Your SlideShare is downloading. ×
0
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Threat Intelligence: The Key To A Complete Vulnerability Management Strategy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Threat Intelligence: The Key To A Complete Vulnerability Management Strategy

872

Published on

While vulnerability assessments are essential, considering vulnerability data in a vacuum greatly limits your ability to prioritize your action plan in an effective way. Without the context of which …

While vulnerability assessments are essential, considering vulnerability data in a vacuum greatly limits your ability to prioritize your action plan in an effective way. Without the context of which vulnerabilities are the most severe, which are actively being targeted, which are on critical assets, etc, you may waste time checking things off the list without actually improving security.
Join AlienVault for this session to learn:
- Strategies for addressing common vulnerability management challenges
- The pros and cons of different vulnerability scanning techniques
- How to integrate threat intelligence into your vulnerability management strategy

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
872
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
78
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transform flat reporting into rich contextual data
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • http://www.techvalidate.com/product-research/alienvault-unified-security-management-platform/charts
  • Transcript

    • 1. THREAT INTELLIGENCE: THE KEY TO A COMPLETE VULNERABILITY MANAGEMENT STRATEGY Sandy Hawke VP, Product Marketing @sandybeachSF
    • 2. KEY DISCUSSION POINTS Rethinking Vulnerability Management Overcoming challenges Overview of vulnerability scanning techniques Benefits of shared threat intelligence Customer feedback Key takeaways Q&A 2
    • 3. WHY DO WE DO VULNERABILITY MANAGEMENT?
    • 4. WHY DO WE DO VULNERABILITY MANAGEMENT? BECAUSE THAT’S WHAT ATTACKERS EXPLOIT.
    • 5. SO WHY ISN’T VULNERABILITY MANAGEMENT DONE IN THE CONTEXT OF ACTUAL THREATS?    Historical: limitations of initial products to market Became part of a “silo’ed” process Many have taken the “checklist” mindset in approaching this problem.
    • 6. OVERCOMING OPERATIONAL CHALLENGES
    • 7. COMMON CHALLENGES With vulnerability management programs Prioritizing remediation tasks • • Which vulnerability matters most? What’s the larger risk context? Active threats? Removing false positives • What can I do to reduce this “noise”? Optimizing workflows • • How do I minimize disruption but maximize accuracy? How do I go from a static report to active remediation? (e.g. who owns this vulnerable asset anyway?)
    • 8. IS THIS WHAT YOUR VULNERABILITY REPORT LOOKS LIKE? What are you supposed to do with this?
    • 9. PRIORITIZING VULNERABILITIES Avoiding the “vulnerability visibility vacuum” • • View vulnerabilities inside the context of actual threats – both global and local At a glance, be able to understand: • What other software is installed on these systems? • What type of traffic do these vulnerable hosts generate? • Who owns these systems? • Have these systems been targeted by known attackers? • Are there recent alarms in my SIEM that have been triggered involving vulnerable systems?
    • 10. VIEWING VULNERABILITIES IN THE CONTEXT OF THREATS Step 3: Follow step-by-step guidance in responding to the threat. Step 1: Immediately identify known malicious IPs targeting these vulns. Step 2: Review vulnerabilities on assets that are being targeted in active threats.
    • 11. REMOVING FALSE POSITIVES Leverage a variety of scanning techniques   Continuous Vulnerability Monitoring correlate data from asset discovery & inventory scans with the latest known vulnerabilities  Benefits: avoids network “noise”; minimizes system impact; requires minimal resources Active Network Scanning actively scan to identify vulnerable services and software.  Authenticated – more accurate, but potentially more impactful  Unauthenticated – less accurate, but less impactful
    • 12. OPTIMIZING WORKFLOWS Breaking down silos    Streamline this process:  Run the scan, vet the data, prioritize remediation* based on global and local threat intelligence, then re-run a validation scan. Document the process:  Integrated ticketing system makes this much easier. Secret to success?  Having all of the essential functionality in one place. *sometimes this is a patch, and sometimes it’s a workaround.
    • 13. USING A UNIFIED, THREATBASED APPROACH FOR VULNERABILITY MANAGEMENT
    • 14. Piece it all together Look for strange activity which could indicate a threat Start looking for threats What functionality do I need? Figure out what is valuable Identify ways the target could be compromised 14
    • 15. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Identify ways the target could be compromised 15 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory
    • 16. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Vulnerability Assessment 16 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing
    • 17. Piece it all together Look for strange activity which could indicate a threat Threat Detection Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Vulnerability Assessment 17 Network IDS Host IDS Wireless IDS File Integrity Monitoring
    • 18. Piece it all together Behavioral Monitoring Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment 18 • • • Log Collection Netflow Analysis Service Availability Monitoring
    • 19. Security Intelligence Behavioral Monitoring What functionality do I need? Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 19 SIEM Event Correlation Incident Response
    • 20. Security Intelligence Behavioral Monitoring Unified Security Management Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 20 SIEM Event Correlation Incident Response
    • 21. WHY ALIENVAULT USM?    All-in-one functionality  Vulnerability assessment within a broader context  Targeted remediation, easier to manage Flexible reporting, multiple modules, formats & queries… as detailed as you want it. Threat intelligence from AlienVault Labs  Know WHO is targeting vulnerabilities, HOW they’re doing it and WHAT to do about it 21
    • 22. ALIENVAULT LABS THREAT INTELLIGENCE: SECURITY FOR YOU, POWERED BY ALL 22
    • 23. ALIENVAULT LABS THREAT INTELLIGENCE: COMPLETE COVERAGE TO STAY AHEAD OF THE THREAT        Network and host-based IDS signatures – detects the latest threats in your environment Asset discovery signatures – identifies the latest OS’es, applications, and device types Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems Correlation rules – translates raw events into actionable remediation tasks Reporting modules – provides new ways of viewing data about your environment Dynamic incident response templates – delivers customized guidance on how to respond to each alert Newly supported data source plug-ins – expands your monitoring footprint 23
    • 24. CUSTOMER SUCCESS
    • 25. ACHIEVING COMPLETE VULNERABILITY MANAGEMENT  Unify your security monitoring controls for better visibility into vulnerabilities  Use emerging threat intelligence to prioritize remediation  Evolve from checklist reporting to true risk reduction
    • 26. NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join us for a LIVE Demo! http://www.alienvault.com/marketing/alienvaul t-usm-live-demo Questions? hello@alienvault.com

    ×