THREAT INTELLIGENCE: THE KEY TO A
COMPLETE VULNERABILITY MANAGEMENT STRATEGY
Sandy Hawke
VP, Product Marketing
@sandybeach...
KEY DISCUSSION POINTS
Rethinking Vulnerability
Management
Overcoming challenges
Overview of vulnerability
scanning techniq...
WHY DO WE DO VULNERABILITY
MANAGEMENT?
WHY DO WE DO VULNERABILITY
MANAGEMENT?

BECAUSE THAT’S WHAT ATTACKERS EXPLOIT.
SO WHY ISN’T VULNERABILITY
MANAGEMENT DONE IN THE CONTEXT
OF ACTUAL THREATS?






Historical: limitations of
initial p...
OVERCOMING
OPERATIONAL
CHALLENGES
COMMON CHALLENGES
With vulnerability management programs
Prioritizing remediation tasks

•
•

Which vulnerability matters ...
IS THIS WHAT YOUR VULNERABILITY
REPORT LOOKS LIKE?

What are you supposed to do with this?
PRIORITIZING VULNERABILITIES
Avoiding the “vulnerability visibility vacuum”

•
•

View vulnerabilities inside the context ...
VIEWING VULNERABILITIES IN THE CONTEXT OF THREATS
Step 3: Follow step-by-step guidance in
responding to the threat.
Step 1...
REMOVING FALSE POSITIVES
Leverage a variety of scanning techniques




Continuous Vulnerability Monitoring
correlate dat...
OPTIMIZING WORKFLOWS
Breaking down silos






Streamline this process:
 Run the scan, vet the data, prioritize
remedi...
USING A UNIFIED, THREATBASED APPROACH FOR
VULNERABILITY MANAGEMENT
Piece it all
together

Look for strange
activity which could
indicate a threat

Start looking
for threats

What
functional...
Piece it all
together

Look for strange
activity which could
indicate a threat

Start looking
for threats

Asset Discovery...
Piece it all
together

Look for strange
activity which could
indicate a threat

Start looking
for threats

Asset Discovery...
Piece it all
together

Look for strange
activity which could
indicate a threat

Threat
Detection

Asset Discovery
•
•
•
•
...
Piece it all
together

Behavioral
Monitoring

Asset Discovery
•
•
•
•

What
functionality
do I need?

Asset
Discovery

Act...
Security
Intelligence

Behavioral
Monitoring

What
functionality
do I need?

Asset Discovery
•
•
•
•

Asset
Discovery

Act...
Security
Intelligence

Behavioral
Monitoring

Unified
Security
Management

Asset Discovery
•
•
•
•

Asset
Discovery

Activ...
WHY ALIENVAULT USM?







All-in-one functionality
 Vulnerability assessment within a broader
context
 Targeted reme...
ALIENVAULT LABS THREAT INTELLIGENCE:
SECURITY FOR YOU, POWERED BY ALL

22
ALIENVAULT LABS THREAT INTELLIGENCE:
COMPLETE COVERAGE TO STAY AHEAD OF THE THREAT











Network and host-base...
CUSTOMER SUCCESS
ACHIEVING COMPLETE VULNERABILITY MANAGEMENT

 Unify your security monitoring controls for better
visibility into vulnerab...
NOW FOR SOME Q&A…
Three Ways to Test Drive AlienVault
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Tr...
Upcoming SlideShare
Loading in …5
×

Threat Intelligence: The Key To A Complete Vulnerability Management Strategy

4,233 views

Published on

While vulnerability assessments are essential, considering vulnerability data in a vacuum greatly limits your ability to prioritize your action plan in an effective way. Without the context of which vulnerabilities are the most severe, which are actively being targeted, which are on critical assets, etc, you may waste time checking things off the list without actually improving security.
Join AlienVault for this session to learn:
- Strategies for addressing common vulnerability management challenges
- The pros and cons of different vulnerability scanning techniques
- How to integrate threat intelligence into your vulnerability management strategy

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,233
On SlideShare
0
From Embeds
0
Number of Embeds
34
Actions
Shares
0
Downloads
122
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • Transform flat reporting into rich contextual data
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  • http://www.techvalidate.com/product-research/alienvault-unified-security-management-platform/charts
  • Threat Intelligence: The Key To A Complete Vulnerability Management Strategy

    1. 1. THREAT INTELLIGENCE: THE KEY TO A COMPLETE VULNERABILITY MANAGEMENT STRATEGY Sandy Hawke VP, Product Marketing @sandybeachSF
    2. 2. KEY DISCUSSION POINTS Rethinking Vulnerability Management Overcoming challenges Overview of vulnerability scanning techniques Benefits of shared threat intelligence Customer feedback Key takeaways Q&A 2
    3. 3. WHY DO WE DO VULNERABILITY MANAGEMENT?
    4. 4. WHY DO WE DO VULNERABILITY MANAGEMENT? BECAUSE THAT’S WHAT ATTACKERS EXPLOIT.
    5. 5. SO WHY ISN’T VULNERABILITY MANAGEMENT DONE IN THE CONTEXT OF ACTUAL THREATS?    Historical: limitations of initial products to market Became part of a “silo’ed” process Many have taken the “checklist” mindset in approaching this problem.
    6. 6. OVERCOMING OPERATIONAL CHALLENGES
    7. 7. COMMON CHALLENGES With vulnerability management programs Prioritizing remediation tasks • • Which vulnerability matters most? What’s the larger risk context? Active threats? Removing false positives • What can I do to reduce this “noise”? Optimizing workflows • • How do I minimize disruption but maximize accuracy? How do I go from a static report to active remediation? (e.g. who owns this vulnerable asset anyway?)
    8. 8. IS THIS WHAT YOUR VULNERABILITY REPORT LOOKS LIKE? What are you supposed to do with this?
    9. 9. PRIORITIZING VULNERABILITIES Avoiding the “vulnerability visibility vacuum” • • View vulnerabilities inside the context of actual threats – both global and local At a glance, be able to understand: • What other software is installed on these systems? • What type of traffic do these vulnerable hosts generate? • Who owns these systems? • Have these systems been targeted by known attackers? • Are there recent alarms in my SIEM that have been triggered involving vulnerable systems?
    10. 10. VIEWING VULNERABILITIES IN THE CONTEXT OF THREATS Step 3: Follow step-by-step guidance in responding to the threat. Step 1: Immediately identify known malicious IPs targeting these vulns. Step 2: Review vulnerabilities on assets that are being targeted in active threats.
    11. 11. REMOVING FALSE POSITIVES Leverage a variety of scanning techniques   Continuous Vulnerability Monitoring correlate data from asset discovery & inventory scans with the latest known vulnerabilities  Benefits: avoids network “noise”; minimizes system impact; requires minimal resources Active Network Scanning actively scan to identify vulnerable services and software.  Authenticated – more accurate, but potentially more impactful  Unauthenticated – less accurate, but less impactful
    12. 12. OPTIMIZING WORKFLOWS Breaking down silos    Streamline this process:  Run the scan, vet the data, prioritize remediation* based on global and local threat intelligence, then re-run a validation scan. Document the process:  Integrated ticketing system makes this much easier. Secret to success?  Having all of the essential functionality in one place. *sometimes this is a patch, and sometimes it’s a workaround.
    13. 13. USING A UNIFIED, THREATBASED APPROACH FOR VULNERABILITY MANAGEMENT
    14. 14. Piece it all together Look for strange activity which could indicate a threat Start looking for threats What functionality do I need? Figure out what is valuable Identify ways the target could be compromised 14
    15. 15. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Identify ways the target could be compromised 15 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory
    16. 16. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Vulnerability Assessment 16 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing
    17. 17. Piece it all together Look for strange activity which could indicate a threat Threat Detection Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Vulnerability Assessment 17 Network IDS Host IDS Wireless IDS File Integrity Monitoring
    18. 18. Piece it all together Behavioral Monitoring Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment 18 • • • Log Collection Netflow Analysis Service Availability Monitoring
    19. 19. Security Intelligence Behavioral Monitoring What functionality do I need? Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 19 SIEM Event Correlation Incident Response
    20. 20. Security Intelligence Behavioral Monitoring Unified Security Management Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 20 SIEM Event Correlation Incident Response
    21. 21. WHY ALIENVAULT USM?    All-in-one functionality  Vulnerability assessment within a broader context  Targeted remediation, easier to manage Flexible reporting, multiple modules, formats & queries… as detailed as you want it. Threat intelligence from AlienVault Labs  Know WHO is targeting vulnerabilities, HOW they’re doing it and WHAT to do about it 21
    22. 22. ALIENVAULT LABS THREAT INTELLIGENCE: SECURITY FOR YOU, POWERED BY ALL 22
    23. 23. ALIENVAULT LABS THREAT INTELLIGENCE: COMPLETE COVERAGE TO STAY AHEAD OF THE THREAT        Network and host-based IDS signatures – detects the latest threats in your environment Asset discovery signatures – identifies the latest OS’es, applications, and device types Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems Correlation rules – translates raw events into actionable remediation tasks Reporting modules – provides new ways of viewing data about your environment Dynamic incident response templates – delivers customized guidance on how to respond to each alert Newly supported data source plug-ins – expands your monitoring footprint 23
    24. 24. CUSTOMER SUCCESS
    25. 25. ACHIEVING COMPLETE VULNERABILITY MANAGEMENT  Unify your security monitoring controls for better visibility into vulnerabilities  Use emerging threat intelligence to prioritize remediation  Evolve from checklist reporting to true risk reduction
    26. 26. NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join us for a LIVE Demo! http://www.alienvault.com/marketing/alienvaul t-usm-live-demo Questions? hello@alienvault.com

    ×