Risk ManagementFix what matters most….firstDrs. René Pieëte, CISSPSenior SE Manager Northern EuropeDecember 12th , 2012
Current Threat Landscape                                       “TJ MAXX’s $1 billion                                      ...
The Need                 Companies struggle to determine where to                 focus security efforts              Thre...
CURRENT APPROACHto dealing with threatsLOG FILES           CONSOLES          PHONE CALLS/EMAILS       SPREADSHEETSMINUTES ...
RISK AND COMPLIANCEHolistic Approach   DIAGNOSE           PROTECT   MANAGE                                     HR         ...
Risk & Compliance: Diagnose     DISCOVER                     ASSESS                 QUANTIFY RISK  Automatic asset discove...
McAfee Vulnerability Manager      DIAGNOSE                       MANAGE                          PROTECT                  ...
MVM for Web Apps      DIAGNOSE                      MANAGE                          PROTECT                  • Web Applica...
MVM for Databases      DIAGNOSE                        MANAGE                               PROTECT                  • Ove...
McAfee Policy Auditor       DIAGNOSE         MANAGE   PROTECT Policy Auditor Policy Auditor Patch Status Dashboard
McAfee Policy Auditor      DIAGNOSE                       MANAGE                          PROTECT                  • Agent...
Risk & Compliance: Protect     ENFORCE                     DENY ACCESS                            CONTROL      Enforce pol...
McAfee Application Control      DIAGNOSE                          MANAGE                                PROTECT           ...
McAfee Change Control      DIAGNOSE                        MANAGE                       PROTECT                     • Inte...
McAfee Database Activity Monitoring      DIAGNOSE                             MANAGE                                PROTEC...
McAfee Risk Advisor        DIAGNOSE                               MANAGE                         PROTECT• Correlates vulne...
COUNTERMEASURE AWARERisk Management                                                                                       ...
2012-12-12 Seminar McAfee Risk Management
Upcoming SlideShare
Loading in …5
×

2012-12-12 Seminar McAfee Risk Management

1,062 views

Published on

In de praktijk blijkt het vaak lastig te bepalen welke risico’s een organisatie loopt en wat daarvoor een passend beveiligingsniveau is. Deze kennis is echter wel noodzakelijk om de juiste maatregelen te nemen en effectief in informatiebeveiliging te investeren. Pinewood organiseerde op 12 december 2012 in samenwerking met McAfee een seminar die hierop inspeelde. Handige tools zoals Risk Management en McAfee Nitro (het SIEM product van McAfee) en de pragmatische aanpak van Pinewood bieden concrete handvatten en inzicht om tot een effectief informatiebeveiligingsbeleid te komen.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,062
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
41
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2012-12-12 Seminar McAfee Risk Management

  1. 1. Risk ManagementFix what matters most….firstDrs. René Pieëte, CISSPSenior SE Manager Northern EuropeDecember 12th , 2012
  2. 2. Current Threat Landscape “TJ MAXX’s $1 billion data breach”Playstation breach called one TJ MAXX first large database Biggest breach so far, over Security leak in MySQL easyof the largest ever; Sony breach. 45 mln. credit card 150 mln. credit card records to use. Huge amount ofshould have alerted customers records stolen. stolen. exploits expected by securitysooner, some say experts. (CVE-2012-2122)50% of EMEA healthcare Mcdonalds and Walgreens: Lockheed strengthens network Hackers get Symantec anti-organizations unaware of email addresses, birth dates security after hacker attack virus source codesecurity threats stolen by hackers
  3. 3. The Need Companies struggle to determine where to focus security efforts Threats increasing at an alarming rate 97% of organizations lack visibility into risk posture
  4. 4. CURRENT APPROACHto dealing with threatsLOG FILES CONSOLES PHONE CALLS/EMAILS SPREADSHEETSMINUTES HOURS DAYS WEEKS
  5. 5. RISK AND COMPLIANCEHolistic Approach DIAGNOSE PROTECT MANAGE HR BPM 61 64 60 62 63
  6. 6. Risk & Compliance: Diagnose DISCOVER ASSESS QUANTIFY RISK Automatic asset discovery Uncover vulnerabilities Real-time risk profile Comprehensive and Audit configurations and Address highest risks to customized views policies optimize protection and minimize cost Eliminate disruption to critical business apps
  7. 7. McAfee Vulnerability Manager DIAGNOSE MANAGE PROTECT • Agentless Vulnerability Scanner with the broadest checks of any in the market (>40,000 and growing) Policy Auditor • Automatic asset discovery includes a dozen techniques to find everything • Scalable to millions of IP addresses MVM Database • Detects over 437 operating system types • False positives next to zero MVM Web • Credentialed, non-credentialed • Open database allows unparalleled access to vulnerability data MVM • Integration with McAfee products and your applications via an open API • Deployment options include appliance, software, virtual, and SaaS
  8. 8. MVM for Web Apps DIAGNOSE MANAGE PROTECT • Web Application Scanner fully integrated into MVM assets and workflow • Web app discovery/crawl and map; sitemap report Policy Auditor • Scanning covers OWASP, PCI, CWE • Capable of authenticating and scanning protected web applications MVM Database • Web scan configurations (entry URLs, exclude URLs, etc) and credential sets MVM Web • Meaningful reports: request made, injection point, response given • “Safe mode” scanning MVM
  9. 9. MVM for Databases DIAGNOSE MANAGE PROTECT • Over 4,300 vulnerability checks Patch levels, Weak passwords, Configuration baselining (CIS/STIG) Policy Auditor Backdoor detection, Sensitive data discovery (PII, SSN, etc) Vulnerable PL/SQL code, Unused features, Custom checks MVM Database • Reports in countless formats according to stakeholders: DBA, Developers, InfoSec, Audit • Fully Managed from ePO MVM Web MVM
  10. 10. McAfee Policy Auditor DIAGNOSE MANAGE PROTECT Policy Auditor Policy Auditor Patch Status Dashboard
  11. 11. McAfee Policy Auditor DIAGNOSE MANAGE PROTECT • Agent based audit automation against regulations, standards, and best practices Policy Auditor PCI, SOX, HIPAA, FISMA ISO, COBIT MVM Database CIS, DISA, FDCC, STIG • Broad Win/UNIX/Linux/Mac support MVM Web • Supports industry standard SCAP and supporting protocols (CVE, CPE, CCE, OVAL, XCCDF, CVSS) • Integration with MVM for agentless SCAP scanning MVM • PA Content Creater • Gold system baselining • ePO Integration
  12. 12. Risk & Compliance: Protect ENFORCE DENY ACCESS CONTROL Enforce policies Deny unauthorized access Increase control and visibility Real-time change Dynamic Application Whitelisting Improve system integrity, monitoring Zero-day protection availability and performance Prevent compliance drift by Protection for embedded Reduce operating expense enforcing policies and systems configurations
  13. 13. McAfee Application Control DIAGNOSE MANAGE PROTECT • Dynamic Whitelisting prevents unauthorized applications from running Database Activity Application attempts to launch Monitoring Could be an executable or OS component MAC verifies binary code from Whitelist Change Control If not in Whitelist, then program is not launched Attempt is logged for alerts and auditing • Memory Protection (three different types) protects against known Application and unknown buffer overflow attacks Control • Image deviation allows customers to compare their deployed images to a desired standard image with on-demand reporting.
  14. 14. McAfee Change Control DIAGNOSE MANAGE PROTECT • Integrity Monitoring alerts on critical and unauthorized changes Database Activity • File Integrity Monitoring provides real-time tracking across Monitoring Win/UNIX/Linux • Change Reconciliation tracks changes to their corresponding Change Requests within Remedy Change Control • Change Prevention selectively prevents out-of-policy changes and logs any attempted out-of-policy change Application Control
  15. 15. McAfee Database Activity Monitoring DIAGNOSE MANAGE PROTECT • “Inside Out” protection leveraging unique memory-based, read-only sensor in memory • Just another process at OS level Database Activity • No kernel changes or reboots Monitoring • No database packages or scripts • High performance, zero latency • Full segregation of duties and audit trails Change Control DBA, sysadmins, InfoSec • Optimized for Virtualization & Cloud Memory-based monitoring sees VM-to-VM traffic Application Agent-based model supports distributed /cloud environments • Virtual Patching (vPatch) protects against known and unknown attacks without downtime Control or code changes until you can patch
  16. 16. McAfee Risk Advisor DIAGNOSE MANAGE PROTECT• Correlates vulnerabilities, global threat data, and countermeasures• Improves security effectiveness using risk scores and ROI of deployed security products• Enables risk-based approach to critical patching decisions• Fully customizable IT Risk Dashboards• Rule driven alerts• “What If” Analysis for new countermeasures
  17. 17. COUNTERMEASURE AWARERisk Management Stuxnet McAfee Risk Advisor Conficker 001 100 110 010011 100 1001 100110 11 1 110 10 010011 010011 100 1001 100110 11 100 1 110 10 010011 001 100 110 GTI 11 001 100 010011 100 10010001 100110 11 1 110 10 110 Threat feed Aurora AV LOW HIGH Vulnerabilities HIPS Configuration Countermeasures System State Patch level NSP Applications MAC Critical systems

×