1 / 28

Samwel Orwa ITILv3, CISA, CISM, CRISC, QualysGuard Certified After Hours Seminar, 26.6.2012,

Effective Enterprise Vulnerability Management. Minimizing Risk by Implementing Vulnerability Management Process. Samwel Orwa ITILv3, CISA, CISM, CRISC, QualysGuard Certified After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter. Agenda. 1. The Problem. 2.

saniya
Download Presentation

Samwel Orwa ITILv3, CISA, CISM, CRISC, QualysGuard Certified After Hours Seminar, 26.6.2012,

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Effective Enterprise Vulnerability Management. Minimizing Risk by Implementing Vulnerability Management Process SamwelOrwa ITILv3, CISA, CISM, CRISC, QualysGuard Certified After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  2. Agenda 1 The Problem 2 What is Vulnerability Management ? 3 Challenges to Effective VM 4 Vulnerability Management Lifecycle 5 Successful Approaches After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  3. The Problem After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  4. 1. What causes the damage? 2. How do you prevent the damage? What are your options? RISK= Assets x Vulnerabilities x Threats You can control vulnerabilities. 95% of breaches target known vulnerabilities 4. How do you make the best security decisions? 3. How do you successfully deal with vulnerabilities? Vulnerabilities Business complexity Focus on the right assets, right threats, right measures. Human resources Financial resources Organizations are Feeling the Pain After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  5. The Enterprise TodayMountains of data, many stakeholders Web cache & proxy logs Web server activity logs Content management logs Switch logs IDS/IDP logs VA Scan logs Router logs Windows logs Windows domain logins VPN logs Firewall logs Wireless access logs Linux, Unix, Windows OS logs Oracle Financial Logs Mainframe logs Client & file server logs DHCP logs San File Access Logs VLAN Access & Control logs Database Logs Malicious Code Detection Spyware detection Real-Time Monitoring Troubleshooting Access Control EnforcementPrivileged User Management Configuration ControlLockdown enforcement UnauthorizedService DetectionIP Leakage False Positive Reduction SLA Monitoring User Monitoring How do you collect & protect all the data necessary to secure your network and comply with critical regulations? Vulnerability Management

  6. What is Vulnerability Management? After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  7. What Is Vulnerability Management? A process to determine whether to eliminate, mitigate or tolerate vulnerabilities based upon risk and the cost associated with fixing the vulnerability. After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  8. Challenges to Effective VM After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  9. Challenges – Assessment • Traditional desktop scanners cannot handle large networks • Provide volumes of useless checks • Confidentiality, Storage of scan data outside the Organization legal resident • Chopping up scans and distributing them is cumbersome • Garbage In- Garbage Out (GIGO)– volumes of superfluous data • Coverage at all OSI layers is inadequate • Time consuming and resource intensive • Finding the problem is only half the battle After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  10. Challenges – Analysis • Manual and resource intensive process to determine • What to fix • If you should fix • When to fix • No correlation between vulnerabilities, threats and assets • No way to prioritize what vulnerabilities should be addressed • What order • Stale data • Making decisions on last quarter’s vulnerabilities • No credible metrics After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  11. Challenges – Remediation • Security resources are often decentralized • The security organization often doesn’t own the network or system • Multiple groups may own the asset • Presenting useful and meaningful information to relevant stakeholders • Determining if the fix was actually made After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  12. Vulnerability Management Lifecycle After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  13. Vulnerability Management Lifecycle After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  14. Successful Approaches:Implementing An Effective VM Strategy After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  15. Network Discovery • Mapping • Gives hacker’s eye view of you network • Enables the detection of rogue devices (Shadow IT) 15 After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  16. Vulnerability Management Lifecycle 1. DISCOVERY (Mapping) 6. VERIFICATION (Rescanning) 2. ASSET PRIORITISATION (and allocation) 5. REMEDIATION (Treating Risks) 3. ASSESSMENT (Scanning) 4. REPORTING (Technical and Executive) 16 After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  17. Question • What is the Primary goal of vulnerability assessment ? • To determine the likelihood of identified risk • b. To assess the criticality of information resources • c. To verify that controls are working as intended • d. To detect known deficiencies in a particular environment After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  18. Prioritize Assets After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  19. Asset Prioritization • Identify assets by: • Networks • Logical groupings of devices • Connectivity - None, LAN, broadband, wireless • Network Devices • Wireless access points, routers, switches • Operating System • Windows, Unix • Applications • IIS, Apache, SQL Server • Versions • IIS 5.0, Apache 1.3.12, SQL Server V.7 After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  20. Correlate Threats After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  21. Correlate Threats • Not all threat and vulnerability data have equal priority • Primary goal is to rapidly protect your most critical assets • Identify threats • Worms • Exploits • Wide-scale attacks • New vulnerabilities • Correlate with your most critical assets • Result = Prioritization of vulnerabilities within your environment After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  22. Determine Risk Level After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  23. Remediation After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  24. Remediation / Resolution • Perfection is unrealistic (zero vulnerabilities) • Think credit card fraud – will the banks ever eliminate credit card fraud? • You have limited resources to address issues • The question becomes: • Do I address or not? • Factor in the business impact costs + remediation costs • If the risk outweighs the cost – eliminate or mitigate the vulnerability! After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  25. Measure After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  26. Measure • Current state of security metrics • You can’t manage what you can’t measure • No focus on quantifying “Security” • What is my real risk? • Only a relative scale of risk, not an absolute • Return on Security Investment (ROSI) is extremely difficult to calculate • No accountability in security After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  27. Scanner Appliance Architecture After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

  28. QualysGuard- Global Cloud Architecture After Hours Seminar, 26.6.2012, ISACA Switzerland Chapter

More Related