelines

.. identify,• Import and/or discover

assets• Scan assets• Scan them authenticated

• CPE information is vital

www.greenbone.net

.. classify,• use CVSS, CVE, and CPE• enhance with add SecInfo

• most important, tag with Asset Criticality info

www.greenbone.net

.. prioritize,• based on Score, Quality of Detection,

and available Solution Type• adding Asset Criticality Information

• Attack status confirms

www.greenbone.net

.. assign,• use Reports, Alerts, or a Ticket

System• based on Knowlegde,

Experience, and Role

• track and trace assignment

www.greenbone.net

.. mitigate and remediate,• patch and/or upgrade• block and/or isolate• work around

• override is also a temporary option

www.greenbone.net

.. store and repeat,..• predict and trend assets• handle changes in infrastructure• time-stamped data supports Forensics

• average of 40 high severity flawspublished per week• 24h/48h ‚Window of Vulnerability‘

www.greenbone.net

.. and improve!• Eases implementation of Updates

and Changes to Policies,Guidelines, and Compliance• Meaningful KPIs for the IT Security

documented• The number of vulnerabilities over time is

not meaningful• But the time needed to mediate/mitigate

(reduced by..)• The time needed to identify

(faster by x)• Fail/pass ratio of adherence to policy,

compliance (increased by ..)

www.greenbone.net

the process of Vulnerability Management

www.greenbone.net

prepare

identify classify

prioritize

assign

mitigate &remediate

store &repeat

improve

•Thank you,•ready for questions ?!