We will highlight the benefits and drawbacks of each approach when determining the risk of different assets and analysing vulnerabilities on your network
2. Helping customers improve security posture since 2001
Full stack security assessment
Over 2,000 customers in all regions of the world
Really good at breaking technology
3. Outpost24 Template
2019
Today’s topic
3
• Pros and cons of traditional network
scanning vs agents
• How our 2 phase scanning approach fits
with agents
• Agent based data collection
• How to improve the risk view by using a
combination of techniques
• Takeaways
4. Outpost24 Template
2019
Today’s topic
4
Why risk is the new normal
Adapting to the threat landscape
Bringing in the business context
Business aligned remediation
Takeaways
View from a:
• Business perspective
• With a little added tech
6. Why do we run security assessments?
• Policy
• Compliance to standards
• Independent audit
• 3rd party verification
7. 77
Understanding security assessment
Classify and Normalize
Take Discovered data and transform
into more meaningful data
Report
View historical data which has previously been
gathered about a specific device
Continuous monitoring
Regularly check for changes
Correlate
Correlate with previously discovered
data to identify anomalies and risks
Alerts
If alerts are required due to
configuration of alerts.
Discover
Start with Raw data
9. What do we want to know?
9
Who can I get
to fix any
risks?
What security
risk does the
asset present
to my
organisation?
What is
running on
the asset?
How can the
asset be
accessed?
Where is the
asset?
10. What outcome do we want?
• Better security posture
• Adherence to internal policy
• Adherence to standards*
• Report to 3rd parties
10
*Security standards should always be seen as a MINIMUM
requirement. Just meeting them is never enough
12. What is network based Vulnerability Scanning
12
Respond
Request
VM
Scanner
• Send a list of things to do
• Send a list of information to gather
• Scanner requests, endpoint responds
Network connection required during scan
13. Benefits of network based vulnerability scanning
• Enhanced visibility
• See it, scan it
• Zero host maintenance
• Authenticated and unauthenticated capabilities
• Policy changes are instant
• Less host OS overheads
13
14. What is Agent based scanning
14
Request VM
Scanner
Install
Network connection only required to report information
Respond
15. Benefits of agent based vulnerability scanning
• “Martini” scanning (Anytime, Any Place, Anywhere)
• Lower network utilization
• Suits a more fluid network
• Supports a remote workforce
• Can be integrated into a build process
• No credential or PAM integration requirement
• Better ‘Zero-Trust’ support
15
16. 16
• Processing is achieved centrally
1. Scanner request information
2. Endpoint returns facts
3. Scanner processes vulnerabilities
• Build a blueprint of the host
Common benefits
17. • Network traffic increase
• Won’t see what’s not connected
• Likely to be a LOT more ‘commodity’
assets
• Leads to complicated architectures
• Impacted by network changes
17
• Can’t install an agent on everything
• Requires maintenance
• Host overheads
• Security implications
• ANOTHER agent
And the cons..
Network based Agent based
19. Why are you vulnerability scanning?
• What are you trying to protect?
1. Perimeter
2. User networks
3. Server/Network Infrastructure
• Are there any network limitations?
• Are there any local environment restrictions?
• Do you have a specific problem to solve?
20. I want to scan my servers/infrastructure
20
VM
Scanner
21. I want to scan my mobile workstations
21
VM
Scanner
22. Defense in Depth
22
VM
Scanner
Network based vulnerability scan
• Server Infrastructure
• Network Infrastucture
Agent based vulnerability scan
• Mobile workforce
• Adhoc Server Infrastucture
23. Where else might I need coverage?
• Cloud Instance assessment
• Container assessment
• Mobile devices
• IoT endpoints
• Device validation
23
25. • Important to know WHY you are
running vulnerability scanning
• Understand what you are trying to
achieve
• All vulnerability scanning has good
and bad points
• No right or wrong way
• Hybrid approach that meets business
& security needs is always the most
beneficial
Takeaways