Half Life The half-life identifies the length of time it takes users to patch half of their systems, reducing their exposures
Prevalence 50 percent of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis
Persistence Some of critical vulnerabilities remain persistent and their lifespan is unlimited
Exploitation Automated attacks create 85 percent of their damage within the first fifteen days from the outbreak and have an unlimited life time
The 4 Laws of Vulnerabilities
Creating a Balanced Security Ecosystem End Point Intelligence Topology Intelligence Threat Intelligence Regulations/ Policies Access Controls Traffic Inspection Blocking Alerting Forensics Proactive Reactive Light Spending Heavy Spending “ Current enterprise security spending tends to be focused on reactive technologies more than proactive technologies” – Amrit Williams, Gartner Threat Feeds Configuration Management Vulnerability Management Network Discovery IPS Firewall Anti-Virus IDS SIM/SEM Identification/ Authentication PKI Incident Response Compliance Systems NAC Asset Intelligence & Risk Reduction Blocking & Event Mgmt. “ Stop the Bullets” “ Shrink the Targets”
"Enterprises that implement a vulnerability management process will experience 90 percent fewer successful attacks than those that make an equal investment only in intrusion detection systems" Gartner “ 99% of network intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were available.” Carnegie Mellon Univ. “ The Yankee Group recommends vulnerability management services for enterprises that would incur financial risk if their network or key business applications were to become unavailable due to a misconfiguration or cyberattack..” CERT Recommends Vulnerability Assessment Mastercard and VISA demand periodic VA to maintain active e-commerce websites The Experts Say...
To preserve the uninterrupted operation of your business and intangible assets
To fix software failures that affect your company's security, performance or functionality
To enhance antivirus software, firewalls, IDS/IPS and VPNs
To achieve compliance with quality and management standards such as ISO17799/27000, Sarbanes Oxley, etc
Why Subscribe to a Vulnerability Assessment Service?
Collect all the possible information about the target Obtain administrator privileges on the attack system Take advantages of privileges Planning the attack YES NO Vulnerability Assessment Penetration Testing Differences between a Vulnerability Assessment and a Pen. Test Source: Core Obtain Information Vulnerability Assessment Information Planning Attack Report and Analyze results Clean Pivot Target definition Target definition Vulnerability Assessment Report What to probe? Attacker skill. Obtain Information Ready?
Reduces operating costs, minimizing TCO for vulnerability assessment and management tasks
Reduces human error and false positives, by a double checking with our security specialists and knowledge databases
Easy operation and implementation – it does not require network changes, special software or experts to make it works
Complements and adds value to firewalls, IDS and antivirus software, by detecting failures in their configuration
Speeds up security troubleshooting processes, presenting added information for a quick view the company's vulnerability state, complete details for each vulnerability ranked by risk level, and the recommended action for solving it