SlideShare a Scribd company logo

Uncover Vulnerabilities Beyond Software Vulnerabilities

SecPod
SecPod

Software Vulnerabilities contribute only to a portion of the security risks in your IT landscape. Your IT infrastructure is exposed to numerous vulnerabilities and security risks that are as threatening as CVEs or software vulnerabilities. Discovering and remediating all these vulnerabilities is essential to prevent your network from potential attacks. SanerNow Advanced Vulnerability Management (AVM) redefines vulnerabilities and manages numerous security risks, including software vulnerabilities. Topics discussed: • The different types of vulnerabilities lurking in the network • How attackers can exploit each of the vulnerabilities • How SanerNow discovers and mitigates these types of vulnerabilities

Technology
1 of 14
Download to read offline
Uncover Vulnerabilities Beyond Software Vulnerabilities CHANDRASHEKHAR B Founder and CEO, SecPod
WHAT IS A VULNERABILITY? 02 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Vulnerability is a security loophole that can be exploited by cybercriminals to gain unauthorized access to the network. However, CVEs or Software Vulnerabilities are only considered as vulnerability leaving behind the other security loopholes. Are managing only CVEs or Software vulnerabilities sufficient to prevent Cyber Attacks?
03 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Logon AutoStart Untrusted Apps Hardcoded secrets in PowerShell Script Misconfigured Account Privileges DNS Cache Poisoning Exposed Assets and Data Sources Poisoned Software Packages Bypassing Security Controls WHAT ARE ATTACKERS EXPLOITING TODAY? Exposed Network Shares Run or Start up Programs VPN Software Sensitive Information in Logs & Scripts
04 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY MITRE ATTACK TECHNIQUES ▪ Logon AutoStart Execution ▪ DNS/DHCP Spoofing ▪ Start-up Folders ▪ Kernel Modules & Extension ▪ Logon Scripts ▪ Browser bookmark discovery/ Extensions ▪ Password Guessing ▪ Clipboard data ▪ Cloud discovery services ▪ Command & Script Interpreters/ PowerShell ▪ Python/ VB Scripts/JavaScript ▪ Web Services/ Cloud Services ▪ Network Share drives ▪ Digital Certificates ▪ File & Directory permissions
DIFFERENT TYPES OF VULNERABILITIES IN AN ATTACK SURFACE 05 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY https://www.secpod.com/vulnerability- management/?utm_source=google&utm_medium=cpc&utm _campaign=slideshare&utm_id=Slideshare
06 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY SOFTWARE VULNERABILITIES Software vulnerability is a defect in a software that could allow an attacker to gain unauthorized access to the network. Some of the popular software vulnerabilities include: ▪ Apache Webserver ▪ Log4J ▪ Exchange Servers ▪ Spring4shell
07 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY MISCONFIGURATIONS Security misconfigurations are inaccurately configured settings that leave an organization’s IT infrastructure at risk. Some of the misconfigurations include: ▪ Weak Passwords ▪ Public Access to SMB shared ▪ Outdated Protocols ▪ Word-writable file
08 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY IT ASSET EXPOSURES IT asset exposures comprises of the risks in the IT infrastructure. Presence of any malicious or shadow IT in the network will lead to huge security mishaps. A few examples of IT asset exposures: ▪ End of Life/ End of Support Software ▪ Untrusted Executables ▪ Unwanted Software ▪ Exposed Device
09 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY MISSING CRITICAL SECURITY PATCHES Security patches are essential to update an application or a system to fix a vulnerability prevalent in them. Not patching them continuously will lead to massive cyberattacks like WannaCry.
010 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY SECURITY CONTROL DEVIATIONS & ANOMALIES Deviations or anomalies in crucial security controls might open door for numerous cyberattacks. A few of the security control deviations include: • Enabled IP Forwarding • Disabled Firewall • Non functioning Antivirus • Lack of Device Encryption
011 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY HUMAN WEAKNESSES Humans are biggest attack vector in any IT network. The recent CISO breach where an attacker gain unauthorized access through an employee’s personal vault is the biggest example of humans as weak links.
012 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY ATTACK SURFACE MANAGEMENT OVERVIEW OF ORGANIZATIONS ATTACK SURFACE Enterprise computing infrastructure Perimeter-less personal device Utilized software services Cloud infrastructure ▪ Applications running on cloud infrastructure ▪ Data storage External exposed assets
13 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY ADVANCED VULNERABILITY MANAGEMENT FRAMEWORK Gain Visibility into IT Infrastructure REPORT VISIBILITY IDENTIFY ASSESS REMEDIATE PRIORITIZE Vulnerabilities Misconfigurations Missing Patches Other Security Risk Exposures Assess security risk from single console and insightful reports Prioritise vulnerabilities and missing patches based on severity Patch Vulnerabilities Fix Misconfigurations Apply Security Controls • Manage Vulnerabilities & Security Risks Beyond CVEs • Mitigate Vulnerabilities On-time with Integrated Remediation Controls • Execute everything from a truly integrated, centralized console • Automate end-to-end tasks and establish a continuous routine Perform strategic analysis with insightful and customizable reports Centralised Management Console APIs APIs
For inquiries, contact us at: Email: info@secpod.com WWW.SECPOD.COM PREVENT CYBER ATTACKS. CONTINUOUS. AUTOMATED. TRY SANERNOW FREE

Recommended

Uncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesUncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software Vulnerabilities
SecPod
 
Gestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasGestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazas
Nextel S.A.
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Symantec
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
CSA Argentina
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
Tryzens
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
 
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
SecPod
 

Recommended

Uncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesUncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software Vulnerabilities
SecPod
 
Gestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasGestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazas
Nextel S.A.
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Symantec
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
CSA Argentina
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
Tryzens
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
 
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
SecPod
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
ssuserfb92ae
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
Kai Wähner
 
How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?
SecPod
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
Zscaler
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
TI Safe
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
Dell EMC World
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
David Berkelmans
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
Prime Infoserv
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
Eric Vétillard
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
MarketingArrowECS_CZ
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
EBERTE
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
langkahgontay88
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
Csa summit seguridad en el sddc
Csa summit seguridad en el sddcCsa summit seguridad en el sddc
Csa summit seguridad en el sddc
CSA Argentina
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
African Cyber Security Summit
 
Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022
SecPod
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
SecPod
 

More Related Content

Similar to Uncover Vulnerabilities Beyond Software Vulnerabilities

Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
Kai Wähner
 
How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?
SecPod
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
David Berkelmans
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 

Similar to Uncover Vulnerabilities Beyond Software Vulnerabilities (20)

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
 
Csa summit seguridad en el sddc
Csa summit seguridad en el sddcCsa summit seguridad en el sddc
Csa summit seguridad en el sddc
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022
 

More from SecPod

Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
SecPod
 
Align Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable ITAlign Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable IT
SecPod
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
SecPod
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?
SecPod
 
Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...
SecPod
 
How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?
SecPod
 

More from SecPod (15)

Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
 
Align Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable ITAlign Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable IT
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?
 
Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...
 
How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?
 
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
 
How to effectively monitor and manage IT assets in real-time using SanerNow
How to effectively monitor and manage IT assets in real-time using SanerNowHow to effectively monitor and manage IT assets in real-time using SanerNow
How to effectively monitor and manage IT assets in real-time using SanerNow
 
How to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNowHow to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNow
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
The Art of Managing and Securing Endpoints with SanerNow Patch Management
The Art of Managing and Securing Endpoints with SanerNow Patch ManagementThe Art of Managing and Securing Endpoints with SanerNow Patch Management
The Art of Managing and Securing Endpoints with SanerNow Patch Management
 
The Art of Managing and Securing Endpoints
The Art of Managing and Securing EndpointsThe Art of Managing and Securing Endpoints
The Art of Managing and Securing Endpoints
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Uncover Vulnerabilities Beyond Software Vulnerabilities

  • 2. WHAT IS A VULNERABILITY? 02 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Vulnerability is a security loophole that can be exploited by cybercriminals to gain unauthorized access to the network. However, CVEs or Software Vulnerabilities are only considered as vulnerability leaving behind the other security loopholes. Are managing only CVEs or Software vulnerabilities sufficient to prevent Cyber Attacks?
  • 3. 03 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Logon AutoStart Untrusted Apps Hardcoded secrets in PowerShell Script Misconfigured Account Privileges DNS Cache Poisoning Exposed Assets and Data Sources Poisoned Software Packages Bypassing Security Controls WHAT ARE ATTACKERS EXPLOITING TODAY? Exposed Network Shares Run or Start up Programs VPN Software Sensitive Information in Logs & Scripts
  • 4. 04 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY MITRE ATTACK TECHNIQUES ▪ Logon AutoStart Execution ▪ DNS/DHCP Spoofing ▪ Start-up Folders ▪ Kernel Modules & Extension ▪ Logon Scripts ▪ Browser bookmark discovery/ Extensions ▪ Password Guessing ▪ Clipboard data ▪ Cloud discovery services ▪ Command & Script Interpreters/ PowerShell ▪ Python/ VB Scripts/JavaScript ▪ Web Services/ Cloud Services ▪ Network Share drives ▪ Digital Certificates ▪ File & Directory permissions
  • 5. DIFFERENT TYPES OF VULNERABILITIES IN AN ATTACK SURFACE 05 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY https://www.secpod.com/vulnerability- management/?utm_source=google&utm_medium=cpc&utm _campaign=slideshare&utm_id=Slideshare
  • 6. 06 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY SOFTWARE VULNERABILITIES Software vulnerability is a defect in a software that could allow an attacker to gain unauthorized access to the network. Some of the popular software vulnerabilities include: ▪ Apache Webserver ▪ Log4J ▪ Exchange Servers ▪ Spring4shell
  • 7. 07 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY MISCONFIGURATIONS Security misconfigurations are inaccurately configured settings that leave an organization’s IT infrastructure at risk. Some of the misconfigurations include: ▪ Weak Passwords ▪ Public Access to SMB shared ▪ Outdated Protocols ▪ Word-writable file
  • 8. 08 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY IT ASSET EXPOSURES IT asset exposures comprises of the risks in the IT infrastructure. Presence of any malicious or shadow IT in the network will lead to huge security mishaps. A few examples of IT asset exposures: ▪ End of Life/ End of Support Software ▪ Untrusted Executables ▪ Unwanted Software ▪ Exposed Device
  • 9. 09 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY MISSING CRITICAL SECURITY PATCHES Security patches are essential to update an application or a system to fix a vulnerability prevalent in them. Not patching them continuously will lead to massive cyberattacks like WannaCry.
  • 10. 010 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY SECURITY CONTROL DEVIATIONS & ANOMALIES Deviations or anomalies in crucial security controls might open door for numerous cyberattacks. A few of the security control deviations include: • Enabled IP Forwarding • Disabled Firewall • Non functioning Antivirus • Lack of Device Encryption
  • 11. 011 Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY HUMAN WEAKNESSES Humans are biggest attack vector in any IT network. The recent CISO breach where an attacker gain unauthorized access through an employee’s personal vault is the biggest example of humans as weak links.
  • 12. 012 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY ATTACK SURFACE MANAGEMENT OVERVIEW OF ORGANIZATIONS ATTACK SURFACE Enterprise computing infrastructure Perimeter-less personal device Utilized software services Cloud infrastructure ▪ Applications running on cloud infrastructure ▪ Data storage External exposed assets
  • 13. 13 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY ADVANCED VULNERABILITY MANAGEMENT FRAMEWORK Gain Visibility into IT Infrastructure REPORT VISIBILITY IDENTIFY ASSESS REMEDIATE PRIORITIZE Vulnerabilities Misconfigurations Missing Patches Other Security Risk Exposures Assess security risk from single console and insightful reports Prioritise vulnerabilities and missing patches based on severity Patch Vulnerabilities Fix Misconfigurations Apply Security Controls • Manage Vulnerabilities & Security Risks Beyond CVEs • Mitigate Vulnerabilities On-time with Integrated Remediation Controls • Execute everything from a truly integrated, centralized console • Automate end-to-end tasks and establish a continuous routine Perform strategic analysis with insightful and customizable reports Centralised Management Console APIs APIs
  • 14. For inquiries, contact us at: Email: info@secpod.com WWW.SECPOD.COM PREVENT CYBER ATTACKS. CONTINUOUS. AUTOMATED. TRY SANERNOW FREE