SACM Vulnerability Assessment Scenario IETF 95 04/05/2016.

Slides:

Advertisements

Similar presentations

Configuration Management

Advertisements

Software Quality Assurance Plan

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

1 The Database Application Development Process The Database Application Development Process.

Configuration Management Managing Change. Points to Ponder Which is more important?  stability  progress Why is change potentially dangerous?

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

High-Level Assessment Month Year

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Configuration Management Avoiding Costly Confusion mostly stolen from Chapter 27 of Pressman.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

© 2011 The MITRE Corporation. All rights Reserved. Approved for Public Release: Distribution Unlimited You’re Not Done (Yet) Turning Securable.

Configuration Management Managing Change. Points to Ponder Which is more important?  stability  progress Why is change potentially dangerous?

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Initial slides for Layered Service Architecture

S/W Project Management

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

systemhound © Raxco Software Belgium systemhound PC inventory software.

A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.

Dan Parish Program Manager Microsoft Session Code: OFC 304.

Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.

1. There are different assistant software tools and methods that help in managing the network in different things such as: 1. Special management programs.

Michael Dermody September 2010  Capability Maturity Model Integration ◦ Is a Trademark owned by the Software Engineering Institute (SEI) of Carnegie.

Configuration Management (managing change). Starter Questions... Which is more important?  stability  progress Why is change potentially dangerous?

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Secure Cloud Solutions Open Government Forum Abu Dhabi April 2014 Karl Chambers CISSP PMP President/CEO Diligent eSecurity International.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

SACM Requirements Nancy Cam-Winget March 2014.

Systems Management Server 2.0: Backup and Recovery Overview SMS Recovery Web Site location: Updated.

Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG.

NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.

SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Data Strategy  Status Update  SSIM  RID  Technology Strategies.

Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.

A Brave NEtWork World Rob Willis, Ross & Associates Node Mentoring Workshop New Orleans, LA February 28, 2005.

Database Administration

Microsoft Management Seminar Series SMS 2003 Change Management.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

+ Moving Targets: Security and Rapid-Release in Firefox Presented by Carlos Bernal-Cárdenas.

State of Georgia Release Management Training

SCOPE DEFINITION,VERIFICATION AND CONTROL Ashima Wadhwa.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire

Telecommunication Requirements draft-zhuang-sacm-telereq-00 Xiaojun Zhuang, Minpeng Qi (presenter) Judy Zhu.

Software Engineering Process - II 7.1 Unit 7: Quality Management Software Engineering Process - II.

Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.

Kevin Watson and Ammar Ammar IT Asset Visibility.

CISOs Guide To Communicating WNCRY.

Critical Security Controls

Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.

Overview – SOE PatchTT December 2013.

Leverage What’s Out There

Detection and Analysis of Threats to the Energy Sector (DATES)

Configuration Management (managing change)

draft-fitzgeraldmckay-sacm-endpointcompliance-00

SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.

I have many checklists: how do I get started with cyber security?

SQL Server BI on Windows Azure Virtual Machines

SQL Server OLTP with Microsoft Azure Virtual Machines

Kickoff Presentation Date of Presentation Presenter Name

Experience with an IT Asset Management System

System architecture, Def.

Henk Birkholz Jarret Lu Nancy Cam-Winget

Presentation transcript:

SACM Vulnerability Assessment Scenario IETF 95 04/05/2016

Organization Endpoint N Server What is it? Operational use case for enterprise vulnerability assessment Endpoint identification and initial data collection Vulnerability description data Endpoint applicability and assessment Assessment results Begins with an enterprise ingesting vulnerability description data and ends with identifying affected endpoints Aligns with the SACM Use Cases 1 and builds upon the usage scenarios Vulnerability Description Data Endpoint 1 SW Inv. HW Inv. Collector (PC) … Evaluator (PV) Evaluator Collector Config. SW Inv. HW Inv. Collector (PC) Collector Config. Results Endpoint 1 … Endpoint N Repository 1.

Purpose Provides a detailed scenario and vision for enterprise vulnerability assessment that can be used as a core narrative Identifies aspects for use in the development of the information model Defines the classes of data, major roles, and a high-level description of role interactions Helps to further inform engineering work on protocol and data model development Part of the overall goal of breaking the SACM problem space into smaller and more manageable pieces

Scope and Assumptions Does not attempt to cover the security disclosure itself and any prior activities of the security researcher or discloser Assumes the vulnerability description data contains all information necessary to identify affected endpoints within an organization Assumes the vulnerability description data has been processed into a format that the enterprise security software tools can understand and use Assumes the enterprise has a means of identifying and collecting information from their enterprise endpoints

Endpoint Identification and Initial Data Collection Identifies and collects basic information from enterprise endpoints Network identity Operating system and patch level Installed software inventory … Occurs before receiving and processing any vulnerability description data Information should be stored within a repository Information obtained could be used by other enterprise processes, such as configuration and license management

Vulnerability Description Data and Endpoint Applicability and Assessment Vulnerability description data is received and tagged (e.g., internal ID) by the enterprise and stored for immediate or later use within a repository Data versions are tracked in the event that the data is updated at a later time In many cases, applicable or affected endpoints can be determined using the previously collected basic information and software inventory. No further assessment of data collection needed. If required, a secondary assessment is used to collect additional information such as: Files and their attributes Text configuration file settings Windows registry queries …

Assessment Results The results that determine which enterprise endpoints are applicable to the vulnerability description data Essential data items include (not the complete list): Endpoint ID Vulnerability description data Date of assessment Age of collection data …

Solution I-Ds in progress Extensible transport framework (ECP 1, NEA 2 ) Software inventory (SWID M&A 3 ) Evaluation guidance, collection guidance, configuration information, and results (OVAL 4 ) Are there other standards we should look at? (see PA-TNC, PB-TNC, PT-TLS) (see draft-*-sacm-oval-*-model). Also, please note where OVAL is mentioned, above, I really mean the next-generation data models based on OVAL :).

Wrap-up We would love to hear any feedback you have on the current draft TCG is interested in how TNC specifications can be applied to network devices Other specifications of interest (Server Discovery and Validation 5 and IF-M Segmentation 6 ) Historically has been very willing to transfer specifications to the IETF

Appendix Additional processes that have not been integrated into the overall document Continuous Vulnerability Assessment – timing of assessments (e.g., initial assessments, reassessments, etc.) Priority – vulnerability description data and the remedies Data attribute table and definitions A table of all discussed data attributes and where they are used, followed by their definitions Alignment with other works The Council on CyberSecurity's Critical Security Controls CSC 1 Inventory of Authorized and Unauthorized Devices CSC 2 Inventory of Authorized and Unauthorized Software CSC 4 Continuous Vulnerability Assessment and Remediation

Appendix (continued) Alignment with SACM Usage Scenarios Automated Checklist Verification (2.2.2) Detection of Posture Deviations (2.2.3) Asynchronous Compliance/Vulnerability Assessment at Ice Station Zebra (2.2.5)