RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network

665 views

Published on

Skybox has a complete portfolio solving many common problems in enterprise cyber security. In the Vulnerability and Threat Management space we offer solutions that span the entire process of discovering and remediation vulnerabilities. Liran Chen from Skybox, will be showing how our scanless vulnerability discovery feature can make a huge impact on reducing risk in the enterprise.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
665
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network

  1. 1. Risk Analytics for Cyber Security Liran Chen Technical Director
  2. 2. Risk Control’s Differentiators: Discovery Discovery Analysis Remediation Scanless: Vulnerability Detector  Scanless vulnerability assessment, finds vulnerabilities from existing repositories without a scan Advantages: ■ © 2013 Skybox Security Inc. Automatically and accurately deduces vulnerabilities  Provides faster scan cycles (hours or even minutes)  Delivers continuous, up-to-date discovery  Covers all nodes including difficult-to-scan systems, e.g. critical systems, mobile devices, cloud assets 2
  3. 3. Ask Yourself… How Well is our VM Program Working? Discovery Analysis and Prioritization How often is vulnerability data collected? How much of the network is covered? Is scanning disruptive to the business? Does the VM approach consider the network and security controls context? Are we prioritizing by exploitation risk? Remediation How fast are critical vulnerabilities fixed? Do we consider alternatives to patching? Is risk level going up or down over time? © 2013 Skybox Security Inc. 3
  4. 4. Vulnerability Discovery Augment Active Scans with Daily Updates Active Scanner Skybox Vulnerability Detector Skybox Vulnerability Dictionary Asset Database Threat Intel Patch Database Product Catalog (CPE) Rule-based Profiling Consolidated Vulnerability List (CVE) Updated Daily © 2013 Skybox Security Inc. 7
  5. 5. With or Without a 3rd Party Scanner Continuous View of Vulnerabilities Combining 3rd party and Skybox Vulnerability Detector data gives constant vulnerability knowledge 100% Skybox Vulnerability Detector Q 50% 3rd party scanner Month 1 © 2013 Skybox Security Inc. Time Month 2 8 Month 3
  6. 6. Vulnerability Dictionary  Most comprehensive vulnerability data source  41,000 vulnerabilities on 1,000 products  Vulnerability Research Team consolidates info from 20+ sources. Latest advisories, scanners, IPS, others  Additional data analysis, modeling, info added for use by Skybox analytics engine  CVE compliant, CVSS v2 standard, cross-referenced  Also contains vulnerabilities not found in CVE list © 2013 Skybox Security Inc. 9
  7. 7. Vulnerability information sources  The Vulnerability Dictionary aggregates data from these sources: © 2013 Skybox Security Inc. 10
  8. 8. Vulnerability Detector supported platforms Operating Systems © 2013 Skybox Security Inc. Network Devices Enterprise service Applications 11 Client side Applications
  9. 9. Summary  Augment your scanner with Risk Control to get better discovery – analysis and remediation reporting.  Discover vulnerabilities across your entire enterprise – especially in places you currently don’t scan  Discover vulnerabilities within days of announcement, not weeks or months © 2013 Skybox Security Inc. 13

×