vulnerabilitymanagement andanalysis · company profile greenbone networks gmbh §headquarters:...
TRANSCRIPT
Vulnerability Management and AnalysisGaetano Lo GiudiceExclusive Networks
v
Company Profile
Greenbone Networks GmbH§ Headquarters: Osnabrück, Germany§ Foundation: 2008 (product development since 2004)
§ The basis is the cooperation with the BSI
§ Focus: Vulnerability Management§ Identification of vulnerabilities and hints for their elimination § Ongoing verification of security policy compliance
§ Core product: Greenbone Security Manager
v
Greenbone is a German Company
§ German development§ German manufacturer support
§ BSI support and cooperation§ Over 90 federal authorities rely on Greenbone Vulnerability Management§ BTW: Greenbone is a member of the Expert Circle Cyber Security of the BSI
v
Why Vulnerability Management
§ 76% of identified vulnerabilities throughout all systems in the enterprise were morethan 2 years old, and almost 9% were over 10 years old
§ 99.9% of the exploited vulnerabilities were compromised more than a year after the CVE was published
(1) Business interruption and supply chain risk: 39%(2) Loss of reputation or brand value: 30%(3) Cyber crime, IT failures, espionage, data breaches: 30%
§ Only 32% of all European enterprises are using Vulnerability Management to reduce their attack surface and to manage IT related risks.
v
Value PropositionProcesses, Policies
& Awareness
Physical
Perimeter
Network
Host & OS
Application
Data
Authentication
Firewall
N-IDPS
H-IDPS
AV-System
SIEM / ISMS
VulnerabilityManagement
insi
de–
out
vi
ew
outside –in view
v
Enhancing the Layered Defense
Vulnerability Management helps in case of failure of one layer of the defense infrastructure.
An attack is only successful if three elements are in place. An organization usually can address the first 2: ‘System Susceptibility’ and ‘Threat Accessibility’. (The 3rd ‘Threat Capability’ lies within the attackers domain.).
A resilient defense approach covers threats and vulnerabilities, at all layers of the ‘Defense in depth’ model, always taking both perspectives. Should the threat-oriented layer fail, the weakness-oriented still reduces the attack surface.
v
VM vs. Pen Testing, Assessment, or Patch Management
§ Penetration Testing is a goal-oriented task, that is to penetrate an IT infrastructure. Once that goal is achieved, it stops, and the next ‚unlocked door‘ is not of interest any longer. VM is there to find each ‚unlocked door‘.
§ Vulnerability Assessment is a one-off evaluation of an IT infrastructure‘s security posture whereas Vulnerability Management is the complete process of governing, steering, and improving that posture.
§ Patch Management is an important aspect of IT security, still which one comes first: the vulnerability or the patch?
v
The Process of Vulnerability Management
prepare
identify classify
prioritize
assign
mitigate &remediate
store &repeat
improve
v
The Process of Vulnerability Management and How We Perceive It
www.greenbone.net
prepare
identify
classify
prioritize
assign
mitigate &remediate
store &repeat
improve
prepareu defining your goals for your own IT securityu what‘s allowed, what isn‘tu linking to technical controls
identify, classify, prioritizeu which find must be processed firstu which one has the greatest affect
assign, mitigate & remediateu the assigned person makes the required changes and has all the necessary
information right at their disposal
store & repeat, improveu automated, time-controlled processesu visible improvement of IT security (i. e. reports)u extension and completion of the objective
v
Advantage of our Solution
§ With the Greenbone solution all information remains with you§ You remain the sovereign
§ No information about infrastructure and vulnerabilities is transferred to the cloud.§ This information would also be very helpful for potential attackers.
v
§ Security Processes§ Vulnerability Scan Procedure§ Standards
How it Works
v
Standards
v
Components GSM
v
Components: GSF
v
§ GSM 150§ For Small and Medium Enterprises/ Small Branch
Locations§ Comes with Platinum Support§ 50-500 IP addresses to be scanned within 24h§ Scan GbE-Base-TX: 4 Ports§ Port Roles: 4 dynamic ports§ Fan Speed Control § Airgap Sensor: FTP§ Alerts, Scheduling§ NTP, Syslog (UDP, TCP, TLS)§ Backup/Restore: USB
SME SolutionPhysical Appliance
v
Midrange SolutionsPhysical Appliance
§ All midrange solutions§ For Medium Enterprices and Branch Locations§ Comes with Platinum Support§ Scan GbE-Base-TX: 6 Ports§ Scan SFP: 2 Ports§ Fan Speed Control / Redundant Fan§ LCD Display§ Airgap Master/ Sensor: USB, FTP§ Alerts, Scheduling§ SNMP v2, NTP, Syslog (UDP, TCP, TLS)
§ GSM 400§ 300-2,000 IP addresses
to be scanned within 24h§ VLAN Support: 16 per
Ethernet Port§ Up to 2 sensors
§ GSM 450§ 500-4,000 IP addresses
to be scanned within 24h§ VLAN Support: 16 per
Ethernet Port§ Up to 6 sensors
§ GSM 600§ 500-6,000 IP addresses
to be scanned within 24h§ VLAN Support: 64 per
Ethernet Port§ Up to 12 sensors
§ GSM 650§ 1,000-10,000 IP
addresses to be scanned within 24h
§ VLAN Support: 64 per Ethernet Port
§ Up to 20 sensors
v
§ All Enterprise Solutions§ For Large Enterprises/ Service Providers§ Comes with Platinum Support§ Power Supplies/Outlets: 2§ Scan GbE-Base-TX: 0-32 ports§ Port Roles: 2 management, other dynamic§ Redundant Fan§ Airgap Master/ Sensor: FTP, USB§ Alerts, Scheduling§ RAID6§ NTP, Syslog (UDP, TCP, TLS)§ Backup/Restore: USB
Enterprise SolutionsPhysical Appliances
§ GSM 5400§ 4,000-40,000 addresses
to be scanned within 24h§ Up to 40 sensors§ VLAN Support: 64 per
Ethernet Port
§ GSM 6500§ 9,000-80,000 addresses
to be scanned within 24h§ Up to 80 sensors§ VLAN Support: 128 per
Ethernet Port
v
§ GSM ONE§ Special use for trainings and audit-via-laptop§ Comes with Platinum Support§ 20-300 IP addresses to be scanned within 24h§ 4 GB memory on Hypervisor§ 2 vCPUs§ Hypervisor Support: Virtual Box
§ GSM MAVEN§ For micro offices § Comes with Base Support§ Only in combination with 1-year subscription§ 20-300 IP addresses to be scanned within 24h§ 4 GB memory on Hypervisor§ 2 vCPUs§ Hypervisor Support: Virtual Box
Entry SolutionVirtual Appliances
v
§ GSM CENO§ Previously called GSM 150V§ For Small Medium Enterprises§ Comes with Platinum Support§ 50-500 IP addresses to be scanned within 24h§ 8 GB memory on Hypervisor§ 2 vCPUs§ 4 virtual ports§ Hypervisor Support: ESXi§ Alerts, Scheduling
SME SolutionVirtual Appliances
v
§ All midrange solutions§ For Medium Enterprices and Branch Locations§ Comes with Platinum Support§ Hypervisor Support: ESXi§ Alerts, Scheduling§ SNMP v2, NTP, Syslog (UDP, TCP, TLS)§ Master and Sensor Mode
Midrange SolutionsVirtual Appliances
§ GSM DECA§ 50-1,500 IP addresses to
be scanned within 24h§ 8 GB memory on
Hypervisor§ 4 vCPUs§ 4 virtual ports§ Up to 2 sensors
§ GSM TERA§ 300-3,000 IP addresses
to be scanned within 24h§ 8 GB memory on
Hypervisor§ 6 vCPUs§ 8 virtual ports§ Up to 6 sensors
§ GSM PETA§ 1,000-9,000 IP addresses
to be scanned within 24h§ 16 GB memory on
Hypervisor§ 8 vCPUs§ 8 virtual ports§ Up to 12 sensors
§ GSM EXA§ 2,000-18,000 IP
addresses to be scanned within 24h
§ 24 GB memory on Hypervisor
§ 12 vCPUs§ 8 virtual ports§ Up to 24 sensors
v
Physical – GSM 35 Virtual – GSM 25V
Sensors
§ Sensor for Managed Services
§ Comes with Platinum Support: Managed via Master
§ 20-300 IP addresses to be scanned within 24h
§ Scan GbE-Base-TX: 4 ports
§ VLAN Support: 8 per Ethernet Port
§ Fan Speed Control
§ SSH, NTP, GMP, Syslog (UDP, TCP, TLS), IPv6 Support
§ Sensor for Managed Services
§ Comes with Platinum Support: Managed via Master
§ 20-300 IP addresses to be scanned within 24h
§ Memory on Hypervisor: 4GB
§ vCPUs: 2
§ SSH, GMP, IPv6 Support
v
User Interfaces
Command line and API for batchprocesses and coupling
Web service for browser access
v
Dashboard Assets
v
Results by quality of detection
v
Structure of the Greenbone Security Assistant
Target + scan configuration = executable task
v
Scan Configurations
v
User-definable Reports
v
Vulnerability Details
v
Airgap Update
v
Deployment Scenario 1
v
Deployment Scenario 2
v
USP – Unique Selling Proposition, Advantages of Greenbone
§ The GSM is the only solution for VM as an appliance with transparent source code§ No hidden functions, no transfer of information outside the customer environment
§ The collected information about the infrastructure is used for the 'Prognostic Report’§ Enables a quick check if a new vulnerability threatens the infrastructure
§ The Quality of Detection (QoD) feature supports prioritization§ Allows the IT security team to make informed decisions (which vulnerability to tackle first)
§ Our license model is not based on the number of IPs, the number of users, or features, but only on the required performance§ No issues if something in the IT landscape changes at short notice
§ Our open API and our connectors make integration into the IT security landscape easy§ Maximizing the efficiency of existing systems, which benefits IT security as a whole
Greenbone Partner ProgramElena Semplici
Exclusive [email protected]
v
Partner Program
Distributor:- Exclusive Networks (GLOBAL)
4 Partner Levels ….
v
Partner Program§ Working with Greenbone Networks is easy§ Partners do not have to make an initial investment to be admitted§ Costs for the partner’s enabling are minimal and calculable, technical trainings (L2 and L3) can be taken
for the price of 340 Euro each§ Project registration helps to avoid channel conflicts§ Partner levels are based on average order values and realistic time frames for lead generation and
completion
v
Always up to date!
§ Greenbone communicates directly with their partners, but also through their community portal, already reaching over 10K users online: https://community.greenbone.net/
§ Partners can access the closed group „sales partner“ for partner-relevant information, such as pricelists, data sheets, whitepaper and more…
v
Always up to date!
• YouTube Channel
• Demo & POC available: ask to Exclusive Networks
Greenbone Networks GmbHNeumarkt 1249074 OsnabrückGermany
T: +49 541 760278-0
Thank you!Any questions?
[email protected]@exclusive-networks.com