rsa 2014: non-disruptive vulnerability discovery, without scanning your network
Post on 15-Jan-2015
237 Views
Preview:
DESCRIPTION
TRANSCRIPT
Liran Chen Technical Director
Risk Analytics for Cyber Security
© 2013 Skybox Security Inc. 2
Risk Control’s Differentiators: Discovery
Discovery Analysis Remediation
Scanless: Vulnerability Detector
Scanless vulnerability assessment, finds vulnerabilities
from existing repositories without a scan
Advantages: ■ Automatically and accurately deduces vulnerabilities
Provides faster scan cycles (hours or even minutes)
Delivers continuous, up-to-date discovery
Covers all nodes including difficult-to-scan systems,
e.g. critical systems, mobile devices, cloud assets
© 2013 Skybox Security Inc. 3
Ask Yourself…
How Well is our VM Program Working?
How often is vulnerability data collected?
How much of the network is covered?
Is scanning disruptive to the business?
How fast are critical vulnerabilities fixed?
Do we consider alternatives to patching?
Does the VM approach consider the
network and security controls context?
Are we prioritizing by exploitation risk?
Is risk level going up or down over time?
Discovery
Analysis and
Prioritization
Remediation
© 2013 Skybox Security Inc. 7
Consolidated Vulnerability List (CVE)
Updated Daily
Vulnerability Discovery
Augment Active Scans with Daily Updates
Active Scanner Skybox
Vulnerability Detector
Asset
Database
Patch
Database
Threat
Intel
Product Catalog (CPE)
Rule-based Profiling
Skybox Vulnerability Dictionary
© 2013 Skybox Security Inc. 8
With or Without a 3rd Party Scanner
Continuous View of Vulnerabilities
Time
Month 1 Month 2 Month 3
50%
Q
Combining 3rd party and Skybox Vulnerability Detector
data gives constant vulnerability knowledge
100%
3rd party
scanner
Skybox
Vulnerability
Detector
© 2013 Skybox Security Inc. 9
Vulnerability Dictionary
Most comprehensive vulnerability data source
41,000 vulnerabilities on 1,000 products
Vulnerability Research Team consolidates info from 20+ sources. Latest advisories, scanners, IPS, others
Additional data analysis, modeling, info added for use by Skybox analytics engine
CVE compliant, CVSS v2 standard, cross-referenced
Also contains vulnerabilities not found in CVE list
© 2013 Skybox Security Inc. 10
Vulnerability information sources
The Vulnerability Dictionary aggregates data from these
sources:
© 2013 Skybox Security Inc. 11
Vulnerability Detector supported platforms
Enterprise service Applications
Network Devices Operating Systems
Client side Applications
© 2013 Skybox Security Inc. 13
Summary
Augment your scanner with Risk Control to get better
discovery – analysis and remediation reporting.
Discover vulnerabilities across your entire enterprise –
especially in places you currently don’t scan
Discover vulnerabilities within days of announcement,
not weeks or months
top related