real world security webinar (v2012-05-30)

© 2012 nCircle. All rights reserved.

Real World SecurityMaximizing the Value of Your Security Investments

© 2012 nCircle. All rights reserved. nCircle Company Confidential

Meet Your Presenters

Bill RudiakDirector, Professional Services

nCircle

Seth BrombergerPrincipal

NCI Security


2fundamental

tasks…

As a Security Professional responsible for your organization’s VM and/or Compliance Program

You have


DOSOMETHING

to improve your organization’s security


PROVE IT!and


• Why did your organization establisha VM and compliance program inthe first place?

• What are (were) the specific goalsof your program?

• Do all stakeholders understand theprogram and their role in it?

• Do your tools and processes support effective measurement of program performance? How are you doing?

• What’s happening in your organization now (or soon) that will impact your program?

But First, Let’s Get Back to Basics (Some Key Questions)


A CMM for Assessing Your Program’s Effectiveness

currency

coverage

remediation

reporting

depth

frequency


Do Something – Your Scanning Regimen

• Coverage– Scan everything– Scan white space to

discover new assets

• Depth– Scan with Credentials

• Frequency– Scan critical assets more

frequently– Align scan frequency

with regular change management windows


CISO/

CSO

Do Something – Closed Loop Process

• Vulnerability and Compliance Management is a closed loop process and requires continuous refinement

• Participants in the process have different spans of control or concern

• Infosec Operations often lacks direct visibilityto Remediation

• Communication among stakeholders is essential to present a common picture of the organization’s risk and compliance posture

Audit &Complianc

e

ITOperation

s

InfosecOperation

s

Internal Policies

New Threats

Regulatory Standards

Vulnerabilities/Compliance Tests


• Position your Infosec teamas Security Analysts whoprovide a valuable service tothe organization

• Provide C-level reinforcement and support for Infosec’s mandate — improving compliance and reducing risk

• Build and maintain collaborative relationships with system owners

• Leave the data munging to the computers

Do Something – Equip & Support Your Team


Do Something – Automate via Integration

Remember — more tools mean…

• More integration points

• More possibly conflicting data and information

• More overlaps or gaps in solution functionality

• More overall impact when your environment changes

$$$

Glue can be VERY expensive!

Vulnerability /Compliance

Management

IT ServiceManagement

NetworkEngineering

Real-TimeSecurity

EventMonitoring

PatchManagement

SecurityPerformanceManagement

Identity andAccess

Management

IntrusionPrevention and

Detection

Anti-Virus andMalware

Prevention

AssetManagement


• What is it?(There are different flavors of it depending on your audience)

• Is it believable?

• Can you explain and defend it?

• Can your audience easily acquire it?

• Is it useful to its intended audience?

• Does it support the goals of your program?

Prove It (First, More Questions about “It”)


Prove It – to ExecutivesProgram Maturity(trailing 2 quarters)

n Q4 2011n Q1 2012


Prove It – to Business Management

Operations

Business

2011Q1

2011Q2

2011Q3

2011Q4

2012Q1

2012Q2

5,791,465

2,357,126

Key Messages

• 59.3% vulnerability risk reduction in past 18 months

• Focus on patching the operations network resulted in majority of risk reduction in the past 6 months

• Business network risk decreased despite deployment of over 200 new servers and 800 new end-user devices in 2011

Ente

rpris

e Vu

lner

abili

ty R

isk

Vulnerability Risk by NetworkQ1 2011 - Present


Prove It – to IT Management

Win Server UNIX Clients Mobile Other0

50000

100000

150000

200000

250000

San FranciscoTorontoMunich

Average Host Scoreby device type/location


Prove It – to IT StaffTop 10 Enterprise Vulnerabilities

by % of total risk Key Messages

• The top 10 vulnerabilities represent 71.2% of the totalrisk score

• Application of 4 Microsoft patches would immediately reduce the score by 11.5%

• Enforcement of strong credentials would reduce the score by 54.4%

Vulnerability Hosts Score Total% of Total

Easily Guessed SSH Credentials 45 54748 2463660 42.5%

IP360 Default Login Enabled 8 48315 386520 6.7%

MS06-035: Mailslot Heap Overflow 6 33151 198906 3.4%

Weak SNMP Community String 'public' Found 24 8052 193248 3.3%

MS05-043: Print Spooler Service Buffer Overflow 5 35681 178405 3.1%

MS06-040: Server Service Remote Code Execution 5 32931 164655 2.8%

SSHv1 Protocol Man-In-The-Middle Vulnerability 20 7702 154040 2.7%

SSHv1 Protocol Available 20 7522 150440 2.6%

MS08-067: Server Service RPC Handling Remote Code Execution

5 25809 129045 2.2%

Easily Guessed Telnet Credentials 2 54748 109496 1.9%


• Sustainability of your VM/Compliance Program requires continuous refinement — re-commit to it!

• Revisit your goals and revise them if necessary

• Measure and manage security program performance — tie output to risk reduction and compliance goals

• Make intelligent decisions about your toolset

• Use the Maturity Model to assess your program and track improvement over time

• Maintain visibility of your program by getting the right information to stakeholders and other outreach activities

In Conclusion…


nCircle Whitepaper


Questions from the Audience…

??

??

real world security webinar (v2012-05-30)

Technology

ncircle company confidential

organizations risk

organizations security

scan frequency

compliance posture

security investments

majority of risk reduction

operations network