harvesng vulnerabili’es* in* food3industry* … · tickets c ualysguard'enterprise suite...
TRANSCRIPT
Harves'ng Vulnerabili'es in Food-‐Industry Agrokor Group
Ivo Pejakovic, MScEE, MBA CISO of Agrokor Group, Croa:a
Agrokor Group 5+ Billions USD Revenue 40+ Companies Holding 40.000+ Employees in Group
in 6 countries of South-‐East Europe
Where is the problem?
IT security controls
Vulnerability Management Process
• #4 of SANS Cri:cal Security Controls • Related to:
• #1 of SANS Cri:cal Security Controls • #2 of SANS Cri:cal Security Controls
• VM & QualysGuard in Agrokor Group: since 2006 • Started with 100s of assets now we 1000s of IT Assets in VM
Key challenges 1. VM workflow 2. RACI matrix 3. IT Asset management in VM 4. Remedia:on policy 5. Visibility of VM process 6. Accuracy of VA Scans
VM workflow
Source: SANS 20 Cri/cal Controls 4.1
RACI matrix
IT Assets management in VM
VM Policy
VM Visibility
VM Accuracy
Be>er insights in: – Patch levels – Installed so_ware base – Configura:on details
Authen'cated scans performed on following plaEorms: – AIX, Linux, Windows servers
– Client computers (Windows 7, XP)
– Network equipment (Cisco IOS devices)
Sharing Best Prac:ce • Define sustainable VM policy
• Address all excep:ons from the policy
• Automa:on of VM ac:vi:es
• Be careful with VM process roles defini:on
• Delegate responsibili:es • Improve accuracy use authen:cated scans
This does not exist!
Q&A