Your SlideShare is downloading. ×
Attaka Sapphire Managed Vulnerability Assessment
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Attaka Sapphire Managed Vulnerability Assessment

1,333
views

Published on

Sapphire Technologies - Security assessment - ATTAKA Platform

Sapphire Technologies - Security assessment - ATTAKA Platform

Published in: Business, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,333
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. ATTAKA Vulnerability Assessment and Management Platform April 2007
    • 2.
        • It is a process for the identification of networks and devices vulnerabilities, performed before intruders may exploit such security flaws
        • It is a process to detect possible flaws in security policies
        • Its result must prove whether the network security complies with the established policies.
      What is a Vulnerability Assessment? (VA)‏
    • 3.
        • Half Life The half-life identifies the length of time it takes users to patch half of their systems, reducing their exposures
        • Prevalence 50 percent of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis
        • Persistence Some of critical vulnerabilities remain persistent and their lifespan is unlimited
        • Exploitation Automated attacks create 85 percent of their damage within the first fifteen days from the outbreak and have an unlimited life time
      The 4 Laws of Vulnerabilities
    • 4. Creating a Balanced Security Ecosystem End Point Intelligence Topology Intelligence Threat Intelligence Regulations/ Policies Access Controls Traffic Inspection Blocking Alerting Forensics Proactive Reactive Light Spending Heavy Spending “ Current enterprise security spending tends to be focused on reactive technologies more than proactive technologies” – Amrit Williams, Gartner Threat Feeds Configuration Management Vulnerability Management Network Discovery IPS Firewall Anti-Virus IDS SIM/SEM Identification/ Authentication PKI Incident Response Compliance Systems NAC Asset Intelligence & Risk Reduction Blocking & Event Mgmt. “ Stop the Bullets” “ Shrink the Targets”
    • 5. "Enterprises that implement a vulnerability management process will experience 90 percent fewer successful attacks than those that make an equal investment only in intrusion detection systems" Gartner “ 99% of network intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were available.” Carnegie Mellon Univ. “ The Yankee Group recommends vulnerability management services for enterprises that would incur financial risk if their network or key business applications were to become unavailable due to a misconfiguration or cyberattack..” CERT Recommends Vulnerability Assessment Mastercard and VISA demand periodic VA to maintain active e-commerce websites The Experts Say...
    • 6.
      • To detect possible failures in security policies
      • To preserve the uninterrupted operation of your business and intangible assets
      • To fix software failures that affect your company's security, performance or functionality
      • To enhance antivirus software, firewalls, IDS/IPS and VPNs
      • To achieve compliance with quality and management standards such as ISO17799/27000, Sarbanes Oxley, etc
      Why Subscribe to a Vulnerability Assessment Service?
    • 7. Collect all the possible information about the target Obtain administrator privileges on the attack system Take advantages of privileges Planning the attack YES NO Vulnerability Assessment Penetration Testing Differences between a Vulnerability Assessment and a Pen. Test Source: Core Obtain Information Vulnerability Assessment Information Planning Attack Report and Analyze results Clean Pivot Target definition Target definition Vulnerability Assessment Report What to probe? Attacker skill. Obtain Information Ready?
    • 8. 2004 Lightning Console/Nessus Attaka 2005 The Birth of Vulnerability Management (agent-less)‏ Buffer Overflows Increase Sophistication New Attack Vectors emerge 2001 IP360 Product 2002 Foundscan Service/Product QualysScan Service/Product 2003 REM/Retina Product
    • 9.
      • VA with “service centric” vision
      • Attaka allows now to integrate all the participants through internal/external remediation, documentation and reporting workflows
      • They are not expensive, which allows to repeat them frequently, reinforcing the concept of "security = process", and they help carry out the complex processes to "be in compliance"
      • Integrates with company's Help Desk to provide greater support to clients
      • Gives users the possibility of interacting with their companies' security status, in a continuous and cooperative process
      ATTAKA transform in “ An integrated, collaborative and management Platform ” ATTAKA, a different kind of Vulnerability Assessment
    • 10.
      • ATTAKA assesses more than 15000 security vulnerabilities on network environments
      • It consists of the following modules:
        • Discovery:
          • Asset consolidation and assessment (internal and external).
        • Reporting:
          • Interactive, historical and dashboard reports with key indicators and summarized information on vulnerabilities, statistics and current infrastructure state
        • Remediation:
          • This includes documentation and workflow. Follow-up, improvement and resolution of issues are recorded in the Patch Management process (vulnerability remediation)‏
        • Support:
          • 24/7 on-line access based on a ITIL – Help Desk that provides support
      ATTAKA, a different kind of Vulnerability Assessment
    • 11.
        • ATTAKA is the only platform in Latin America in process of being recognized by MITRE (http://cve.mitre.org)‏
        • Segmentation for Servers and Workstations
        • 3 flavors:
          • Professional (Reporting)‏
          • Business (Reporting + Remediation)‏
          • Corporate (Reporting + Remediation + Support)‏
      ATTAKA, a different kind of Vulnerability Assessment
    • 12.
      • Dashboard report
      • Possibility of performing remote vulnerability assessments in LAN networks (ATTAKA indoor) without complex procedures
      • Searches by CVE code
      • Vulnerabilities remediation module (patch management)‏
      • Performs external and internal audits under the company management supervision
      • Security news module
      • Performance and scalability
      • Possibility of assessing hundreds of IPs per report/session
      • Integrate 24/7 on-line access based on a ITIL – Help Desk that provides support
      • Multi-language capability – Spanish and English
      ATTAKA, key features
    • 13. ATTAKA Outdoor
    • 14. The Block, VA Indoor Appliance “ The Block ”, full proof appliance to deliver LAN´s Remote vulnerability Assesments
      • Always up-to-date: periodically updated, including improvements and new attack patterns.
      • Impenetrable: can only be accessed from Openware’s Security Operation Center (SOC), and managed by authorized personnel.
      • Low impact: does not overload clients' network traffic or Internet links.
      • Flexible: can complement other security devices (firewalls) already working, or replace them providing complex functions.
      • Simple installation: transparent installation in front panel takes no more than 15 minutes and does not require installing agents in any server.
      • Integrated: it integrates with Openware’s managed security ecosystem, through monitoring and centralized platform (Blockware).
      • Secure: double internal Watchdog ensures high-availability.
      • High performance: high performance and throughput, allowing high-speed data processing without loss or bottlenecks.
    • 15. ATTAKA Indoor
    • 16. ATTAKA, Screenshots
    • 17.
      • Reduces operating costs, minimizing TCO for vulnerability assessment and management tasks
      • Reduces human error and false positives, by a double checking with our security specialists and knowledge databases
      • Easy operation and implementation – it does not require network changes, special software or experts to make it works
      • Complements and adds value to firewalls, IDS and antivirus software, by detecting failures in their configuration
      • Speeds up security troubleshooting processes, presenting added information for a quick view the company's vulnerability state, complete details for each vulnerability ranked by risk level, and the recommended action for solving it    
      ATTAKA, benefits for your business !
    • 18. THANK YOU!
      • For further information
      • Email: [email_address]
      • Site http://www.openware.biz/productos/attaka/attaka01_en.htm