Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Vulnerability Management

Published byBonnie Thornton Modified over 7 years ago

Similar presentations

Presentation on theme: "Enterprise Vulnerability Management"— Presentation transcript:

1 Enterprise Vulnerability Management
Alexander Leonov, Ekaterina Pukhareva, Alex Smirnoff

2 Content A variety of Vulnerability Scanners Experience
How to make an efficient vulnerability management? Vulnerability Scanner as a valuable asset Beyond scanners

3 A variety of Vulnerability Scanners

4 A variety of Vulnerability Scanners Some problems
When the scan is finished, the results may already be outdated False positives Per-host licensing Knowledge base How quickly vendor adds new vulnerability checks? No scanners will find all vulnerabilities of any software Some vulnerabilities may be found only with authorization or correct service banner You will never know real limitations of the product

5 A variety of Vulnerability Scanners
All CVEs: 80196 Nessus CVE links: 35032 OpenVAS CVE links: 29240 OpenVAS vs. Nessus: 3787;25453;9579

6 A variety of Vulnerability Scanners
All CVEs: 80196 Nessus CVE links: 35032 OpenVAS CVE links: 29240 OpenVAS vs. Nessus: 3787;25453;9579 2673 OpenVAS plugins All NASL plugins: OpenVAS: 49747 Nessus: 81349 38207 OpenVAS plugins and Nessus plugins 6639 Nessus plugins

7 Why? “Old” vulnerabilities Vendor forgot to add links to CVE id
Vulnerabilities in plugins (N: WordPress VideoWhisper) Don’t support “Local” software (N: openMairie) Stopped adding new vulnerabilities (N: vBulletin, O: Solaris)

8 In other words Vulnerability Scanner is a necessity
Don't depend too much on them Scanner does not detect some vulnerability — it’s YOUR problem not your VM vendor Choose VM solution you can control Have alternative sources of Vulnerability Data (vulners.com, vFeed)

9 Sometimes a free service detects better

10 Vulners Linux Audit GUI
Linux OS vulnerability scan Immediate results Dramatically simple

11 Vulners Linux Audit GUI
RedHat CentOS Fedora Oracle Linux Ubuntu Debian

12 Vulners Linux Audit API
curl -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d '{"os":"centos","package":["pcre el7.x86_64", "samba-common el7_2.noarch", "gnu-free-fonts-common el7.noarch", "libreport-centos el7.centos.x86_64", "libacl el7.x86_64"],"version":"7"}' Agent Scanner

13 Experience in the use of Scanner Architecture

14 Experience in the use of Scanner Architecture

15 Experience in the use of Scanner
External and Internal perimeters Discovery Finding a live host Assessment What assets? Analysis What to fix first? Remediation Fix the problem Fixing Accepting risks Scan for specific assets: Workstations, Network Servers What CVSS score? What time for fixing? Risks?

16 Experience in the use of Scanners Compliance checks
Checking the PCI DSS requirements and others Nessus .audit files (built-in or highly customized plug-ins) Operation systems (SSH, password policy, local accounts, audit, etc.) Databases (privileges, login expiration check, etc.) Network devices (SSH, SNMP, service finger is disable, etc.) Etc.

17 Custom VM Reporting Graphs: MS Critical + Exploitable MS Critical
MS Other Windows Software Tables: Legend Top vulnerable hosts Top vulnerabilities

18 Experience in the use of Scanner Homemade Ticketing

19 Experience in the use of Scanner Usage Problems
Scanners updating by scripts New plugins Log-management and monitoring Harmless pentest FalsePositive Authentication Failure

20 Agents Scanning

21 Vulnerability Scanner as a valuable asset Dangerous audit file

22 Vulnerability Scanner as a valuable asset Monitoring
Domain + two-factor authentication Role model Monitoring of using scanners account

23 What is still wrong (from NopSec “2016 Outlook: Vulnerability Risk Management and Remediation Trends”)

24 .. What’s beyond vulnerability scanning?
Risk management? Asset management? Threat intelligence? Detecting scanning gaps? Do you really need expensive “state of the art” solution? VM Vendors have something to offer: Qualys RTI, Nexpose Now RM vendors make expensive and complicated products Brinqa, R-Vision, etc

25 There is an alternative
For pentesters For splunk, big data and fancy tech HUBBLESTACK.IO For the rest of us

26 Simple as that Import all you scans data to the database
..do anything you want! Monitor changes, create scopes, custom reports, whatever Avoid VM vendor lock-in

27 Use case: asset management
We do not have critical asset inventory! Wait.. we do. It is called “monitoring” Use zabbix data to create asset lists Push back alerts to zabbix

28 Use case: advanced risk management
Create exploit capabilities description (CVSS sucks!) Add environment data (internal and external scans at least) Add anything you want (threat intel) No part is mandatory!

Download ppt "Enterprise Vulnerability Management"

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.

Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
A powerful network monitoring system

A powerful network monitoring system
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.

Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
HO20110473 1 © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

Similar presentations

Ads by Google