This document outlines an agenda for a presentation on closing often missed vulnerabilities. The presentation will discuss understanding IT and security posture, the state of vulnerability management and security hygiene, challenges faced by security and IT teams in keeping up due to expanding attack surfaces. It will also discuss security strategies and the threat funnel approach of protect, detect, respond and recover. Finally, it will discuss a new innovation from SecPod called SANERNOW that aims to enable continuous posture anomaly management through automated identification and remediation of outliers.
8. 8
More Than Half Think Security Operations
is More Difficult Today vs. Two Years Ago
5 Top Reasons Why
1. Growing attack surface
2. Threat landscape
3. More cloud and SaaS usage
4. A growing number of security tools
5. Firefighting leaves no time to
improve the program
The Expanding Attack Surface
Creates More Challenges
1. More Vulnerabilities to Manage
2. Current Tools are Failing to
Support Expanding Attack
Surface
3. Modern Applications
Development and Deployment
has Increased Velocity, Requiring
New Skills
2022 ESG Research: SOC Modernization and the Role
of XDR
9. 9
47%
42%
7% 3% 1%
We have a mature vulnerability management program in place, remediating vulnerabilities within 30 days of
identification
We have a formal vulnerability management program, but we have gaps in parts of our core infrastructure
We have a formal vulnerability management program, but we are generally slow to remediate issues
Our vulnerability management program is implemented in regular maintenance windows only, unles
critical
Don’t know
Question text: How would you describe your organization when it comes to
identifying and patching software and configuration vulnerabilities? (Percent of
respondents, N=620)
Half Report Suboptimal Vulnerability Management Programs
52%
Top Ransomware 4 Entry Points
2022 ESG Research: The Long Road Ahead to Ransomware
Preparedness
19. ONE ON ONE LABORIOUS
ASSESSMENT
VS.
HOLISTIC ASSESSMENT
IDENTIFYING OUTLIERS
20. SECPOD’S
INVENTION
TO MANAGE
POSTURE
ANOMALIES
WORKSTATIONS SERVERS
VIRTUAL
DEVICES
ALL MAJOR
OSs
NETWORK
DEVICES
Enterprise IT
Infrastructure
Continuous Data Feed
Posture Anomaly
Reporting Interface
Remediation
Fixes
Posture Anomaly
Controls & Trends
POSTURE ANOMALY ANALYSIS ENGINE
Outliers Detection Rule Based Data Trend Based
Security Control
Deviations
Big Data
Store
User Inputs For
Configuration and
Whitelisting
Feedback
23. BENEFITS OF CPAM TOOL
Gain Rapid Security
Mileage
Improve Operational
Efficiency
Eliminate Hidden
Uncertainties
Take Control over
Anomaly Loopholes
24. For inquiries, contact us at: Email: info@secpod.com
WWW.SECPOD.COM
PREVENT CYBER ATTACKS.
CONTINUOUS. AUTOMATED.
TRY SANERNOW FREE
Editor's Notes
As the 2023 outlook shifts security program investment strategies, security teams face continued headwinds induced by the expansion and diversity of the attack surface that they are defending, a more advance threat landscape, and a generally more complex environment – both in what needs to be secured and the number of tools needed to do so.
Underlying these challenges is the shift to cloud and as-a-service type IT infrastructure, requiring an upgrade to skills, processes, and security tools.
Attack surface exposure begins with risk assessment and vulnerability management, which is further complicated with additional cloud investments.
Here we see that more than half recognize weaknesses in vulnerability management programs, adding risk.
The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.
Your attack surface is the totality of all vulnerabilities in connected hardware and software.
The combination of all attack vectors and all vulnerable assets within them is known as an organization’s attack surface.
Attack vectors
Specific paths that attackers use to gain unauthorized access to your environment. A simple analogy would be leaving a door or window to a building unlocked or open.
While not always exploited, these openings provide an opportunity for unauthorized entry and therefore creates risk for malicious or unwanted activities that may take place.
Common cyber-attack vectors include firewalls, DDoS attacks, malware, passwords, misconfigured APIs, and phishing – however organizations often have 100 or more attack vectors, adding lots of opportunity for risk.
Protecting an organization requires careful review of every attack vector, and a detailed understanding of all assets associate with every attack vector, and what vulnerabilities exist in them.
The combination of all attack vectors and all vulnerable assets within them is known as an organization’s attack surface. Your attack surface therefore reflects the entire area of IT infrastructure that is susceptible or exposed to potential compromise.
Thinking about security in the context of proactive and reactive strategies, I’m using a relatively simple threat funnel diagram to depict our ability to defend against the threats aimed at our organization.
Reactive strategies are typically more human-intensive activities, as shown with the stick figures on the right.
So, in a world of hiring constraints, we may want to over-rotate investments toward proactive strategies that can optimize the use of the few security resources we have.
This doesn’t eliminate reactive strategies, but can reduce them.
Thinking about security in the context of proactive and reactive strategies, I’m using a relatively simple threat funnel diagram to depict our ability to defend against the threats aimed at our organization.
Reactive strategies are typically more human-intensive activities, as shown with the stick figures on the right.
So, in a world of hiring constraints, we may want to over-rotate investments toward proactive strategies that can optimize the use of the few security resources we have.
This doesn’t eliminate reactive strategies, but can reduce them.
Thinking about security in the context of proactive and reactive strategies, I’m using a relatively simple threat funnel diagram to depict our ability to defend against the threats aimed at our organization.
Reactive strategies are typically more human-intensive activities, as shown with the stick figures on the right.
So, in a world of hiring constraints, we may want to over-rotate investments toward proactive strategies that can optimize the use of the few security resources we have.
This doesn’t eliminate reactive strategies, but can reduce them.
Let’s look closer are strategies that can help us fight back.
Ouliers, rules, data trends, deviation from standard configurations