The document outlines best practices for next-generation vulnerability management, emphasizing the need for a shift from traditional methods due to rising risks and compliance demands. It highlights the importance of automated, non-disruptive discovery and risk-based prioritization in effectively addressing vulnerabilities. The key steps presented include understanding exploitable vulnerabilities, increasing assessment coverage and frequency, and leveraging risk analytics for informed decision-making.

1. Gidi Cohen
CEO and Founder, Skybox Security
Infosec London, April 2013
Best Practices for Next-Generation
Vulnerability Management

2. © 2013 Skybox Security Inc. 2
Skybox Security Overview
 Predictive risk analytics for best decision
support
 Complete visibility of network and risks
 Designed for continuous, scalable
operations
Leader in Proactive Security Risk Management
Proven Effective in Complex Network Environments

3. © 2013 Skybox Security Inc. 3
Vulnerability Management is Not Dead
… It Is Just Not Working
Risks Levels Keep Rising
Compliance,
continuous
monitoring
Proliferation of
mobile, cloud
Protect against
financial loss due
to cybercrime
Deal with
advanced
threats, targeted
attacks
Need to secure
new services
and users

4. © 2013 Skybox Security Inc. 4
Is Your Vulnerability Management Program
Keeping Pace?
Then
Now
Find Analyze Fix

5. © 2013 Skybox Security Inc. 5
2012 Survey Highlights the Vulnerability
Discovery Gap
0
50
100
150
200
250
300
350
60% 70% 80% 90%
Frequencycycles/year
% of Network Scanned
How often do you scan? How much coverage?
Critical systems, DMZ
Scan every 30 days
50-75% of hosts
To keep pace with threats?
Daily updates
90%+ hosts
?

6. © 2013 Skybox Security Inc. 6
We just don’t need to scan more
Unable to gain credentialed access to scan
portions of the network
The cost of licenses is prohibitive
Some hosts are not scannable due to their use
We don't have the resources to deal with
broader patching activity
We don’t have the resources to analyze more
frequent scan data
We are concerned about disruptions from
scanning 59%
58%
41%
34%
29%
12%
5%
Reasons that respondents don’t scan more often
Disruptive, Inaccurate Picture of Risk
Challenges with Traditional Scan Approach

7. © 2013 Skybox Security Inc. 7
All vulnerabilities in
environment
30,000
Identified by scanner
50-75%
Naïve Analysis Results in Costly and
Ineffective Remediation
Attack vectors
using
exploitable
vulnerabilities
Patch/FixUnneeded
patching

8. © 2013 Skybox Security Inc. 8
Now
First Generation Vulnerability Management
Processes Are No Longer Effective
30-60 days to scan
and catalog 75% of
vulnerabilities
2-4 weeks to
analyse, and still
get it wrong
60 days to patch,
£ 200,000 per year
Cycle Time: Typically 2-4 months
New vulnerabilities, threats, changes: Hundreds per day
Result: Risk level never reduced
Find Analyze Fix
Big Disconnect …

9. © 2013 Skybox Security Inc. 9
Self-Test:
What are Your VM Program Challenges?
Discover
Analyse and
Prioritise
Mitigate
How often is
vulnerability data
collected?
How much of the
network is covered?
Is scanning disruptive
to the business?
Are you able to find
alternatives to
patching?
Do you prioritise
by possible
business
impact?
Are you
considering the
network context?
Is risk level
increasing or
decreasing
over time?
Continuous, Automated, Scalable?

10. © 2013 Skybox Security Inc. 10
Discover
Analyse and
Prioritise
Mitigate
Introduction to
Next Generation Vulnerability Management
 Non-disruptive
discovery
 Scalable
 Automated analysis
 Risk-based
prioritisation
 Using network and
security context
 Actionable
 Optimal
 Easy to track
Scalable Program to Address Critical Vulnerabilities
Continuously and Efficiently

11. © 2013 Skybox Security Inc. 11
Vulnerability Discovery:
Use the Right Approach for Your Network
Asset
Data
Patch
Data
Threat
Intel.
Active Scanning
Non-disruptive
Scan-less Detection
Continuous identification
Relevant vulnerabilities
Infrequent scanning
Large number of vulnerabilities

12. © 2013 Skybox Security Inc. 12
All vulnerabilities in
environment
30,000
Identified vulnerabilities
90+%
Automated Analysis – Attack Surface,
Exploitable Attack Vectors, Risks
Prioritise by
potential
impact
Attack
Surface
Patch/
Fix
Efficient
remediation

13. © 2013 Skybox Security Inc. 13
Risk Analytics: Modeling and Attack Simulation
to Find Exploitable Vulnerabilities
Compromised
Partner
Attack
Simulations
Rogue
Admin
Internet
Hacker

14. © 2013 Skybox Security Inc. 14
Actionable Remediation Process,
Leveraging Attack Vectors Information
Install security
patch on server
Change
firewall access
rule
Activate
signature on
IPS

15. © 2013 Skybox Security Inc. 15
High Level Visibility for Vulnerability Management
Monitor Impact and Risk Metrics over Time
Most Critical
Actions
Vulnerabilities
Threats

16. © 2013 Skybox Security Inc. 16
Comparison – Old and Next Generation VM
Old Generation Next Generation
Discovery Scanning Only Scan-less discovery +
scanning
Analysis Manual; inaccurate Automated; risk-based
Remediation Hit & Miss with Patching Optimal risk mitigation
Scope Limited to traditional
assets
Enterprise-wide
program
Automation Only scanning;
Cycle time 2-4 months
From A-Z;
Continuous process
Effectiveness Costly program; little
benefits
Optimal Risk Mitigation

17. © 2013 Skybox Security Inc. 17
In Summary –
Steps to Effective Vulnerability Management
• Know what’s really exploitable in your network
• Rank by business impact, end unnecessary patching
• Increase coverage of vulnerability assessment
• Increase frequency of vulnerability discovery
Ensure Frequent & Complete Knowledge of Your Vulnerabilities
• Evaluate alternatives to patching
• Verify impact on risk, and track progress
Close the Loop with Optimal Mitigation and Effective Tracking
Use Risk Analytics to Determine the Exposure

18. © 2013 Skybox Security Inc. 18
Thank you
www.skyboxsecurity.com