More Related Content Similar to Uncover Vulnerabilities Beyond Software Vulnerabilities (20) Uncover Vulnerabilities Beyond Software Vulnerabilities2. WHAT IS A
VULNERABILITY?
02
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Vulnerability is a security loophole that can
be exploited by cybercriminals to gain
unauthorized access to the network.
However, CVEs or Software Vulnerabilities
are only considered as vulnerability leaving
behind the other security loopholes.
Are managing only CVEs or Software
vulnerabilities sufficient to prevent Cyber
Attacks?
3. 03
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Logon AutoStart
Untrusted Apps
Hardcoded secrets in PowerShell Script
Misconfigured Account Privileges
DNS Cache Poisoning
Exposed Assets and Data Sources
Poisoned Software Packages
Bypassing Security Controls
WHAT ARE ATTACKERS EXPLOITING TODAY?
Exposed Network Shares
Run or Start up Programs
VPN Software
Sensitive Information in Logs &
Scripts
4. 04
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
MITRE
ATTACK TECHNIQUES
▪ Logon AutoStart Execution
▪ DNS/DHCP Spoofing
▪ Start-up Folders
▪ Kernel Modules & Extension
▪ Logon Scripts
▪ Browser bookmark discovery/ Extensions
▪ Password Guessing
▪ Clipboard data
▪ Cloud discovery services
▪ Command & Script Interpreters/ PowerShell
▪ Python/ VB Scripts/JavaScript
▪ Web Services/ Cloud Services
▪ Network Share drives
▪ Digital Certificates
▪ File & Directory permissions
5. DIFFERENT TYPES OF
VULNERABILITIES
IN AN ATTACK SURFACE
05
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
https://www.secpod.com/vulnerability-
management/?utm_source=google&utm_medium=cpc&utm
_campaign=slideshare&utm_id=Slideshare
6. 06
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
SOFTWARE
VULNERABILITIES
Software vulnerability is a defect in a software
that could allow an attacker to gain
unauthorized access to the network. Some of
the popular software vulnerabilities include:
▪ Apache Webserver
▪ Log4J
▪ Exchange Servers
▪ Spring4shell
7. 07
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
MISCONFIGURATIONS
Security misconfigurations are inaccurately
configured settings that leave an
organization’s IT infrastructure at risk. Some
of the misconfigurations include:
▪ Weak Passwords
▪ Public Access to SMB shared
▪ Outdated Protocols
▪ Word-writable file
8. 08
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
IT ASSET
EXPOSURES
IT asset exposures comprises of the risks in
the IT infrastructure. Presence of any
malicious or shadow IT in the network will
lead to huge security mishaps. A few
examples of IT asset exposures:
▪ End of Life/ End of Support Software
▪ Untrusted Executables
▪ Unwanted Software
▪ Exposed Device
9. 09
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
MISSING CRITICAL
SECURITY PATCHES
Security patches are essential to update an
application or a system to fix a vulnerability
prevalent in them. Not patching them
continuously will lead to massive cyberattacks
like WannaCry.
10. 010
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
SECURITY CONTROL
DEVIATIONS &
ANOMALIES
Deviations or anomalies in crucial security
controls might open door for numerous
cyberattacks. A few of the security control
deviations include:
• Enabled IP Forwarding
• Disabled Firewall
• Non functioning Antivirus
• Lack of Device Encryption
11. 011
Copyright © 2008 - 2020 SecPod Technologies - AUTHORISED USE ONLY
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
HUMAN
WEAKNESSES
Humans are biggest attack vector in any IT
network. The recent CISO breach where an
attacker gain unauthorized access through an
employee’s personal vault is the biggest
example of humans as weak links.
12. 012
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
ATTACK SURFACE MANAGEMENT
OVERVIEW OF ORGANIZATIONS ATTACK SURFACE
Enterprise computing
infrastructure
Perimeter-less
personal device
Utilized software
services
Cloud infrastructure
▪ Applications running on cloud
infrastructure
▪ Data storage
External exposed
assets
13. 13
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
ADVANCED
VULNERABILITY
MANAGEMENT
FRAMEWORK
Gain Visibility into IT
Infrastructure
REPORT
VISIBILITY IDENTIFY
ASSESS
REMEDIATE PRIORITIZE
Vulnerabilities Misconfigurations Missing Patches Other Security
Risk Exposures
Assess security
risk from single
console and
insightful reports
Prioritise
vulnerabilities and
missing patches
based on severity
Patch
Vulnerabilities
Fix
Misconfigurations
Apply Security Controls
• Manage Vulnerabilities &
Security Risks Beyond CVEs
• Mitigate Vulnerabilities
On-time with Integrated
Remediation Controls
• Execute everything from a
truly integrated,
centralized console
• Automate end-to-end
tasks and establish a
continuous routine
Perform strategic
analysis with
insightful and
customizable
reports
Centralised
Management Console
APIs
APIs
14. For inquiries, contact us at: Email: info@secpod.com
WWW.SECPOD.COM
PREVENT CYBER ATTACKS.
CONTINUOUS. AUTOMATED.
TRY SANERNOW FREE