how to enhance vulnerability management with intelligence plus analytics
TRANSCRIPT
Copyright © Aujas All rights reserved.Aujas Restricted Circulation
Nail Vulnerability Management with Intelligence plus Analytics
IDC IT Security Roadshow 2016Doha, Qatar
Yogesh Bhatia, CISSP, CSSLPPractice Head, Aujas
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
2
Disclaimer
The aspects discussed in this presentation are purely individual observations and opinions. They may not be necessarily correct, specially when generalized.
Incidents, examples, people, organizations etc. are used only to illustrate the points of discussion.
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
3
Everyone has their own perspective – Intelligence and Analytics
CIO and IT Operations perspective:Vulnerability data are coming from multiple sources. We really don’t have money and resources to fix them all. Not sure what to fix first.
CISO Perspective:We have assigned vulnerabilities to IT team. We really don’t have tracking mechanism till operations update us.
Business Executives Perspective:We really don’t know what all (business) group of assets have vulnerabilities, which are important and the one which matters are getting mitigated or not.
Security Analyst Perspective:We don’t want to prepare dashboard and reports every time IT operations fixes an issue.
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
4
Reliance on Single Source for Vulnerability Intelligence
“Vulnerability Intelligence refers to all research data on vulnerabilities, including but not limited to – historical data, exploits, targets, attacks etc.
Most of time we rely on scanner tool to get intelligence about a vulnerability and manually prioritize remediation.
Is this vulnerability really getting exploited and responsible for breaches happening out?
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/?utm_source=datafloq&utm_medium=ref&utm_campaign=datafloq
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
5
No Context
Were you ShellShocked?
Researchers announced a vulnerability ShellShock which allows an adversary to execute arbitrary commands on remote system and may allow an adversary to gain control over a target computer if exploited successfully.
The another one PODDLE which allows an adversary to hijack browser sessions if they are using flawed SSL protocol.
You really want to make sure that it is applicable to your environment and really impact assets before you start patching them!
Shift from fixing vulnerability mindset to risk assessment mindset is what is required.
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
6
What you need - Vulnerability Intelligenalytics
“Organization can increase effectiveness of their vulnerability management programs by automating, analytics and threat intelligence.
Targets
Threats Zero-Day
Breaches
Organization Context
Vulnerability Intelligence
Scanner Data
Manual Testing
Audit Reports
CVSS Score
Vulnerabilities that matters the most and
to be fixed first
Vulnerability Data
Analytics
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
7
Key Take Away
• Consider asset risk rating and criticality of it in the network. Get context right before spending efforts on fixing an issue.
• Subscribe to vulnerability intelligence feeds to get information on attacks, breaches, zero-day, active exploits to get perspective on vulnerabilities.
• Clearly communicate security posture to all relevant stakeholders – be it technical people or non-technical (business) people.
• CVSS is good but when you customize it your environment, it works better.
• Once you have list of important ones to be fixed, track them to the closure.
• The last not but least – Don’t do this manually as its huge task depending upon size of network and organization. Automate efforts to effectively contextualize what’s happening in outside world and what’s relevant to your organization.
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
8
Aujas Information Risk Services
390+
Customers served across 22 countries
320+
Employees globally with more than 200 specialists
220+
Certified employees across standards, technologies & industry certifications
Aujas helps organizations manage information security risks by protecting data, software, people and identities in line with compliance requirements and best practices; we also help strengthen security governance and intelligence frameworks.
Investors:• Seed Funding
• IDG Ventures – Boston, MA• Series B Funding
• IDG Ventures – Boston, MA• IvyCap Ventures – Bay
Area, CA• RVCF - India
Global Presence:
Copyright © Aujas All rights reserved. Aujas Restricted Circulation
9
Bangalore | Cupertino | Delhi | Dubai | Jersey City | Mumbai
Thank YouFor more information:Yogesh BhatiaPractice Head, Threat Management [email protected]