390 likes | 686 Views
Effective Enterprise Vulnerability Management. Minimizing Risk by Implementing Vulnerability Management Process. Samwel Orwa ITILv3, CISA, CISM, CRISC, QualysGuard Certified After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter. Agenda. 1. The Problem. 2.
E N D
Effective Enterprise Vulnerability Management. Minimizing Risk by Implementing Vulnerability Management Process SamwelOrwa ITILv3, CISA, CISM, CRISC, QualysGuard Certified After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Agenda 1 The Problem 2 What is Vulnerability Management ? 3 Challenges to Effective VM 4 Vulnerability Management Lifecycle 5 Successful Approaches After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
The Problem After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
1. What causes the damage? 2. How do you prevent the damage? What are your options? RISK= Assets x Vulnerabilities x Threats You can control vulnerabilities. 95% of breaches target known vulnerabilities 4. How do you make the best security decisions? 3. How do you successfully deal with vulnerabilities? Vulnerabilities Business complexity Focus on the right assets, right threats, right measures. Human resources Financial resources Organizations are Feeling the Pain After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
The Enterprise TodayMountains of data, many stakeholders Web cache & proxy logs Web server activity logs Content management logs Switch logs IDS/IDP logs VA Scan logs Router logs Windows logs Windows domain logins VPN logs Firewall logs Wireless access logs Linux, Unix, Windows OS logs Oracle Financial Logs Mainframe logs Client & file server logs DHCP logs San File Access Logs VLAN Access & Control logs Database Logs Malicious Code Detection Spyware detection Real-Time Monitoring Troubleshooting Access Control EnforcementPrivileged User Management Configuration ControlLockdown enforcement UnauthorizedService DetectionIP Leakage False Positive Reduction SLA Monitoring User Monitoring How do you collect & protect all the data necessary to secure your network and comply with critical regulations? Vulnerability Management
What is Vulnerability Management? After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
What Is Vulnerability Management? A process to determine whether to eliminate, mitigate or tolerate vulnerabilities based upon risk and the cost associated with fixing the vulnerability. After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Challenges to Effective VM After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Challenges – Assessment • Traditional desktop scanners cannot handle large networks • Provide volumes of useless checks • Confidentiality, Storage of scan data outside the Organization legal resident • Chopping up scans and distributing them is cumbersome • Garbage In- Garbage Out (GIGO)– volumes of superfluous data • Coverage at all OSI layers is inadequate • Time consuming and resource intensive • Finding the problem is only half the battle After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Challenges – Analysis • Manual and resource intensive process to determine • What to fix • If you should fix • When to fix • No correlation between vulnerabilities, threats and assets • No way to prioritize what vulnerabilities should be addressed • What order • Stale data • Making decisions on last quarter’s vulnerabilities • No credible metrics After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Challenges – Remediation • Security resources are often decentralized • The security organization often doesn’t own the network or system • Multiple groups may own the asset • Presenting useful and meaningful information to relevant stakeholders • Determining if the fix was actually made After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Vulnerability Management Lifecycle After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Vulnerability Management Lifecycle After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Successful Approaches:Implementing An Effective VM Strategy After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Network Discovery • Mapping • Gives hacker’s eye view of you network • Enables the detection of rogue devices (Shadow IT) 15 After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Vulnerability Management Lifecycle 1. DISCOVERY (Mapping) 6. VERIFICATION (Rescanning) 2. ASSET PRIORITISATION (and allocation) 5. REMEDIATION (Treating Risks) 3. ASSESSMENT (Scanning) 4. REPORTING (Technical and Executive) 16 After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Question • What is the Primary goal of vulnerability assessment ? • To determine the likelihood of identified risk • b. To assess the criticality of information resources • c. To verify that controls are working as intended • d. To detect known deficiencies in a particular environment After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Prioritize Assets After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Asset Prioritization • Identify assets by: • Networks • Logical groupings of devices • Connectivity - None, LAN, broadband, wireless • Network Devices • Wireless access points, routers, switches • Operating System • Windows, Unix • Applications • IIS, Apache, SQL Server • Versions • IIS 5.0, Apache 1.3.12, SQL Server V.7 After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Correlate Threats After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Correlate Threats • Not all threat and vulnerability data have equal priority • Primary goal is to rapidly protect your most critical assets • Identify threats • Worms • Exploits • Wide-scale attacks • New vulnerabilities • Correlate with your most critical assets • Result = Prioritization of vulnerabilities within your environment After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Determine Risk Level After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Remediation After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Remediation / Resolution • Perfection is unrealistic (zero vulnerabilities) • Think credit card fraud – will the banks ever eliminate credit card fraud? • You have limited resources to address issues • The question becomes: • Do I address or not? • Factor in the business impact costs + remediation costs • If the risk outweighs the cost – eliminate or mitigate the vulnerability! After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Measure After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Measure • Current state of security metrics • You can’t manage what you can’t measure • No focus on quantifying “Security” • What is my real risk? • Only a relative scale of risk, not an absolute • Return on Security Investment (ROSI) is extremely difficult to calculate • No accountability in security After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
Scanner Appliance Architecture After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter
QualysGuard- Global Cloud Architecture After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter