MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Advertisements

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
The Most Analytical and Comprehensive Defense Network in a Box.
Security for Today’s Threat Landscape Kat Pelak 1.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Vulnerability Assessments
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Pen testing to ensure your security
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
CERN IT Department CH-1211 Genève 23 Switzerland t Security Overview Luca Canali, CERN Distributed Database Operations Workshop April
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Threat Management Service October Crypteia Networks 2 Awards PCCW Global acquired Crypteia Networks in 2014 Crypteia Networks was founded as a Security-as-a-
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
1 Current Trends in Enterprise IT Network Security Key Takeaways Based on 100 Survey Responses © 2016 Lumeta Corporation.
Why SIEM – Why Security Intelligence??
Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Enterprise Vulnerability Management
Protect your Digital Enterprise
3 Do you monitor for unauthorized intrusion activity?
Six Steps to Secure Access for Privileged Insiders and Vendors
Cloud Firewall.
Do you know who your employees are sharing their credentials with
Data Center Firewall.
Real-time protection for web sites and web apps against ATTACKS
Microsoft /20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.
Six Steps to Secure Access for Privileged Insiders and Vendors
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
John Butters Running Tiger Teams
BOMGAR REMOTE SUPPORT Karl Lankford
COMPTIA CAS-003 Dumps VCE
Capitalize on modern technology
11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Validating Your Information Security Program (ISP 3 of 3)
Skybox Cyber Security Best Practices
Security Essentials for Small Businesses
Securing Your Web Application and Database
Brandon Traffanstedt Systems Engineer - Southeast
Panda Adaptive Defense Platform and Services
Protecting Your Company’s Most Valuable Asset
Protecting your data with Azure AD
4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Information Protection
3 Do you monitor for unauthorized intrusion activity?
STEALTHbits Technologies, Inc.
Information Protection
3 Do you monitor for unauthorized intrusion activity?
Presentation transcript:

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES

THE INTRO

WHAT’S THE PROBLEM? Managing vulnerabilities proactively is more important than ever Data sources: Trustwave Global Security Report 2014; Ponemon Institute 2014 Cost of Data Breach Study The volume of compromises is increasing 54% more investigations conducted in 2013 (vs. 2012) Breaches are costly$5.85 million on average in 2013 (US) Attackers are diversifying their targets 33% increase in theft of non-payment card data Attackers are more sophisticated 71% of victims don’t detect a breach on their own; self-detection takes 3 months Apps in particular are highly vulnerable 96% of applications harbor at least one serious vulnerability

QUESTIONS OUR CUSTOMERS ASK About managing vulnerabilities and risk… What’s on my network? How do I know if I’m being targeted? Where am I weak or vulnerable? How can I get the most out of my program? How do I prioritize? What can wait?

DATABASES NETWORKS APPLICATIONS WHAT WE OFFER A programmatic approach to vulnerability management DISCOVER POTENTIAL WEAKNESSES ACROSS ALL ASSETS ASSESS BUSINESS RISK ON MISSION CRITICAL ASSETS PENETRATION TESTING MANAGED SCANNING SELF-SERVICE SCANNING

ATTACKERINTERNET COMPANY WEBSITE Built on Adobe Cold Fusion DIRECTORY TRAVERSAL 1 View Arbitrary Files Finds Admin Password for Cold Fusion ESCALATE & GRAB STORED CREDENTIALS 2 Yields Domain Admin Credentials LEVERAGE STOLEN CREDENTIALS FOR VPN ACCESS 3 Access to Internal Network As Domain Admin CORPORATE SSL VPN DATABASE DATA EXFILTRATION 4 Directory Traversal (CVE ) CVSS score=4.3 (medium) Many businesses might ignore due to its relatively low score THE POWER OF TESTING

OUR SCANNING & TESTING PORTFOLIO Flexible options based on your needs Self-Service Scanning Cloud-based Schedule and manage scans on demand Work from a full list of results generated by our tools Managed Scanning Scans managed by Trustwave experts Validated results and reports Augment your team and minimize false positives Penetration Testing 4 Tiers of Testing based on your requirements Basic: Attacks most commonly exploitable vulnerabilities Opportunistic: Includes attack chaining; limited to a list of targets. Targeted: Targets systems w/ critical data, unrestricted scope Advanced: Full attack simulation: custom exploits and social engineering

4 12 WHY CHOOSE TRUSTWAVE? One vendor. One platform. All your assets. Broadest Coverage –Networks –Applications –Databases Most Flexibility –Cloud, managed, licensed options –Centralized dashboard view of status –“Flex Spending Account” model Maximum Control –Choose from full suite of services –Add technologies to address gaps –Proactive breach detection and IR Budget Friendly –Maximize budget with a single vendor –Easy to adjust allocations –Simplifies planning and management 3

THE BIG PICTURE

Scanning and testing are the beginning, not the end. DISCOVER & SCORE All assets Proactive discovery Automated/scalable TEST & VALIDATE Some assets Deeper analysis Identify unknown gaps MITIGATE & PROTECT Where necessary Fix flaws Fill gaps Security Solutions Penetration Testing Scanning (Cloud and Managed) DATABASES NETWORKS APPLICATIONS

ATTACKERINTERNET COMPANY WEBSITE Built on Adobe Cold Fusion DIRECTORY TRAVERSAL 1 View Arbitrary Files Finds Admin Password for Cold Fusion ESCALATE & GRAB STORED CREDENTIALS 2 Yields Domain Admin Credentials LEVERAGE STOLEN CREDENTIALS FOR VPN ACCESS 3 Access to Internal Network As Domain Admin CORPORATE SSL VPN DATABASE DATA EXFILTRATION 4 REAL-WORLD EXAMPLE Web Application Firewall can provide persistent protection, and is informed by scan results IDS/IPS can detect and stop escalation 2-Factor AUTH adds stronger access control at the VPN DB Security can eliminate unauthorized access & monitoring or blocking of inappropriate requests DLP can stop critical or unauthorized data from leaving your environment

THANK YOU QUESTIONS PLEASE