f secure radar vulnerability scanning and management
TRANSCRIPT
STOP LOOKING FOR VULNERABILITIES.START FIXING THEM.F-Secure Radar
THE RISK IS HUGE
Sources: 1) AV Test2) National Vulnerability Database3) PwC, The Global State of Information Security® Survey 2015
Instances of malware
have almost doubled
every year
since 2006 (1
On average, 19 new
vulnerabilities emerge
daily (2
In 2014, cyber
attacks reached
117,339 per day 3)
3
YOUR COMPANY IS A TARGET
Sources: 1) Gartner2) HP 2015 Cyber Risk Report3) SANS Institute4) National Vulnerability Database
75% of attacks occur at
the application layer (1
86% of web
applications have serious security issues (2
52% of the issues
are long-
known
Patch deployment is not
immediate (3
Third party
applications amount
to80% of
vulnerabilities (4
WHERE’S THE RISK?
4
Out-dated software Misconfigured systems Insecure web applications
Continuous vulnerability scanning
Strict vulnerability management processes
Cover all your assets: Servers, desktops, printers, routers, etc.
HOW TO TACKLE IT?
5
MEET F-SECURE RADARA VULNERABILITY MANAGEMENT SOLUTION THAT GIVES YOU
THE TOOLS AND CONTROL TO MANAGE THE RISK
6
COMPLETE CONTROL OVER VULNERABILITY MANAGEMENTFrom automated scan scheduling to
verification scans
Unlimited scans with one single license
Flexible API for integration with your ticketing systems
7
THIS IS F-SECURE RADARDISCOVERY map network assets
SCAN systems & applicatio
ns
MANAGE priorities
and assign system owners
REPORT customizab
le for technicians
and executives
VERIFY rescan and spot changes
8
GET SMARTER ANALYSIS Intuitive, browser based
graphical interface Instant information Sophisticated tools for
deeper analysis
STREAMLINE WORKFLOWS Schedule automated
vulnerability scans Monitor vulnerabilities
efficiently
GET THE BIG PICTURE Map all your system
assets Get a total overview of
the current security level
GET IN CONTROL Assign, follow and
manage security issues with your system administrators, software developers, testers, auditors and security team
BETTER EVERY TIME Continuously
developed and improved
Automatically updated High quality
vulnerability checks and scanning engines
GET REPORTS THE WAY YOU WANT THEM Customizable reports
with reliable benchmarking
In the format you need
© F-Secure Confidential9
KEY BENEFITSTO YOU • Map your true attack surface before
someone else does• Measure yourself against PCI compliance• Improve your security measures with easy
management• Get customized reports that fit your
company’s needs• Scale and adapt F-Secure Radar to your
needs• Use seamless API integration with 3rd
party solutions
10
RADARFEATURESDETECT AND MANAGE THOUSANDS OF
ASSETS AND VULNERABILITIES IN ONE SOLUTION
Discovery Scan
System Scan
Web ScanF-Secur
e Radar Securi
ty Cente
r
3 IN 1 SCANNING SOLUTION
12
F-SECURE RADAR SECURITY CENTERF-Secure
Radar Security Center
F-Secur
e Radar Securi
ty Cente
r
• Centralized reporting with uniform look and feel
• Vulnerability management and ticketing system
• API interface• Add vulnerabilities manually• Portal in English
13
F-SECURE RADAR DISCOVERY SCANF-Secure
Radar Security Center
• A fast and reliable port scanner• Based on an asynchronous port
scanning techniques• Fast host discovery mode (to be
used on internal networks)• Supports service and operating
system detection• Scan speed can be easily adjusted to
suit your network capacity
A scanning process that maps your whole network and all its assets
F-Secur
e Radar Securi
ty Cente
r
14
F-SECURE RADAR SYSTEM SCANF-Secure
Radar Security Center
• A platform scanner - able to identify known vulnerabilities systems and software
• Capable of scanning any network device that talks IP
• Support authenticated scanning on Windows and Linux
• Low number of false positive and false negative
• Constantly kept up-to-date based on- Public vulnerability databases such as
National Vulnerability Database and others
- Vulnerabilities discovered by our security consultants
• Certified as a PCI ASV scanning tool
Identifies vulnerabilities associated with configuration
errors, improper patch management, implementation
oversights etc.
F-Secur
e Radar Securi
ty Cente
r
15
F-SECURE RADAR WEB SCANF-Secure
Radar Security Center
• A web application scanner - able to identify vulnerabilities in custom applications
• Supports simple form-based authentication• Supports assisted crawling (aka.
recordings)• Scalable to cover expanding needs• Certified PCI ASV scanning tool
Tests for numerous web application vulnerabilities
F-Secur
e Radar Securi
ty Cente
r
PICK YOUR PREFERRED WAY OF IMPLEMENTATION16
17
Run as an on-site solution
where everything is behind your corporate
firewall
F-SECURE RADAR CLOUDF-SECURE RADAR PRIVATERun scans from the
cloud as a true SaaS with scan nodes within
the service
F-SECURE RADAR CLOUDF-SECURE
RADAR SCAN NODE
18
PUBLICLY AVAILABLE NETWORK
FIREWALL
WEB INTERFACE
LOCAL NETWORK
F-SECURE RADAR SECURITY CENTER• No limitations!• Accessible from anywhere• Always up-to-date• Unlimited scan nodes included• Tie our managed cyber security
services together with your F-Secure Radar solution
F-SECURE RADAR
SCAN NODE
19
FIREWALL
LOCAl NETWORK
• Store your data in-house• Deploy F-Secure Radar in isolated
environments• Installed by F-Secure experts• Scan nodes support two-way
communication- Initiated by scan node- Initiated by F-Secure Radar Security
Center
LOCAL ONSITE SOLUTIONS WEB INTERFACE
F-SECURE RADAR PRIVATEF-SECURE
RADAR SCAN NODE
20
F-SECURE RADAR AS A SERVICELET EXPERTS RUN F-SECURE RADAR FOR YOU TO GET THE BEST OUT OF THE SOLUTION
© F-Secure Confidential21
Missing the big overview
• What kind of action plan / recommendations should be delivered to the management?
• What do we need the most right now?
COMMON CUSTOMER CHALLENGESLacking internal knowledge
• Not enough knowledge about the vulnerabilities?
• Troubles configuring the scans in an optimal way?
• Overwhelmed by all the findings?
Lacking the time or resources
• No time to review results?
• No time to delegate vulnerabilities to be corrected?
• No time to follow up, re-scan and verify corrections?
22
• F-Secure Radar license required• You define the scope and frequency• Experts will regularly (monthly)
- Configure scans- Review scan results- Follow up on existing tickets- Assign new tickets to system owners- Deliver executive summary reports- Attend quarterly status meeting
HOW IT WORKS?
F-SECURE RADAR AS PART OF CYBER SECURITY23
© F-Secure Confidential24
Security & Risk AssessmentSecurity Advisory
Compliance & Security Improvement
Vulnerability ManagementTraining & Security Culture
End-Point ProtectionE-Mail & Web Traffic ScanningCentral Security Management
ForensicsIncident ResponseSecurity Monitoring & Alerting
PREDICT
PREVENT
DETECT
RESPOND
AN ELEMENT OF HOLISTIC CYBER SECURITY
F-SECURE RADAR AS AN INTEGRATED PART OF YOUR BUSINESS SECURITY
© F-Secure Confidential25
Security Improvement Program
Security Management
Incident Response Services
Secure Software Development
PCI Compliance
Vulnerability Assessment
PCI ASV Scans
MANAGE
ENHANCE
ASSESS
End-Point and Network Protection - the basis of every security strategy
F-SECURE RADAR
• Select and analyze subsets of scans• Create, save and edit custom reports• Flexible and editable report formats to
suit your needs Word and Excel reports Traditional CSV or XML reports Or access data using the F-Secure Radar API
• Add notes to vulnerabilities• Change vulnerability state (Confirmed,
Accepted risk, False positive..)• Add your own vulnerabilities
HIGHLY CUSTOMISABLE REPORTING CENTRE
© F-Secure Confidential26
AN INTEGRAL PART OF YOUR PCI COMPLIANCE PROGRAM An approved PCI ASV scanning solution Validate your compliance Complement your Qualified Security
Assessor (QSA) Vulnerability scans performed according to
the PCI requirements Available for regular testing and for
identifying newly discovered vulnerabilities Reporting tools to deliver the associated
scanning reports© F-Secure Confidential27
DETAILS
28
© F-Secure Confidential29
Pricing
• Based on the number of hosts/IPs scanned for vulnerabilities
• License starts at min. 100 IPs
• Choose monthly or yearly billing
• Volume discounts
F-SECURE RADARSIMPLE PRICING MODELBenefits
• No feature limitations• Access to all scanning
engines• Access to Karhu API• No hidden costs
Benefits
• Unlimited number of scan nodes
• Unlimited number of scans against your licensed systems
• Unlimited number of user accounts
• No scanning restrictions
30
F-SECURE
IN A ROW – BEST ENDPOINT
PROTECTION
www.f-secure.com/business
4 YEARS
A recognized European vendor in penetration testing, vulnerability assessment, security consulting
and training.
Developed by experts, based on years of experience in the field.
Flexible development together with customers.
A leading European cyber security specialist.
A LEADING EUROPEAN CYBER SECURITY SPECIALIST