real world security webinar (v2012-05-30)
TRANSCRIPT
© 2012 nCircle. All rights reserved.
Real World SecurityMaximizing the Value of Your Security Investments
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Meet Your Presenters
Bill RudiakDirector, Professional Services
nCircle
Seth BrombergerPrincipal
NCI Security
© 2012 nCircle. All rights reserved. nCircle Company Confidential
2fundamental
tasks…
As a Security Professional responsible for your organization’s VM and/or Compliance Program
You have
© 2012 nCircle. All rights reserved. nCircle Company Confidential
DOSOMETHING
to improve your organization’s security
© 2012 nCircle. All rights reserved. nCircle Company Confidential
PROVE IT!and
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• Why did your organization establisha VM and compliance program inthe first place?
• What are (were) the specific goalsof your program?
• Do all stakeholders understand theprogram and their role in it?
• Do your tools and processes support effective measurement of program performance? How are you doing?
• What’s happening in your organization now (or soon) that will impact your program?
But First, Let’s Get Back to Basics (Some Key Questions)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
A CMM for Assessing Your Program’s Effectiveness
currency
coverage
remediation
reporting
depth
frequency
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Do Something – Your Scanning Regimen
• Coverage– Scan everything– Scan white space to
discover new assets
• Depth– Scan with Credentials
• Frequency– Scan critical assets more
frequently– Align scan frequency
with regular change management windows
© 2012 nCircle. All rights reserved. nCircle Company Confidential
CISO/
CSO
Do Something – Closed Loop Process
• Vulnerability and Compliance Management is a closed loop process and requires continuous refinement
• Participants in the process have different spans of control or concern
• Infosec Operations often lacks direct visibilityto Remediation
• Communication among stakeholders is essential to present a common picture of the organization’s risk and compliance posture
Audit &Complianc
e
ITOperation
s
InfosecOperation
s
Internal Policies
New Threats
Regulatory Standards
Vulnerabilities/Compliance Tests
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• Position your Infosec teamas Security Analysts whoprovide a valuable service tothe organization
• Provide C-level reinforcement and support for Infosec’s mandate — improving compliance and reducing risk
• Build and maintain collaborative relationships with system owners
• Leave the data munging to the computers
Do Something – Equip & Support Your Team
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Do Something – Automate via Integration
Remember — more tools mean…
• More integration points
• More possibly conflicting data and information
• More overlaps or gaps in solution functionality
• More overall impact when your environment changes
$$$
Glue can be VERY expensive!
Vulnerability /Compliance
Management
IT ServiceManagement
NetworkEngineering
Real-TimeSecurity
EventMonitoring
PatchManagement
SecurityPerformanceManagement
Identity andAccess
Management
IntrusionPrevention and
Detection
Anti-Virus andMalware
Prevention
AssetManagement
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• What is it?(There are different flavors of it depending on your audience)
• Is it believable?
• Can you explain and defend it?
• Can your audience easily acquire it?
• Is it useful to its intended audience?
• Does it support the goals of your program?
Prove It (First, More Questions about “It”)
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to ExecutivesProgram Maturity(trailing 2 quarters)
n Q4 2011n Q1 2012
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to Business Management
Operations
Business
2011Q1
2011Q2
2011Q3
2011Q4
2012Q1
2012Q2
5,791,465
2,357,126
Key Messages
• 59.3% vulnerability risk reduction in past 18 months
• Focus on patching the operations network resulted in majority of risk reduction in the past 6 months
• Business network risk decreased despite deployment of over 200 new servers and 800 new end-user devices in 2011
Ente
rpris
e Vu
lner
abili
ty R
isk
Vulnerability Risk by NetworkQ1 2011 - Present
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to IT Management
Win Server UNIX Clients Mobile Other0
50000
100000
150000
200000
250000
San FranciscoTorontoMunich
Average Host Scoreby device type/location
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Prove It – to IT StaffTop 10 Enterprise Vulnerabilities
by % of total risk Key Messages
• The top 10 vulnerabilities represent 71.2% of the totalrisk score
• Application of 4 Microsoft patches would immediately reduce the score by 11.5%
• Enforcement of strong credentials would reduce the score by 54.4%
Vulnerability Hosts Score Total% of Total
Easily Guessed SSH Credentials 45 54748 2463660 42.5%
IP360 Default Login Enabled 8 48315 386520 6.7%
MS06-035: Mailslot Heap Overflow 6 33151 198906 3.4%
Weak SNMP Community String 'public' Found 24 8052 193248 3.3%
MS05-043: Print Spooler Service Buffer Overflow 5 35681 178405 3.1%
MS06-040: Server Service Remote Code Execution 5 32931 164655 2.8%
SSHv1 Protocol Man-In-The-Middle Vulnerability 20 7702 154040 2.7%
SSHv1 Protocol Available 20 7522 150440 2.6%
MS08-067: Server Service RPC Handling Remote Code Execution
5 25809 129045 2.2%
Easily Guessed Telnet Credentials 2 54748 109496 1.9%
© 2012 nCircle. All rights reserved. nCircle Company Confidential
• Sustainability of your VM/Compliance Program requires continuous refinement — re-commit to it!
• Revisit your goals and revise them if necessary
• Measure and manage security program performance — tie output to risk reduction and compliance goals
• Make intelligent decisions about your toolset
• Use the Maturity Model to assess your program and track improvement over time
• Maintain visibility of your program by getting the right information to stakeholders and other outreach activities
In Conclusion…
© 2012 nCircle. All rights reserved. nCircle Company Confidential
nCircle Whitepaper
© 2012 nCircle. All rights reserved. nCircle Company Confidential
Questions from the Audience…
??
??