In de praktijk blijkt het vaak lastig te bepalen welke risico’s een organisatie loopt en wat daarvoor een passend beveiligingsniveau is. Deze kennis is echter wel noodzakelijk om de juiste maatregelen te nemen en effectief in informatiebeveiliging te investeren. Pinewood organiseerde op 12 december 2012 in samenwerking met McAfee een seminar die hierop inspeelde. Handige tools zoals Risk Management en McAfee Nitro (het SIEM product van McAfee) en de pragmatische aanpak van Pinewood bieden concrete handvatten en inzicht om tot een effectief informatiebeveiligingsbeleid te komen.

1. Risk Management
Fix what matters most….first
Drs. René Pieëte, CISSP
Senior SE Manager Northern Europe
December 12th , 2012

2. Current Threat Landscape
“TJ MAXX’s $1 billion
data breach”
Playstation breach called one TJ MAXX first large database Biggest breach so far, over Security leak in MySQL easy
of the largest ever; Sony breach. 45 mln. credit card 150 mln. credit card records to use. Huge amount of
should have alerted customers records stolen. stolen. exploits expected by security
sooner, some say experts. (CVE-2012-2122)
50% of EMEA healthcare Mcdonald's and Walgreens: Lockheed strengthens network Hackers get Symantec anti-
organizations unaware of email addresses, birth dates security after hacker attack virus source code
security threats stolen by hackers

3. The Need
Companies struggle to determine where to
focus security efforts
Threats increasing at an alarming rate
97% of organizations lack visibility into risk posture

4. CURRENT APPROACH
to dealing with threats
LOG FILES CONSOLES PHONE CALLS/EMAILS SPREADSHEETS
MINUTES HOURS DAYS WEEKS

5. RISK AND COMPLIANCE
Holistic Approach
DIAGNOSE PROTECT MANAGE
HR
BPM
61
64
60
62
63

6. Risk & Compliance: Diagnose
DISCOVER ASSESS QUANTIFY RISK
Automatic asset discovery Uncover vulnerabilities Real-time risk profile
Comprehensive and Audit configurations and Address highest risks to
customized views policies optimize protection and
minimize cost
Eliminate disruption to
critical business apps

7. McAfee Vulnerability Manager
DIAGNOSE MANAGE PROTECT
• Agentless Vulnerability Scanner with the broadest checks of any in the
market (>40,000 and growing)
Policy Auditor • Automatic asset discovery includes a dozen techniques to find everything
• Scalable to millions of IP addresses
MVM Database • Detects over 437 operating system types
• False positives next to zero
MVM Web • Credentialed, non-credentialed
• Open database allows unparalleled access to vulnerability data
MVM • Integration with McAfee products and your applications via an open API
• Deployment options include appliance, software, virtual, and SaaS

8. MVM for Web Apps
DIAGNOSE MANAGE PROTECT
• Web Application Scanner fully integrated into MVM assets and workflow
• Web app discovery/crawl and map; sitemap report
Policy Auditor
• Scanning covers OWASP, PCI, CWE
• Capable of authenticating and scanning protected web applications
MVM Database • Web scan configurations (entry URLs, exclude URLs, etc) and credential
sets
MVM Web • Meaningful reports: request made, injection point, response given
• “Safe mode” scanning
MVM

9. MVM for Databases
DIAGNOSE MANAGE PROTECT
• Over 4,300 vulnerability checks
Patch levels, Weak passwords, Configuration baselining (CIS/STIG)
Policy Auditor Backdoor detection, Sensitive data discovery (PII, SSN, etc)
Vulnerable PL/SQL code, Unused features, Custom checks
MVM Database • Reports in countless formats according to stakeholders:
DBA, Developers, InfoSec, Audit
• Fully Managed from ePO
MVM Web
MVM

10. McAfee Policy Auditor
DIAGNOSE MANAGE PROTECT
Policy Auditor
Policy Auditor Patch
Status Dashboard

11. McAfee Policy Auditor
DIAGNOSE MANAGE PROTECT
• Agent based audit automation against regulations, standards, and best
practices
Policy Auditor PCI, SOX, HIPAA, FISMA
ISO, COBIT
MVM Database CIS, DISA, FDCC, STIG
• Broad Win/UNIX/Linux/Mac support
MVM Web • Supports industry standard SCAP and supporting protocols
(CVE, CPE, CCE, OVAL, XCCDF, CVSS)
• Integration with MVM for agentless SCAP scanning
MVM • PA Content Creater
• Gold system baselining
• ePO Integration

12. Risk & Compliance: Protect
ENFORCE DENY ACCESS CONTROL
Enforce policies Deny unauthorized access Increase control and visibility
Real-time change Dynamic Application Whitelisting Improve system integrity,
monitoring Zero-day protection availability and performance
Prevent compliance drift by Protection for embedded Reduce operating expense
enforcing policies and systems
configurations

13. McAfee Application Control
DIAGNOSE MANAGE PROTECT
• Dynamic Whitelisting prevents unauthorized applications from
running
Database Activity Application attempts to launch
Monitoring Could be an executable or OS component
MAC verifies binary code from Whitelist
Change Control If not in Whitelist, then program is not launched
Attempt is logged for alerts and auditing
• Memory Protection (three different types) protects against known
Application and unknown buffer overflow attacks
Control • Image deviation allows customers to compare their deployed
images to a desired standard image with on-demand reporting.

14. McAfee Change Control
DIAGNOSE MANAGE PROTECT
• Integrity Monitoring alerts on critical and unauthorized changes
Database Activity • File Integrity Monitoring provides real-time tracking across
Monitoring Win/UNIX/Linux
• Change Reconciliation tracks changes to their corresponding
Change Requests within Remedy
Change Control • Change Prevention selectively prevents out-of-policy changes
and logs any attempted out-of-policy change
Application
Control

15. McAfee Database Activity Monitoring
DIAGNOSE MANAGE PROTECT
• “Inside Out” protection leveraging unique memory-based, read-only sensor in memory
• Just another process at OS level
Database Activity • No kernel changes or reboots
Monitoring • No database packages or scripts
• High performance, zero latency
• Full segregation of duties and audit trails
Change Control DBA, sysadmins, InfoSec
• Optimized for Virtualization & Cloud
Memory-based monitoring sees VM-to-VM traffic
Application Agent-based model supports distributed /cloud environments
• Virtual Patching (vPatch) protects against known and unknown attacks without downtime
Control or code changes until you can patch

16. McAfee Risk Advisor
DIAGNOSE MANAGE PROTECT
• Correlates vulnerabilities, global threat data, and countermeasures
• Improves security effectiveness using risk scores and ROI of deployed security products
• Enables risk-based approach to critical patching decisions
• Fully customizable IT Risk Dashboards
• Rule driven alerts
• “What If” Analysis for new countermeasures

17. COUNTERMEASURE AWARE
Risk Management
Stuxnet
McAfee Risk Advisor Conficker
001 100 110 010011 100 1001 100110 11 1 110 10 010011
010011 100 1001 100110 11 100 1 110 10 010011 001 100 110
GTI
11 001 100 010011 100 10010001 100110 11 1 110 10 110
Threat feed
Aurora
AV
LOW HIGH
Vulnerabilities
HIPS Configuration
Countermeasures System State
Patch level
NSP Applications
MAC
Critical systems