Successfully reported this slideshow.
 
	
  
Marek	
  Skalicky,	
  CISM,	
  CRISC	
  	
  	
  
Managing	
  Director	
  for	
  Central	
  Eastern	
  Europe	
  
Qu...
SANS	
  TOP-­‐20	
  CriBcal	
  Security	
  Controls	
  
Critical Controls for Effective Cyber Defense
To secure against cy...
SANS	
  TOP-­‐20	
  CriBcal	
  Security	
  Controls	
  
Brief History of TOP-20 CSC
•  In 2008, the Office of the Secretar...
SANS	
  TOP-­‐20	
  CriBcal	
  Security	
  Controls	
  
5 critical principles ofeffective cyber defense system as reflecte...
SANS	
  TOP-­‐20	
  CriBcal	
  Security	
  Controls	
  
Critical Security Controls key-consortium members (US Federal agen...
SANS	
  TOP	
  20	
  CriBcal	
  Controls	
  	
  
•
•
•
•
Qualys	
  soluBon	
  for	
  Very-­‐High	
  to	
  Mid-­‐High	
  SANS	
  CriBcal	
  Controls	
  
•
•
•
•
VMVM
Vulnerability
...
CC1:	
  Inventory	
  of	
  Authorized	
  and	
  Unauthorized	
  Devices	
  	
  
	
  
Goal:	
  EffecBve	
  asset	
  manageme...
CC1:	
  Inventory	
  of	
  Authorized	
  and	
  Unauthorized	
  Devices	
  	
  
	
  
VMVM
Vulnerability
Management
Goal:	
  EffecBve	
  soXware	
  management	
  ensures	
  that	
  soXware	
  are	
  discovered,	
  
registered,	
  classified...
CC2:	
  Inventory	
  of	
  Authorized	
  and	
  Unauthorized	
  SoXware	
  
	
  
VMVM
Vulnerability
Management
PCPC
Policy...
CC3:	
  Secure	
  Base	
  ConfiguraBon	
  
Goal:	
  EffecBve	
  configuraBon	
  management	
  ensures	
  assets	
  are	
  con...
CC3:	
  Secure	
  Base	
  ConfiguraBon	
  
VMVM
Vulnerability
Management
PCPC
Policy
Compliance
CC4:	
  ConBnuous	
  Vulnerability	
  Assessment/RemediaBon	
  	
  
Goal:	
  EffecBve	
  	
  vulnerability	
  management	
 ...
CC4:	
  ConBnuous	
  Vulnerability	
  Assessment/RemediaBon	
  	
  
VMVM
Vulnerability
Management C
CC5:	
  Malware	
  Defenses	
  
Goal:	
  The	
  processes	
  and	
  tools	
  used	
  to	
  detect/prevent/correct	
  
inst...
CC5:	
  Malware	
  Defenses	
  
VMVM
Vulnerability
Management
PCPC
Policy
Compliance
VMVM
Vulnerability
Management
PCPC
Po...
CC6:	
  ApplicaBon	
  SoXware	
  Security	
  
Goal:	
  EffecBve	
  	
  applicaBon	
  security	
  ensures	
  	
  that	
  dev...
CC6:	
  ApplicaBon	
  SoXware	
  Security	
  
VMVM
Vulnerability
Management
PCPC
Policy
Compliance
PCIPCI
PCI
Compliance
W...
CC7:	
  Wireless	
  Device	
  Control	
  
Goal:	
  The	
  processes	
  and	
  tools	
  used	
  to	
  track/control/prevent...
CC7:	
  Wireless	
  Device	
  Control	
  
VMVM
Vulnerability
Management
P
Com
SANS	
  TOP	
  20	
  CriBcal	
  Controls	
  -­‐	
  REMINDER	
  	
  
•
•
•
•
QualysQuard Security and
Compliance Suite deli...
Thank You
mskalicky@qualys.com
Upcoming SlideShare
Loading in …5
×

QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting SANS TOP 20 Critical Controls

1,609 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting SANS TOP 20 Critical Controls

  1. 1.     Marek  Skalicky,  CISM,  CRISC       Managing  Director  for  Central  Eastern  Europe   QualysGuard Security & Compliance Suite supporting SANS TOP 20 Critical Controls Qualys  GmbH                                                                                                                      September,  2013  
  2. 2. SANS  TOP-­‐20  CriBcal  Security  Controls   Critical Controls for Effective Cyber Defense To secure against cyber attacks, organizations must vigorously defend their networks and systems from a variety of internal and external threats. They must also be prepared to detect and thwart damaging follow-on attack activities inside a network that has already been compromised. Two guiding principles are: "Prevention is ideal but detection is a must" and "Offense informs defense." The Goal of the Critical Controls The goal of the Critical Controls is to protect critical assets, infrastructure, and information by strengthening your organization's defensive posture through continuous, automated protection and monitoring of your sensitive information technology infrastructure to reduce compromises, minimize the need for recovery efforts, and lower associated costs. Strong emphasis on "What really Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.
  3. 3. SANS  TOP-­‐20  CriBcal  Security  Controls   Brief History of TOP-20 CSC •  In 2008, the Office of the Secretary of Defense asked the National Security Agency for help in prioritizing the myriad security controls that were available for cybersecurity with strong emphasis on "What really Works”. •  The request went to NSA because NSA best understood how cyber attacks worked and which attacks were used most frequently. •  A consortium of U.S. and international cyberdefense agencies quickly grew, and was joined by experts from private industry and around the globe. •  Surprisingly, the clear consensus of the consortium was that there were only 20 Critical Controls that addressed the most prevalent attacks found in government and industry. This then became the focus for an initial draft document. The draft of the 20 Critical Controls was circulated in 2009 to several hundred IT and security organizations for further review and comment. •  Over 50 organizations commented on the draft. They endorsed the concept of a focused set of controls and the selection of the 20 Critical Controls. •  Last release - Version 4.1, March, 2013
  4. 4. SANS  TOP-­‐20  CriBcal  Security  Controls   5 critical principles ofeffective cyber defense system as reflected in the Critical Controls are: 1.  Offense informs defense: Use knowledge of actual attacks that have compromised systems to provide the foundation to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks. 2.  Prioritization: Invest first in controls that will provide the greatest risk reduction and protection against the most dangerous threat actors, and that can be feasibly implemented in your computing environment. 3.  Metrics: Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quickly. 4.  Continuous monitoring: Carry out continuous monitoring to test and validate the effectiveness of current security measures. 5.  Automation: Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the controls and related metrics.
  5. 5. SANS  TOP-­‐20  CriBcal  Security  Controls   Critical Security Controls key-consortium members (US Federal agencies)
  6. 6. SANS  TOP  20  CriBcal  Controls     • • • •
  7. 7. Qualys  soluBon  for  Very-­‐High  to  Mid-­‐High  SANS  CriBcal  Controls   • • • • VMVM Vulnerability Management PP Po Com VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance WASWAS Web Application Scanning MM Ma Detecti VMVM Vulnerability Management PCPC Policy Compliance PP Com VMVM Vulnerability Management PCPC Policy Compliance PP Com VMVM Vulnerability Management PP Po Com VMVM Vulnerability Management VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance WASWAS Web Application Scanning MM Ma Detecti VMVM Vulnerability Management VMVM Vulnerability Management PP Po Com VMVM Vulnerability Management PCPC Policy Compliance PP Com VMVM Vulnerability Management PCPC Policy Compliance PP Com VMVM Vulnerability Management
  8. 8. CC1:  Inventory  of  Authorized  and  Unauthorized  Devices       Goal:  EffecBve  asset  management  ensures  that  assets  are  discovered,  registered,   classified,  and  protected  from  aPackers  who  exploit  vulnerable  systems  accessible   via  the  Internet.       How  QualysGuard  supports  this:     VM  gives  full  asset  visibility  over  live  devices  with  network  mapping:     Size  of  Network   Machine  Types     LocaBon     VM  detects  authorized  and  unauthorised  devices:     Authorized     Unauthorized     VM  offers  full  support  for  automaBon     Scans  are  scheduled  (conBnuous,  daily,  weekly  etc)         Delta  reports  for  changes     AlerBng,  BckeBng     API  for  integraBon  for  example  with    Asset  management  tools   VMVM Vulnerability Management
  9. 9. CC1:  Inventory  of  Authorized  and  Unauthorized  Devices       VMVM Vulnerability Management
  10. 10. Goal:  EffecBve  soXware  management  ensures  that  soXware  are  discovered,   registered,  classified,  and  protected  from  aPackers  who  exploit  vulnerable  soXware.       How  QualysGuard  supports  this:     VM  &  POL  gives  full  soXware  visibility  with  scanning:     OperaBng  Systems     ApplicaBons     Versions   Patch  Level     VM  &  POL  gives  BlacklisBng  of  unauthorised  soXware  and  services   VM  &  POL  gives  WhitelisBng  of  authorised  soXware  and  services   VM  provides  InteracBve  Search     VM  &  POL  offers  full  support  for  automaBon     Scheduled  scans  &  reports     Email  reports     AlerBng  on  excepBons     TickeBng     API  for  IntegraBon  with  Asset  Management  tools   CC2:  Inventory  of  Authorized  and  Unauthorized  SoXware     VMVM Vulnerability Management VMVM Vulnerability Management PCPC Policy Compliance
  11. 11. CC2:  Inventory  of  Authorized  and  Unauthorized  SoXware     VMVM Vulnerability Management PCPC Policy Compliance VMVM Vulnerability Management PCPC Policy Compliance
  12. 12. CC3:  Secure  Base  ConfiguraBon   Goal:  EffecBve  configuraBon  management  ensures  assets  are  configured  based  on   industry  standards  and  protected  from  aPackers  who  find  and  exploit  misconfigured   systems.       How  QualysGuard  supports  this:     ConfiguraBon  validaBon  of  each  system   Build  in  controls  catalogue:  CIS,  SCAP,  FDCC   User  Defined  Controls     Golden  image  policy   ReporBng  on  deviaBon  from  the  baseline   With  full  support  for  automaBon     Scheduled  scans  &  reports     Email  reports     AlerBng  on  excepBons     TickeBng     API  for  IntegraBon  with  GRC  tools       VMVM Vulnerability Management PCPC Policy Compliance
  13. 13. CC3:  Secure  Base  ConfiguraBon   VMVM Vulnerability Management PCPC Policy Compliance
  14. 14. CC4:  ConBnuous  Vulnerability  Assessment/RemediaBon     Goal:  EffecBve    vulnerability  management  will  ensure  that  assets  are  monitored  for   vulnerabiliBes  and  are  patched,  upgraded  or  services  disabled  to  protect  from   exploit  code.       How  QualysGuard  supports  this:     Scheduled  &  On  demand  Vulnerability  Scanning   ConBnuous  Vulnerability  Assessment       AuthenBcated  Scanning     Patch  VerificaBon     Report  on  Unauthorized  Services   With  full  support  for  automaBon     Scheduled  scans  &  reports     Email  reports     AlerBng  on  excepBons     TickeBng  with  SLA  metrics  and  confirmaBon     API  for  IntegraBon  with  IPS,  SIEM  etc   VMVM Vulnerability Management
  15. 15. CC4:  ConBnuous  Vulnerability  Assessment/RemediaBon     VMVM Vulnerability Management C
  16. 16. CC5:  Malware  Defenses   Goal:  The  processes  and  tools  used  to  detect/prevent/correct   installaBon  and  execuBon  of  malicious  soXware  on  all  devices.     How  QualysGuard  supports  this:     Vulnerability  Scan  can  detect  installed  Malware  by  running   malicious  services   AuthenBcated  Vulnerability  Scan  can  detect  installed  Malware  in   file-­‐system  and  registries   Vulnerability  Report  will  report  discovered  Malware         Web  ApplicaBon  Scan  now  contains  Malware  DetecBon  Scan  for   web  applicaBons   StaBc  signatures  and  Behavioural  Analyses  of  HTML  code     Malware  Scan  of  web  apps  prevent  clients  from  being  infected   by  corporate  web  sites     VMVM Vulnerability Management VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance WASWAS Web Application Scanning De
  17. 17. CC5:  Malware  Defenses   VMVM Vulnerability Management PCPC Policy Compliance VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance WASWAS Web Application Scanning
  18. 18. CC6:  ApplicaBon  SoXware  Security   Goal:  EffecBve    applicaBon  security  ensures    that  developed  and  3rd   party  delivered  applicaBons  are  protected  from  aPackers  who  inject   specific  exploits  to  gain  control  over  vulnerable  machines.       How  QualysGuard  supports  this:     Scheduled  &  On  demand  Web  ApplicaBon  Scanning   OWASP  TOP-­‐10  and  WASC  TOP-­‐10  VulnerabiliBes  supported     Web  applicaBon  discovery  (web  crawling)     User  -­‐  AuthenBcaBon  support     Fully  unaPended  and  automated   Part  of  development  lifecycle     With  full  support  for  automaBon     Scheduled  scans  &  reports     TickeBng  with  SLA  metrics  and  confirmaBon     API  for  IntegraBon  with  WAF   WAF  provides  acBve  protecBon  of  corporate  data  and  reputaBon   provided  via  web  applicaBon  interface   PrevenBon  with  WAS  and  ProtecBon  with  WAF  available  in  the   same  UI  and  integrated  security  suite       VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance WASWAS Web Application Scanning Dete
  19. 19. CC6:  ApplicaBon  SoXware  Security   VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance Web WASWAS Web Application Scanning MDSMDS Malware Detection Service
  20. 20. CC7:  Wireless  Device  Control   Goal:  The  processes  and  tools  used  to  track/control/prevent/correct  the  security  use  of   wireless  local  area  networks  (LANS),  access  points,  and  wireless  client  systems.         How  QualysGuard  supports  this:     •  VM  Network  Mapping  can  discover  Wireless  hotspots,  segments  and  wireless  devices   connected  via  IP  ranges.     •  VM  Vulnerability  Scanning  can  discover  over  30  vulnerabiliBes  specific  for  various  wireless   hotspots  plaeorms  and  vendors     •  API  integraBon  with  AirTight  Wireless  Security  Appliance  provides  integrated  reporBng       VMVM Vulnerability Management
  21. 21. CC7:  Wireless  Device  Control   VMVM Vulnerability Management P Com
  22. 22. SANS  TOP  20  CriBcal  Controls  -­‐  REMINDER     • • • • QualysQuard Security and Compliance Suite delivers High and Very High effect on Cyber-Attack Mitigation!
  23. 23. Thank You mskalicky@qualys.com

×