1 AN XML-BASED DATA MODEL FOR VULNERABILITY ASSESSMENT REPORTS George Valvisland Despina polemi2 ' University of Pireaus, Informatics Department, Karaoli & Dimitriou 80 Pireaus 18534, Greece * University of Pireaus, Informatics Department, Karaoli & Dimitriou 80 Pireaus 18534, Greece duoleiniia!uniui.g~ Abstract: Key words Periodic vulnerability assessment (VA), used to uncover and correct vulnerabilities, is a common intrusion prevention technique. Although the VA tools that perform those assessments, report similar information, there are tool specific differences. Unfortunately, trying to combine the output of these tools would require separate parsing tools to address the significant low-level differences. A new data model (Vulnerability Assessment Report Format - VARF) is presented in this paper in order to define data formats for sharing information of interest to VA and to facilitate the interaction with the risk management process. As a proof of concept a set of XSLT transformations was built in order to transform the results of an open source VA tool to a VARF compliant report enabling further processing of the results. Vulnerability assessment, XML modeling 1. INTRODUCTION Although organizations understand the consequences of being insecure, their response time to the security challenges, by finding and applying appropriate security fixes or configurations, is not prompt. With the increasing sophistication and scalability of attacks [I], such an approach will provide diminishing returns. A major challenge when performing a vulnerability analysis of a businesscritical system today is the fact that the surrounding IT infrastructure undergoes continuous changes, the risk analysis and remediation planning are based primarily on human resources and the correlation of the technical vulnerabilities and exposures to business impact is complex. Vulnerability assessment tools are a valuable aid in this area, as they automate the process of identifying vulnerabilities. However, vulnerability assessment tools reveal a large volume of known weaknesses, the majority of which are not critical. This leaves the task to prioritize the mitigation of the vulnerabilities to the security personnel; a task that takes time to deliver, producing a long window of exposure.
2 514 George Valvis, Despina Polemi Also, various vendors of vulnerability assessment tools use different terminology to explain the same issue and there is a lack of machine-readable information. Thus, although the data provided by vulnerability assessment reports are detailed, are presented in an ambiguous textual form or in a proprietary data format. The effect is that a vulnerability report has become tightly coupled to specific tool and cannot easily be shared across different tools. This lack of common ground has hampered the ability to integrate diverse sources of available security data more effectively. The result is twofold: the security personnel are overloaded with redundant data and it is not feasible to fully utilize all possibly available data in making the most accurate diagnosis. On the other hand the development of commonly agreed or standardised and extensible exchange formats will enable interoperability between commercial, open source, and research systems, allowing users to deploy their preferred systems according to their advantages in order to obtain an optimal implementation with improved response time. In general, a standardised format in vulnerability assessment will provide increased efficiency of vulnerability assessment results: Extensibility and flexibility: providing data in extensible and flexible format could facilitate the collaboration and simplify the integration of information generated by heterogeneous sources. Broader analysis: the co-use and combination of more than one complementary vulnerability assessment tools increases the likelihood that more reported vulnerabilities are taken into consideration. Our goal in this paper is to propose a "common ground" in the vulnerability assessment area providing the Vulnerability Assessment Report Format (VARF) data model. VARF based on emerging standardization efforts in the security field, outputs assessment information in XML. It is designed to facilitate the extraction of meaningful, tool-independent information to address the vulnerability assessment needs. This paper has been organised as follows: In section 2 we present a condensed overview of standardization efforts on vulnerability schemes and description languages. Section 3 describes the VARF model and subsequently section 4 demonstrates some applications of the model. The last section concludes with some experience statements and a rough outlook on future directions. STANDARDIZATION ACTIVITIES This section introduces the main standardization and research efforts on XML-based vulnerability schemes and description languages.
3 An XML-based data model for vulnerability assessment reports 2.1 Common Vulnerabilities and Exposures (CVE) CVE  is a dictionary of information security vulnerabilities and exposures that aims to provide common names for publicly known weaknesses. The goal of CVE is to standardize the names of vulnerabilities and make it easier to share data across separate vulnerability databases and security tools. 2.2 Open Vulnerability Assessment Language (OVAL) OVAL  standardizes how to test for the existence of those vulnerabilities, based on system configuration information. The vulnerabilities are identified with a CVE number by OVAL queries, which perform the checks. A synopsis section accompanies the OVAL query that should include information related to two main items: the vulnerable software and the vulnerable configuration(s). Currently individual platform-specific XML schemas have been developed. In order to use OVAL, an operator should install the OVAL definition interpreter and use the specific OVAL schema that is defined for her platform. 2.3 The Common Vulnerability Scoring System (CVSS) The CVSS  is designed to provide a composite score representing the overall security and risk a vulnerability represents. Using CVSS, the security personnel will have the basis for a common language with witch to discuss vulnerability severity. It is a modular system with three distinct groups that combine the characteristics of vulnerability. Each of these qualities or "metrics" has a specific way of being measured and each group has a unique formula for combining and weighing each metric. The three groups are the base, the temporal and the environmental group. The base group contains all of the qualities that are intrinsic to any given vulnerability that does not change over time or in different environments. The temporal group contains the characteristics of vulnerabilities that are time-dependant and change as the vulnerability ages. Finally, the environmental group contains the characteristics of vulnerabilities that are tied to implementation and are specific to a user's environment.
4 516 George Valvis, Despina Polemi 2.4 Extensible Configuration Checklist description Format (XCCDF) The XCCDF specification  defines a data model and format for storing results of benchmark compliance testing. An XCCDF document is a structured collection of security configuration rules for a specific set of target systems. The model and its XML representation are intended to be platformindependent and portable, to foster broad adoption and sharing of rules and support information interchange, document generation, environmental tailoring, compliance testing and scoring. 2.5 Open Security Organization Advisory and Notification Markup Language (ANML) The Open Security Organization (OpenSec)  is developing a framework of XML-based technologies to aid system management. The technologies planned for development include: Advisory and Notification Markup Language (ANML) to describe security advisories and other types of notifications in consistent and machinereadable way. System Information Markup Language (SIML), for describing a system's properties and providing a detailed inventory of software, hardware, and configuration information that will allow management software to assess the status of a system. Software Description Markup Language (SDML), for describing the properties of software and its environment. 3. VULNERABILITY ASSESSMENT REPORT FORMAT DATA MODEL (VARF) The Vulnerability Assessment Report Format data model is designed, based on the emerging standardization efforts of Intrusion Detection Working Group  and Incident Handling Working Group , to provide a standard representation of vulnerability assessment report in an unambiguous fashion. This could permit the association between reports generated by vulnerability assessment tools that address system and network level vulnerabilities. The top-level class for all VARF messages is VulnerabilityReport; each type of message is a subclass of this top-level class. There are presently two types of messages defined; Reports and ScanAlerts. Within each message, subclasses of the message class are used to provide the detailed information
5 An XML-based data model for vulnerability assessment reports 517 carried in the VARF message. It is important to note that the data model does not specify how vulnerabilities in system and network level should be classified or identified. However, once a vulnerability assessment tool has determined the type of vulnerability that exists, the model dictates how that vulnerability information could be formatted. VARF does not deal with the formatting of application level vulnerabilities (like the schemas presented in section 2). In this section, the individual components of the VARF data model are explained in detail. Some UML diagrams of the model are provided to present how the components are related to each other, and the relevant sections of the XML DTD are presented to indicate how the model is translated into XML. Figure 1 depicts the relationship between the principal components of the data model (due to limited space occurrence indicators and attributes are omitted). Figure I. Data model overview.
6 5 18 George Valvis, Despina Polemi The VulnerabilityReport Class: All VARF reports are instances of the VulnerabilityReport class; it is the top-level class of the VARF data model, as well as the VARF DTD. There are currently two types (subclasses) of VulnerabilityReport the Report and the ScanAlert. Because DTDs do not support sub classing, the inheritance relationship between VulnerabilityReport and the Report and ScanAlert subclasses have been replaced with an aggregate relationship. This is declared in the VARF DTD as follows: <!ENTITY % '1.0' "> attlist.varf "version CDATA #FIXED <!ELEMENT VulnerabilityReport ( ) > Report, ScanAlert <!ATTLIST VulnerabilityReport %attlist.varf;> The VulnerabilityReport class has the single attribute Version, which is the version of the VulnerabilityReport specification this message conforms to. Report class: The Report is generated every time a vulnerability assessment tool is deployed. The Report is composed of three aggregate classes which are: Scanlnformation (exactly one), which contains identification information for the vulnerability tool that generated the report. Targetlnformation (exactly one), that contains identification information for the target of evaluation. Results (exactly one) that contains all the useful assessment results. ScanAlert class (Figure 2): The ScanAlert (exactly one) is modeled on the IODEF IncidentAlert, but it provides a different type of functionality. In the same manner, that the IncidentAlert is used to simply alert the occurrence of an incident and provide relevant information (such as raw IDMEF messages), the ScanAlert may alert an intrusion detection management system that a scan is going to be performed against the hosts specified in the ScanAlert. By taking this information into account, false positives could be suppressed by a correlation engine. As part of this alert, the scanner would provide Scanlnforrnation and Targetlnformation. t"-""l- :a Scanlnforrnation Targetlnforrnation Figure 2. The ScanAlert Class.
7 An XML-based data model for vulnerability assessment reports 519 The Scanlnformation class carries additional information related to the conducted vulnerability assessment. The aggregate classes that make up Scanlnformation are the Tool, Scanner, OS and Date: The Tool class (exactly one) includes the name attribute, which is the name of the tool that performed the assessment and the Version class (zero or one), which is the version of the deployed VA tool. Scanner class (exactly one): The aggregate class that makes up Scanner is Name, which is the host name of the machine where the VA tool is installed. OS (zero or one): The name of the OS of the host where the VA tool is installed, e.g. Linux. Date: (exactly one): Information about the time that the assessment occurred. The aggregate classes that make up Date are Start (exactly one) and End (exactly one). Start and End are date time strings that identify the particular instant in time that the vulnerability assessment session was started and ended respectively. The Targetlnformation Class provides basic information about the assessed nodes. The aggregate class that make up Targetlnformation class is Node. The Node class is composed by the Name (exactly one), which provides the host name of the target of evaluation and Address (exactly one), which is the IP address of the node that is the target of evaluation. The Results Class: The Results element is meant to take the place of SARA vulnerability assessment tool  Details and Nessus [lo] Results. It is closely tied to the IODEF Attack class, which in turn shares a great deal of structure with IDMEF Alerts. The aggregate class that makes up Results class is Target (figure 3). Target (one or more): It includes the full assessment information discovered by the tool. The aggregate class that make up Target class are: Node (exactly one): It includes basic information about the node. OS (zero or one): It includes information about the operating system. Date (exactly one): It includes information about the time that the assessment occurred of the specific target. Targetsummary (zero or one): The elements that are included are the Number of services, Number of security holes, Number of security warnings, Number of security notes. Service class (zero or more), which is made up by the classes Name (zero or one), Number (zero or one), Protocol (exactly one), Vulnerability (zero or more). By using the IDMEFIIODEF Target class, a related format for representing the 'host' specific information is achieved. This includes support for the standard types of address that Nessus and SARA vulnerability
8 George Valvis, Despina Polemi assessment tools support. Other different types of addresses and names, as defined in the IDMEF draft could be included. By using the IODEF version, it is also possible to accommodate the type of operating system for a target, useful for tools make use of stack fingerprinting and other OS detection techniques. TargetIA Nodelw name I 10-1 protocol / Figure 3. The Target class This is declared in the VARF DTD as follows: ELEMENT Results (Target+) > ELEMENT Target ( Node, OS?, Date, Summary?, Service*) > ELEMENT Service ( Name?, Number?, Protocol, Vulnerability*) > The aggregate classes that make up Vulnerability class (Figure 4) are Name (exactly one), Family (zero or one), Summary (zero or one), Category (zero or one), Classification (zero or more), Assessment (zero or more), Data (zero or one). The Data element contains additional textual information related to the reported vulnerability and provides a catchall rule to accommodate items that have not been directly addressed by the data model. The ClassiJication class provides the name of vulnerability, or other information allowing the analyst to determine what it is. The purpose of the Classification element is to allow the analyst who receives the Vulnerability
9 An XML-based data model for vulnerability assessment reports 52 1 message to be able to obtain additional information. To accommodate this, a name and an URL are included. The current list of valid source values includes "unknown", "vendor-specific", and CVE. The Classification class is composed of two aggregate classes. The aggregate classes that make up ClassiJication are: Name (exactly one): The name of the vulnerability (e.g. CAN ), from one of the origins listed below. URL (exactly one): A URL (string) at which the risk analyst may find additional information about the vulnerability. The document pointed to by the URL may include an in-depth description of the vulnerability, appropriate countermeasures, or other information deemed relevant by the vendor. &[ Family 1 Summary j Classification 1 */ R Name 1 1 Figure 4. The Vulnerability class. This is declared in the VARF DTD as follows. <!ELEMENT Vulnerability ( Name, Family?, Summary?, Category?, Data?, Classification*, Assessment*) > Table I. The values of the Origin attribute Origin attribute Explanation Unknown Origin of the name is not known Bugtraqid The Security Focus vulnerability database identifier [l 11 CVE The common Vulnerabilities and Exposures name Vendor-specific A vendor-specific name and hence, URL; it can be used to provide product specific information
10 522 George Valvis, Despina Polemi The Classijication class has the attribute Origin (required), which provides the source from which the name of the alert originates. The attribute's values and their explanations are given in table 1. The default value is "unknown". The Assessment class provides information related to the VA tool's assessment of a discovered vulnerability, its severity and the related risk. The Assessment class is composed of two aggregate classes: Severity (exactly one): The VA tool's assessment of the impact that the vulnerability might have. Risk (exactly one): The level of risk that the discovered vulnerability poses. This is declared in the VARF DTD as follows. ( unknown I bugtraqid I cve 1 vendor-specific )"> <!ELEMENT Classification ( name, url ) > <!ATTLIST Classification %attvals.origin; ' unknown ' > <!ELEMENT Assessment ( Severity, Risk ) > By introducing the VARF model, an end user of vulnerability assessment tools would have an extended ability to process vulnerability information. The next section tries to demonstrate this enhancement. 4. PROOF OF CONCEPT The previous section detailed an approach to represent infrastructure level vulnerability data as XLM documents. In this section we will discuss some applications that could use these representations. 4.1 Vulnerability reports The most obvious place to implement VARF is in the data path between a vulnerability assessment tool and the database that collects all the risk analysis information. A set of scripts was built in order to transform the output of Nessus open source vulnerability assessment tool to a VARF compliant report (Figure 5). The outcome of the transformation extracts the asset information and groups together the associated vulnerabilities.
11 An XML-based data model for vulnerability assessment reports U I VARF Vulnerability assessment Nessus v2.x XML Figure 5. Nessus to VAFR tranformation. By transforming Nessus data in VARF format, the data are better structured and further transformations to other formats (e.g. HTML) that integrate to the IT needs of an organization become feasible. This enhanced structure allows for further transformations to be delivered in order to satisfy organization needs for other data formats (for example to transform a VARF report to an HTML page is quite trivial). 4.2 Vulnerability diagrams A visualisation of the reported vulnerabilities can be achieved by producing a tree-structured diagram. Figure 6 depicts the direct association between network assets and vulnerabilities. This diagram could increase the readability of the results and help to ensure that fewer discovered vulnerabilities go unnoticed. Figure 7 shows a process that enables us to generate vulnerability diagrams. VARF based vulnerability reports, obtained with the method explained in the previous paragraph, were feed to the Graphviz open source graph drawing software  that produced the diagrams in image format (GIF, JPEG, etc). Since Graphviz only accepts input complied with a particular format, the VARF based reports need to be processed by additional XSLT transformation before presented to the drawing software. Being in XML format this in not complicated.
12 George Valvis, Despina Polemi Figure 6. Vulnerability diagram. Also, by deploying the Graphotron open source tool  the development of the Graphviz XSLT transformation can be further simplified. (Step 1) VARF XML to D~agram XML El- - VARF XML Dot f~le A (Step 2) Dlagam to Diagram Dot Vulnerabllrj Diagram (Dot: Graphviz tool compliant format) Figure 7. Producing a vulnerability diagram We actually perform vulnerability assessment on a number of segments of our campus switched network. By processing the results using our VARF based transformations their visibility was increased and the administration task was simplified. Other places where the VARF could be useful is an event correlation system that would accept vulnerability assessment reports and IDS alerts from a variety of vulnerability assessment and intrusion detection tools and perform
13 An XML-based data model for vulnerability assessment reports 525 cross-comelation and cross-confirmation computations in order to provide more focused assessments of high-priority threats. The Report(s) will detail vulnerable systems and have the potential to be easily used for automatic validation of perimeter defenses, by comparing Results and IDMEF's Alerts since both are XML based datasets. CONCLUSIONS The increasing complexity of today's IT dependent systems urges the improvement of existing methods for analysing systems in order to increase the likelihood that all possible threats and vulnerabilities are taken into consideration. Many current tools address vulnerabilities in the context of a single host. However, due to their proprietary nature and lack of standardisation, the effectiveness of their large reports, is constrained. In order to reduce the window of exposure, the security personnel need a way to set priorities and reduce the volume of vulnerabilities generated by the tools down to the few critical risks that matters. A short overview of the standardisation efforts that focus on the information systems security was given on the section 2. An area of potential improvement, which could enhance communication between existing security tools, products and groups, has been identified and the Vulnerability Assessment Report Format XML data model, based on the IDMEF work, was proposed in sections 3. By introducing the VARF model, an end user of vulnerability assessment tools would have a standards based format to describe vulnerabilities that would allow sharing information easier and combining it with other data sets from a variety of compliant tools and systems. If XML is chosen as an implementation it is possible to immediately combine the assessment information with intrusion detection information (assuming that the latter is IDMEF compliant). For example, local statistics, from the intrusion alerts, could be used to perform focused assessments of high-priority threats. In addition, if there were reasons for sharing assessment information in a manner similar to the sharing of IDMEF messages via IODEF in order to gather statistics, the suggested data format would simplify this exchange of information. It is established that having a common format or framework encourages vendors to invest in new or improved products, services and approaches. As proof of concept XML technologies like XPath and XSLT were deployed to process vulnerability assessment data reported by Nessus open source vulnerability assessment tool and produce vulnerability diagrams, in
14 526 George Valvis, Despina Polemi order to indicate how VARF data model may contribute to the optimisation of the vulnerability management effort. We plan to scale up the vulnerability assessments on our campus network including more segments and increasing the number of the assessed hosts. Finally, it is our intention to extend the assessment operations to web services by deploying WSDL and SOAP . REFERENCES 1. CERT Coordination Centre, Overview of Attack Trends, (June 4, 2004); 2. D.Mann and S.Christey, Towards a Common Enumeration of Vulnerabilities, (January 8, 1999); 3. Open Vulnerability Assessment Language XML specification page, (June 4, 2004); 4. Common Vulnerability Scoring System (CVSS), (April 14,2005); 5. Extensible Configuration Checklist Description Format (XCCDF) specification, (April 18, 2005); 6. OpenSec, The Open Security Project, (January 7,2005); 7. IETF Intrusion Detection Working Group, (January 7, 2005); 8. Incident Object Description and Exchange Format Working Group (IODEF WG), (January 7, 2005); 9. The Security Auditor's Research Assistant (SARA), (March 7, 2005); Nessus vulnerability assessment tool, (March 7, 2005); SecurityFocus Bugtraq Searchable Database by Keyword. (January 12, 2004); Graphviz, an Open source graph drawing software, (September 20, 2004); Graphotron (September 20, 2004); F. Curbera, M. Duftler, R. Khalaf, W. Nagy, N. Mukhi, and S.Weerawarana, Unraveling the Web Services Web: An Introduction to SOAP, WSDL, and UDDI, IEEE Internet Computing, Vol. 6, No. 2, Mar.-Apr. 2002, pp
I3E'2005 Vulnerability Assessment Report Format Data Model Dr.D.Polemi G.Valvis Issues Attack paradigm Vulnerability exploit life cycle Vulnerability assessment process Challenges in vulnerability assessment
Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum email@example.com September 2011 Overview What is SCAP? Why SCAP?
IETF INCH Working Group Meeting 5 th August 2004, San Diego CA US Extending the Charter: Addressing Vulnerability and Exploit Information Ian Bryant Head, Capability Development Group & Co-Chair, TF-CSIRT
An Approach to Vulnerability Management, Configuration Management, and Technical Policy Compliance Presented by: John Banghart, Booz Allen Hamilton SCAP Validation Project Lead Thoughts on Current State
UNCLASSIFIED Security Content Automation Protocol for Governance, Risk, Compliance, and Audit presented by: Tim Grance The National Institute of Standards and Technology UNCLASSIFIED Agenda NIST s IT Security
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
Continuous Monitoring Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity. Continuous Monitoring Continuous monitoring of information systems
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
An Enterprise Continuous Monitoring Technical Reference Architecture 12/14/2010 Presenter: Peter Mell Senior Computer Scientist National Institute of Standards and Technology http://twitter.com/petermmell
PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL
The Ontological Approach for SIEM Data Repository Igor Kotenko, Olga Polubelova, and Igor Saenko Laboratory of Computer Science Problems, Saint-Petersburg Institute for Information and Automation of Russian
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and risk management Describe the components of risk management List
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
National Infrastructure Security Coordination Centre 12 th TF-CSIRT Meeting 28 th May 2004, Hamburg DE Vulnerability and Exploit Description and Exchange Format (VEDEF) Working Group Ian Bryant VEDEF Co-Chair
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Vulnerability Management Information Technology Audit For the Period July 2010 to July 2011 May 22, 2012 Report
COMMON EVENT EXPRESSION (CEE) OVERVIEW The CEE Editorial Board 4 November 2010 VERSION: 1.0 EDITORS: Eric Fitzgerald, Microsoft Corporation Dr. Anton Chuvakin, Security Warrior Consulting Bill Heinbockel,
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
Towards security management in the cloud utilizing SECaaS JAN MÉSZÁROS University of Economics, Prague Department of Information Technologies W. Churchill Sq. 4, 130 67 Prague 3 CZECH REPUBLIC firstname.lastname@example.org
Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise 1. Introduction Information security means protecting information
Organizational Return on Investment Using Tenable Products April 2005 (Updated January 2009) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 RETURN ON INVESTMENT SUMMARY... 3 ADVANTAGES... 3
Vulnerability Scan Results in XML Vulnerability scan results may be downloaded in XML format from the scan history list. The vulnerability scan results in XML format contains the same content as the vulnerability
Detection and mitigation of Web Services Attacks using Markov Model Vivek Relan RELAN1@UMBC.EDU Bhushan Sonawane BHUSHAN1@UMBC.EDU Department of Computer Science and Engineering, University of Maryland,
Secunia Vulnerability Intelligence Manager (VIM) 4.0 In depth Real-time vulnerability intelligence brought to you on time, every time, by Secunia s renowned research team Introduction Secunia is the world-leading
RATIONALIZING THE MULTI-TOOL ENVIRONMENT INTRODUCTION Over time, businesses are likely to acquire multiple, redundant tools for monitoring the availability, performance and capacity of their IT infrastructure.
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
Frequently Asked Questions Internet Scanner 7.0 Frequently Asked Questions April 2003 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS) Internet Scanner
Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.2. Administration The 6 th A 1 of 26 The previous section described how to improve IT security through use of better development
Manage Vulnerabilities (VULN) Capability Data Sheet Desired State: - Software products installed on all devices are free of known vulnerabilities 1 - The list of known vulnerabilities is up-to-date Desired
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
The Days of Feeling Vulnerable Are Over: Best Practices in Vulnerability Management An EiQ Networks White Paper The Need for Vulnerability Management Vulnerabilities are potential holes introduced by flaws
A Study of Design Measure for Minimizing Security Vulnerability in Developing Virtualization Software 1 Mi Young Park, *2 Yang Mi Lim 1, First Author Science and Technology Policy Institute,email@example.com
Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS
FDCC & SCAP Content Challenges Kent Landfield Director, Risk and Compliance Security Research McAfee Labs Where we have been 1 st Security Automation Workshop nearly 20 people in a small room for the day
T-110.5140 Network Application Frameworks and XML Web Services and WSDL 15.2.2010 Tancred Lindholm Based on slides by Sasu Tarkoma and Pekka Nikander 1 of 20 Contents Short review of XML & related specs
CERT Exercises Toolset 49 49 6. Exercise: Writing Security Advisories Main Objective Targeted Audience Total Duration Time Schedule Frequency The objective of the exercise is to provide a practical overview
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 INTRODUCTION N4Secure is a Threat Intelligence managed service. By monitoring network traffic, server traffic, scanning for internal
One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
WP. 2 ENGLISH ONLY UNITED NATIONS STATISTICAL COMMISSION and ECONOMIC COMMISSION FOR EUROPE CONFERENCE OF EUROPEAN STATISTICIANS Work Session on Statistical Data Editing (Bonn, Germany, 25-27 September
XML Processing and Web Services Chapter 17 Textbook to be published by Pearson Ed 2015 in early Pearson 2014 Fundamentals of http://www.funwebdev.com Web Development Objectives 1 XML Overview 2 XML Processing
SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference Presentation Overview 1. The Business Challenge 2. Securing Voice over IP Networks 3. The ISA VoIP Security
Security Testing and Vulnerability Management Process for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India.
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Penetration testing Introduction Evaluation scheme Security Analyses of web applications Internal Security
CDM Vulnerability Management (VUL) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Vulnerability Management Continuous Diagnostics and Mitigation
Transformational Vulnerability Management Through Standards Robert A. Martin MITRE Corporation The Department of Defense s new enterprise licenses for vulnerability assessment and remediation tools [1,2]
Security compliance automation with Red Hat Satellite Matt Micene Solution Architect, DLT Solutions @cleverbeard @nzwulfin Created with http://wordle.net Compliance is a major problem About half of the
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) econsent Trial Project Architectural Analysis & Technical Standards Produced
Data Sheet Cisco Security IntelliShield Alert Manager Service The Cisco Security IntelliShield Alert Manager Service provides a comprehensive, cost-effective solution for delivering the security intelligence
TECHNICAL NOTE 08/04 IINTRODUCTION TO VULNERABILITY ASSESSMENT TOOLS 1 OCTOBER 2004 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
Actionable information for security incident response Cosmin Ciobanu 2015 European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information
NIST Interagency Report 7800 (Draft) Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT) David Waltermire, Adam Halbardier,
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
ADDENDUM 4 TO APPENDIX 3 TO SCHEDULE 3.3 TO THE Statement of Technical Approach for Security Services The Security Services technical approach is focused on the personnel, systems and security necessary
Service Oriented Architecture Charlie Abela Department of Artificial Intelligence firstname.lastname@example.org Last Lecture Web Ontology Language Problems? CSA 3210 Service Oriented Architecture 2 Lecture Outline
Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010 Threats and vulnerabilities are a way of life for IT admins.
Correlating IDS Alerts with Vulnerability Information May 11, 2011 (Revision 4) Ron Gula Chief Technology Officer Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 TSB Briefing to the Regional Offices, 28 Feb 2011 Martin Euchner Advisor of ITU-T Study Group 17 Martin.Euchner@itu.int
User s Guide Skybox Risk Control 7.0.0 Revision: 11 Copyright 2002-2014 Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox Security and is
Publication Date: Aug 12, 2014 Solution Brief EventTracker Enterprise v7.x EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical solutions that
A New Standard for Internationalization and Localization of XML Felix Sasaki World Wide Web Consortium 1 San Jose, This presentation describes a new W3C Recommendation, the Internationalization Tag Set