Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges


Published on

“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.

This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.

- Understand why the existing approaches, processes and technologies for IT security get less effective over time

- Know what metrics and analytics are missing from your current strategy

- Recognise how risk analytics can be used to automate and secure your network devices

- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

  1. 1. Risk Analytics: Using your Data to Solve Security Challenges Gidi Cohen CEO and Founder, Skybox Security Infosec Europe, 1 May 2014
  2. 2. © 2014 Skybox Security Inc. 2 Skybox Security Overview  Powerful security management platform – Vulnerability and threat management – Firewall assessment – Network change management  Customers include: Risk Analytics for Cyber Security
  3. 3. © 2014 Skybox Security Inc. 3 Risk Analytics: Using your Data to Solve Security Challenges Agenda  Cyber Attacks - The Management Challenge  Risk Analytics - Attack Surface Visibility  Making Use of Risk Analytics – Network Security Management – Vulnerability and Threat Management
  4. 4. © 2014 Skybox Security Inc. 4 Enterprises are Unable to Defend Against Cyber Attacks  Hacking incidents reported in 20131 63,000 110 Million Data records lost at Target stores alone1 £7 Million  Annual cost of cyber attacks reported by enterprise2 Sources: 12013 Verizon Data Breach Report, 2 2013 Ponemon Cost of Cyber Crime Study Coordinated ATM heist2
  5. 5. © 2014 Skybox Security Inc. 5 Attackers Understand Your Attack Surface …You Don’t Expansion Drivers Vulnerabilities Endpoints Exploits Contraction Drivers Network segmentation Fixing vulnerabilities Technical Controls Minutes to attack, months to defend
  6. 6. © 2014 Skybox Security Inc. 6 Security Processes Can’t Keep Up Will spend more on 2014 security3 Common Problems  Too much data  Too many changes  Disruptive  No context  Difficult to analyze  Unable to take action 48% Source: 32014 Cyberthreat Defense Report by CyberEdge Group
  7. 7. © 2014 Skybox Security Inc. 7 Take HeartBleed, Please!  Attacks using publicly known vulnerabilities in commercial software4 75% Old data  Over half of organizations have vulnerability data over 90 days old3  In April, HeartBleed vulnerabilities revealed by Apple, Cisco, Google, Symantec, Oracle, IBM, Fortinet, McAfee, HP… Source: 4“Raising the Bar for Cybersecurity”, J.A. Lewis, Center for Strategic and Intl Studies, Feb 2013
  8. 8. © 2014 Skybox Security Inc. 8 Network Visibility: Topology Routing Policies Firewalls Endpoints Visibility: Software Patches Vulnerabilities Classification Use Risk Analytics to Understand Your Attack Surface - Continuously Attack Vectors Risk Metrics Remediation Plan Network Visualization Contextual Analysis
  9. 9. © 2014 Skybox Security Inc. 9 Network Visibility  Hosts, devices, zones  Firewall rules(ACLs)  Routing, NAT, VPN  Path Analysis Firewall allows port open from the internet Complete understanding of network topology, segmentation and connectivity
  10. 10. © 2014 Skybox Security Inc. 10 Device Level Analysis  Access Policy Compliance  Rule base analysis – Usage – Shadowed / Redundant rules  Platform configuration compliance  IPS Signatures analysis
  11. 11. © 2014 Skybox Security Inc. 11 Endpoint Visibility – Servers, Desktops, Mobile, Cloud  Installed software and versions  Installed and missing patches  Vulnerabilities  Asset classification Detailed understanding of configuration and vulnerabilities of all hosts
  12. 12. © 2014 Skybox Security Inc. 12 Analytic Approach to Scanless Vulnerability Discovery Hosts & Network Devices Installed products, missing patches (CPE) Vuln List (CVE) Create a profile of the products Apply rules to extract vulnerabilities System config repository
  13. 13. © 2014 Skybox Security Inc. 13 Analytics Give You a Continuous View of Vulnerabilities Time Month 1 Month 2 Month 3 50% Combining active scanning and analytics based vulnerability detection 100% Active scanner Analytics -based detection
  14. 14. © 2014 Skybox Security Inc. 14 Network and Endpoint Visibility  Threat Origins and Exploitable Vulnerabilities Internet Hacker Compromised Partner Rogue Admin Vulnerabilities CVE 2014-0160 CVE 2014-0515 CVE 2014-1776
  15. 15. © 2014 Skybox Security Inc. 15 Add Attack Simulation  Automatic Identification of Attack Vectors Internet Hacker Compromised Partner Attack Simulations Rogue Admin Vulnerabilities CVE 2014-0160 CVE 2014-0515 CVE 2014-1776
  16. 16. © 2014 Skybox Security Inc. 16 Look for “Hot Spots” Risk and Exposure Based Prioritization Enabling Optimal and Timely Remediation Attack Vectors Virtual pen test Target concentrations of vulns to reduce overall risk Target attack vectors against critical assets Look for Attack Vectors Target specific high risk attack vectors to assets Vendor Security Bulletins Business Units Vulnerability Severity Geo/ Tech Group
  17. 17. © 2014 Skybox Security Inc. 17 Verify Compliance Model Network Applying Risk Analytics to Network Security Management Processes Analyse Firewalls Manage Changes Find security gaps in all firewalls Check internal and external policies Correlate network security data Saves time Answers in minutes Stay compliant Avoid risk Check planned changes in advance
  18. 18. © 2014 Skybox Security Inc. 18 RemediateDiscover Minutes not months Analyse Threat Response Scanless Cover entire infrastructure Find all risks automatically Prioritize by risk Context- driven remediation Applying Risk Analytics to Vulnerability and Threat Management Identify relevant threats Focus Fix Monitor
  19. 19. © 2014 Skybox Security Inc. 19 In Summary • Continuous visibility of attack surface is critical • Combine network and endpoint data • Use analytics to examine attack vectors Focus on the Attack Surface • Drive automation at every step • Stay ahead of the attacks Integrate into Security Processes
  20. 20. © 2014 Skybox Security Inc. 20 Thank you. Request a Skybox product demo today.