1 / 19

The Next Generation of Threat Management

The Next Generation of Threat Management. Presented to ISSA Sacramento March 18, 2004 Sandy Hawke, CISSP – Solutions Engineer. Agenda. Defining Risk Importance of Being Proactive Today’s solutions vs. Next Generation Five phases of threat management Wrap up and Questions.

sahirah
Download Presentation

The Next Generation of Threat Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Next Generation of Threat Management Presented to ISSA Sacramento March 18, 2004 Sandy Hawke, CISSP – Solutions Engineer

  2. Agenda • Defining Risk • Importance of Being Proactive • Today’s solutions vs. Next Generation • Five phases of threat management • Wrap up and Questions

  3. Vulnerabilities vs. Threats vs. Risks • Vulnerabilities – Technical weaknesses • An open drawbridge is a vulnerability • Threat represents the imminence of danger to your organization • If the enemy knows the drawbridge is open, then the vulnerability becomes a threat • Determining risk ($$) • Severity of attack • Velocity of threat • Value of vulnerable asset

  4. The Importance of Being Proactive Top outbreaks over the past 2 years

  5. Vulnerability Centricity Vulnerabilities • 3,784 (2003) • 4,129 (2002) • 2,437 (2001) • Less than 1% (22) resulted in exploit anywhere • Previous 12 years (1988–2000) ~2000 vulnerabilities • Less than 2% resulted in exploit • Patch-o-mania causes organizations to indiscriminately patch and fix vulnerabilities • Most of which will never be exploited • How do you know: • Which 2% are going to become issues? • Which assets are at risk? • How should it be fixed?

  6. All vulnerabilities and assets are treated equally Reality is that some vulnerabilities are more important Some assets are more critical Alerts customers as new vulnerabilities are discovered Which vulnerabilities become threats Real-time updates Lack visibility into an organizations asset base Today’s Solutions Scanners Alerting Services These solutions lack integration and automation to be effective

  7. Next Generation Threat Management • Characteristics • Real-time intelligence • Asset based • ‘Just-in Time’/ Targeted scanning • Workflow management • Policy & process support • Benefits • Better, faster remediation decisions • Save time & money • Reduce risk Scanners Next Generation Threat Management Alerting Services

  8. Introducing EWS • The IntelliShield Early Warning System: • Next generation, asset-based threat management solution • What it does: • Discovers network attached devices, assigns criticality • Stores devices in a “live” asset database • Driven by real time vulnerability intelligence, alerts customers if assets are at risk • Recommended remediation steps • Validates fix • Provides workflow notification support

  9. 5 Phases of EWS

  10. Phase 1: Ongoing Asset Inventory • EWS identifies and classifies IP devices • Assets discovered, loaded from existing mgmt system or entered manually • Discovery scans are run @ customer defined intervals • TS proprietary algorithms to determine criticality • Customers can tune criticality ratings

  11. Phase 2: Vulnerability Intelligence • Driven by TruIntelligence • Delivered by the AIMS back-end knowledge system • EWS “pulls” information from TruIntelligence • Multiple alert types • Customers can create, customize & define parameters for their specific environment

  12. Phase 3: Threat Profiling & Vulnerability Assessment • Alerts set EWS into action • Policies define actions • Action policies • Configuration policies • Scan windows can be defined for specific assets • Targeted scans - Only devices potentially vulnerable are scanned • Scans can also be run manually

  13. Phase 4: “At Risk” Alerting and Workflow • Upon finding an “at risk” device, EWS notifies the appropriate party • E-mail • Pager • EWS inbox • Notifications are tracked by EWS’ built-in workflow system • Task automatically created if something is discovered

  14. Phase 5: Patch/Fix Validation • EWS initiates a confirmation test to ensure the asset is no longer at risk • Changes to the alert can trigger further confirmation or other action policies

  15. EWS Benefits • Make better, faster remediation decisions • TruIntelligence provides information and insight that no single company can duplicate • Save time and money • Focus resources on the most important assets and activities • Address non-critical issues on YOUR timetable • Reduce Risk • Prioritize remediation efforts based on criteria you define

  16. TruSecure Corporation • Largest pure play security intelligence, products and services provider • Founded 1989 • 300 employees worldwide • Providing products and services to over 700 customers in 30 countries • Unmatched Security Expertise • Unique TruIntelligence Security Knowledge Network • World class security experts, ICSA Labs Research • Microsoft knowledge leadership through NTBugtraq organization

  17. TruSecure OfferingsLeveraging Knowledge, Intelligence, Process and Technology • TruServ • Continuous Security Programs • Risk Reduction • Security Certification • Managed Security • ISAC • TruAdvisor • Periodic Security Engagements • Application Security Review • Business Security Assessment • Penetration Test • Investigative Response • Asset Identification and Classification • Custom Project Capabilities • TruSolutions • Risk Management Tools • IntelliShield Early Warning System • Risk Commander • IntelliShield Alert Manager

  18. Contact Information Lori Winn, Senior Sales Executive lwinn@trusecure.com 707.762.7275 (office) 415.699.6268 (cell) Sandy Hawke, CISSP – Solutions Engineer shawke@trusecure.com 650.632.4643 (office) 650.333.7462 (cell)

More Related