What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options
|
|
- Cora Hoover
- 8 years ago
- Views:
Transcription
1 White paper What a Vulnerability Assessment Scanner Can t Tell You Leveraging Network Context to Prioritize Remediation Efforts and Identify Options november 2011 WHITE PAPER RedSeal Networks, Inc Freedom Circle, Suite 800, Santa Clara, Tel (408) Toll Free (888)
2 2 WHITE PAPER What a Vulnerability Assessment Scanner Can t Tell You Contents introduction: 3 Vulnerability Management Requirements 4 The RedSeal Networks Approach 8 Determine Which Actions Provide Greatest Security Improvement 10 Conclusion: 12
3 What a Vulnerability Assessment Scanner Can t Tell You WHITE PAPER 3 What a Vulnerability Assessment Scanner Can t Tell You Leveraging Network Context to Prioritize Remediation Efforts and Identify Options Introduction Vulnerability management is crucial to network security and its importance will continue to grow. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations cannot afford to neglect vulnerability management and still expect to maintain system availability and protect sensitive data. As part of a defense-in-depth security strategy, you must take a proactive approach: Vulnerabilities and weaknesses must be identified and addressed before security issues arise. Most organizations deploy network vulnerability assessment scans that enable the security team to identify networked devices, applications, and vulnerabilities. This is accomplished by scanning the IP addresses of an organization s network segments to identify open network ports and the associated application and operating system. The scanner probes the open ports, determines the patch level and configuration of applications and operating systems and identifies vulnerabilities present. The end-product is a list of hosts and network devices reachable with the operating attributes, including running services, software and operating system version and vulnerabilities. While this identifies the network vulnerabilities present, the raw data is limited. Key challenges remain: difficulty to prioritize meaningful remediation efforts. The raw data generated by scanners creates a phone book listing of up to tens of thousands of vulnerabilities. Organizations can filter by host attribute such as OS version level, or by application type such as SQLNet, or by vulnerability attribute such as severity. Still, looking at a filtered list makes it hard to demonstrate how addressing those vulnerabilities are actually improving security. Limited remediation options. Scan results are host-centric. They don t correlate or understand the relationships between assets. So the only option for remediation is to install a software patch or make a host configuration change. Patching is expensive. It requires the host to be taken off-line to apply the patch. What s more, if the host can t be patched or the configuration change can t be made, little else can actually be done.
4 4 WHITE PAPER What a Vulnerability Assessment Scanner Can t Tell You Organizations are realizing that vulnerability assessment scanners provide only the view of the vulnerabilities accessible to them. Also, multiple scanners are often deployed throughout the network and network access policies are altered to grant the scanners wider access. This architecture makes it extremely difficult to understand how a given vulnerability may be exposed to a threat source or, if deeper within the network, may be exposed to other attackable hosts. There are, however, products that (a) enable the identification of which network vulnerabilities pose a threat to the enterprise, (b) efficiently prioritize remediation efforts, and (c) represent a choice of multiple remediation options. This paper examines the current state of vulnerability management, how it has evolved and how the addition of key concepts are improving the security and business landscape. It will explain how the correct solution can be a powerful and cost-effective tool to preemptively identify and remediate the most important vulnerabilities in the network. Further, it will show: Why analyzing vulnerabilities in the context of the network is necessary for prioritizing vulnerability remediation and determining all options beyond patching and configuration changes. how to determine the optimum security decision whether patching, configuration change, deploying compensating controls, altering the network access policies or even re-architecting the network. Vulnerability Management Requirements Identifying the most important vulnerabilities to remediate To ensure that your remediation efforts do the most to improve security, you must first identify the vulnerabilities posing the greatest threat. Suppose 1,000 hosts were scanned and an average of five vulnerabilities were found on each. A total of 5,000 vulnerabilities need to be reviewed and the best action to reduce the risk of impact to the business must be identified. Since it is unrealistic to remediate all 5,000, it is essential to accurately prioritize the vulnerabilities by the risk to your business not to the device/host. Many organizations take a host-centric approach to prioritizing vulnerabilities. Often the vulnerabilities are sorted by severity. Using the example of 5,000 vulnerabilities, suppose the scan found 1,000 high-, 1,500 medium-, and 2,500 low-severity vulnerabilities. Additional filtering or grouping can be done based on application, operating system, or even business unit. Once these vulnerabilities have been sorted, you review the list to determine which vulnerabilities to fix. Considerations may include: severity of the vulnerability: Is the severity of the vulnerability so high that it needs to be patched immediately? Is it worth taking the server down or spending the time to implement the patch? Can the vulnerability be easily exploited? Could an attacker easily gain administrator-access to the server?
5 What a Vulnerability Assessment Scanner Can t Tell You WHITE PAPER 5 regulatory implications: Is the host under regulatory requirements with regard to security? Is there an explicit regulatory requirement to patch the vulnerability? business impact: If exploited, would the vulnerability affect system availability or performance? While this approach seems logical, it reveals little insight into what will actually improve security because it looks at the problem using limited data. It does not see the enterprise as a whole. Insufficient consideration is given to how the hosts are interconnected and what is reachable from untrusted networks. In other words, more questions need answers: Is the vulnerable host exposed to an untrusted network? Should the host be exposed to the untrusted network? Is the vulnerable host reachable from a weak upstream host? Should the host be protected by a firewall? Bottom-line: you must see the enterprise network as the sum of its parts. And it requires a view beyond individual devices. Protecting hosts exposed to untrusted networks The top priority: Secure hosts exposed to untrusted networks because, to attackers, they are nothing but doors to your network. The most important but often the most overlooked step of vulnerability management is to determine if the host should be exposed in the first place. Often due to configuration drift, network changes, bringing up hosts/services and shutting them down, hosts are inadvertently exposed to the untrusted network. A second problem is that scanning the public IP address space of an enterprise only identifies the hosts directly exposed to the Internet which is just one of many untrusted networks today. Others to consider: extranet networks: Most enterprises today have multiple connections to a variety of business partners outsourcing, supply chain and co-development to name a few. Since these connections provide a pathway into your network and are controlled by a third-party, it is essential to secure any exposed host. internal end-user networks: In the last few years much focus has been placed on insider threats to sensitive data. Malicious employees, contractors and malware constitute legitimate threats today. Indeed, any network where endusers actively operate is a possible source of attack. wireless networks: Simply based on the lack of physical control inherent in wireless networks, it is important to consider the possibility of an attacker gaining access via these networks. Even PCI specifically calls out the need to segment valuable assets from wireless networks.
6 6 WHITE PAPER What a Vulnerability Assessment Scanner Can t Tell You vpn networks: Remote end-users often connect to enterprises using some form of VPN technology (IPSec, SSL, etc.). Usually the user is utilizing a third-party network such as a home Internet connection or hotel wireless network to initiate their VPN connection. A third-party network cannot be considered trusted. It would be extremely difficult and burdensome to the network to perform a vulnerability scan from every possible entry or untrusted network access point. The ideal vulnerability management solution: one that dynamically identifies untrusted network segments and reveals hosts exposed to those networks. The host vulnerability data can then be prioritized according to what is exposed to the untrusted networks. Exposed hosts can be determined by analyzing the various network access policies controlling traffic between untrusted and trusted networks. Here, computer automation is invaluable. Once you identify the directly exposed hosts, a series of questions must be answered to further prioritize remediation efforts. First, determine if there is no business or technical requirement for the host to be exposed incorrectly. Most often an incorrectly exposed host is the result of misconfigured access policy on a router or firewall or access was opened to troubleshoot an issue and the administrator forgot to go back and close access. The final step is to analyze the network to determine the level of access the directly exposed hosts have to other hosts and vulnerabilities deeper in the network. This analysis is important, as it enables understanding how much of a threat an exposed host is compared to another exposed host. For example, suppose you analyzed the access of two exposed hosts, A and B, to the untrusted network. Exposed host A has a vulnerability that enables an attacker to jump to another host deeper in the network. Host A also has a vulnerability that would enable an attacker to leapfrog to a regulated database deep in the network, which contains sensitive customer data. The other exposed host B has the same vulnerability, but its leapfrog target is an internal test server and has no consequence to the business. Perhaps A is part of a legacy network and is no longer used, but it is directly exposed to the untrusted network and has a leapfrog vulnerability and can reach a critical, regulated data repository. Clearly, host A presents a higher risk to the business than host B does. Now you know which host to remediate first. Find the most effective and realistic way to remediate the vulnerability Vulnerability assessment may begin with good intentions but the fact is that little remediation work occurs after a scan of the network. Even when a vulnerability is identified, remediation is rare. For example, the security team might scan some of the company s most valuable assets, sort the results by severity and review the vulnerabilities. They find a severe vulnerability on the company s primary database where the most sensitive of information such as credit card numbers or intellectual property is stored. If this vulnerability is exploited, the attacker would gain administrator access to the data. The security team quickly alerts the database
7 What a Vulnerability Assessment Scanner Can t Tell You WHITE PAPER 7 administrator of its presence. At this point, remediation comes to a halt. Why? Because the database administrator s top priority is to maintain availability of the database. Since remediation often involves installing a patch and incurring downtime, it is directly contradictory to the administrator s number-one priority. The company loses money every minute the database is unavailable. There may even be service level agreements in place that require a specific level of availability. Given the position that the database administrator is in, reluctance to remediate is understandable. A common reason to dismiss the vulnerability is that the database sits deep within the network, behind one or more firewalls, reducing the chances of the vulnerability being exploited. This all amounts to a case of insufficient information for understanding the implications of the vulnerability and the threat it poses. But what if the security team could demonstrate the magnitude of the threat and how exploitable the vulnerability actually is? What if the team could prove that, despite the database being deep within the network, an upstream host with a pivoitable vulnerability could be compromised by exposure to an untrusted network? Because the security team doesn t take the network into consideration when prioritizing vulnerabilities, perhaps the database administrator is correct and there is a low chance of the vulnerability being exploited. Perhaps due to a misconfiguration or the network changing over time, the database got exposed to an untrusted network. In this case, the security team is correct in identifying the database as being at risk but still fails to understand that the exposure could be mitigated by patching the host exposed to the untrusted network (or by filtering traffic between the database and the upstream host if the current network access is deemed unnecessary for business). The above example reveals two major challenges faced by security teams when trying to remediate vulnerabilities: (1) an inability to understand and communicate how much of a threat a vulnerability is to the organization and (2) an inability to recognize all possible remediation options. Without an understanding of the network it is impossible to initiate action and identify the most appropriate remediation steps. By analyzing vulnerabilities in the context of the network, security teams can be much more effective at communicating the level of risk that a vulnerability poses and make more informed decisions about proper remediation. Inadequate understanding of the network leaves security teams with two options for remediation: (1) install a software patch that addresses the vulnerability or (2) simply disable the vulnerable service on the host. These options are extremely host-centric with the latter requiring costly downtime. Compare that to the additional remediation options available with comprehensive network understanding: network ACL Change: There are cases where vulnerable hosts are incorrectly exposed. In that case, remediation may be as simple as having the network team make a change to an ACL on the router allowing the traffic. Compensating Controls: The team can deploy a security solution to remediate the threat such as a firewall to block the traffic, an intrusion prevention system, an application-level firewall, or an inline patching system.
8 8 WHITE PAPER What a Vulnerability Assessment Scanner Can t Tell You remediate an Upstream Host: Especially when dealing with hosts not directly exposed to an untrusted network, upstream-host remediation if exposed to an untrusted network is a viable option. Analyzing vulnerabilities in the context of the network enables security teams to communicate the risk posed to the enterprise and to identify the most appropriate remediation action to boost security. The RedSeal Networks Approach RedSeal s proactive security intelligence solution represents a vulnerabilitymanagement innovation and arms you with the ability to overcome all the challenges described thus far. Wielding RedSeal s advanced security analytics engine, you can quickly prioritize the results of a network vulnerability assessment scan, identify the hosts that are exposed to all untrusted networks and determine the remediation steps that will do the most to safeguard security. The security analytics engine engine has two major components. The Network Map Analysis, which analyzes all possible network traffic that is allowed and denied between all known points in the network. The Threat Map Analysis which correlates host and vulnerability data with network access to determine all of the possible attack (threat) paths from untrusted networks to anywhere in the network. Analyze Vulnerabilities in the Context of the Network Network Map Analysis Understanding the interconnectedness of an enterprise s assets is fundamental to vulnerability management. Analyzing the network access policies across the network provides the context that enables effective vulnerability prioritization. The Network Map Analysis engine analyzes configuration data from network devices to determine what traffic is allowed between any two points in the network. It iterates on each and every node in the network to build a complete network map that includes trusted and untrusted networks: 1) redseal automatically collects the configuration data of network devices either directly from the network device or from a centralized repository or management system, then builds a network topology diagram (or map). 2) the Network Map Analysis computes all known paths between all points in the network. 3) This can be repeated for any network change or at regular intervals. The results of the Network Map Analysis are recorded and end-users can query it to understand how their network is architected and determine what traffic is allowed between any two points. This can be done on-demand or at regular intervals.
9 What a Vulnerability Assessment Scanner Can t Tell You WHITE PAPER 9 Threat Map Analysis Threat Map Analysis helps security teams tackle the first challenge of vulnerability management: determining which hosts are directly exposed to untrusted networks. By utilizing the results from Network Map Analysis, Threat Map Analysis can correlate the network accesss with host and vulnerability data from your network vulnerability assessment scanner: 1) redseal automatically collects host and vulnerability data from vulnerability assessment scanners. 2) threat Map Analysis computes every possible threat vectors between every host and their vulnerabilities across the entire network. This analysis identifies the hosts directly exposed to untrusted networks. 3) as Threat Map Analysis runs it calculates a series of metrics that include the asset value, the vulnerability severity and the exposure of the host to the rest of the network. These metrics provide end-users with a simple way for prioritizing the hosts and vulnerabilities that present the highest threat to the enterprise. The results of the Threat Map Analysis are recorded and end-users can choose any point in their network to review all threat vectors to or from that source. Prioritize Remediation by Identifying Hosts Directly Exposed to Untrusted Networks Identifying the hosts directly exposed to untrusted networks is the most important step in prioritizing remediation efforts. There are two approaches: end-users can query the RedSeal Threat Map (see diagram below) to review all threats that originate from all of their untrusted networks. Using our earlier example where two servers are exposed to the untrusted network, one of the exposed hosts (A) has a vulnerability that would allow an attacker to leapfrog or jump to another host deeper in the network, while the other exposed host (B) has the same vulnerability but its leapfrog target is a internal test server having no consequence to the business. A security team would use the Threat Map to identify both host A and host B as directly exposed to untrusted networks with threat paths deeper into the network. Threat Map displays all of the threat vectors from untrusted networks to directly exposed hosts
10 10 WHITE PAPER What a Vulnerability Assessment Scanner Can t Tell You end-users can use the RedSeal Downstream Risk metric to identify and prioritize the directly exposed hosts. The hosts with the greatest downstream risk present the greatest risk to the enterprise based on the severity of the vulnerabilities present and the network access allowed from the high-risk host to other hosts within the network. From our example, both hosts A and B would have downstream risk scores. Host A s score would be higher than B s because it exposes a regulated database deep in the network that contains customer data. Host B exposes an internal test server only and has low consequence to the business. Determine Which Actions Provide Greatest Security Improvement. Once security teams have used RedSeal to prioritize their remediation they can use a variety of features available to determine the best remediation effort. They can also clearly communicate the urgency to remediate. These features enable security teams to consider other remediation options besides just patching or disabling the exposed service. RedSeal s Network Path Explorer and Threat Map both enable security teams to identify the best actions. The Network Path Explorer enables users to review all traffic between any two points in the network. Users specify source and destination in the network and the Network Path Explorer returns the traffic allowed between the source and destination. The results are returned as a 5-tuple: protocol, source IP address, source port, destination IP address, and destination port. This powerful tool can help a security team consider a variety of remediation options and also identify huge security architectural flaws in the network. By reviewing the allowed network traffic, security teams can determine whether the access granted exceeds their business needs. Using our earlier example, the security team could use the Network Path Explorer to discover all traffic allowed from untrusted networks to the network where host A resides. With this information the security team can determine if only host A is incorrectly exposed or if there are additional exposed areas. In addition, the Network Path Explorer can assist with determining how best to deploy security solutions that can serve as compensating controls for remediating vulnerabilities. For example, the Network Path Explorer can report all traffic allowed to a destination, which can help a security team determine where to deploy an IPS or application-level firewall.
11 What a Vulnerability Assessment Scanner Can t Tell You WHITE PAPER 11 Graphical view of all access allowed to a network and the details including source, destination, port and protocol The Threat Map enables security teams to review all threats to any host in the network including threats from untrusted networks. This feature enables security teams to consider a number of remediation options for a host including changing the access policies on an upstream network device or identifying other hosts that if remediated would eliminate the exposure. Graphical view of all threat vectors to a subnet and the details of each threat including source, destination and vulnerability information. The combination of Network Path Explorer and Threat Map enable organizations to overcome the challenges discussed in this whitepaper. While some of the approaches to overcoming these challenges could be performed manually, clearly the complexity warrants the need for an automated software solution.
12 12 WHITE PAPER What a Vulnerability Assessment Scanner Can t Tell You Conclusion Network vulnerability assessment scanners are excellent for identifying vulnerabilities present but the results often leave organizations with more data than they can effectively handle. And results of these scans alone are difficult to prioritize since scanners are unable to identify which hosts are exposed to untrusted networks. What s more, the host-centric nature of scan results makes it extremely difficult to understand or communicate the true urgency for remediation or provide any more remediation options besides installing a software patch or making a configuration change to the host. The optimal way to overcome these challenges is to analyze the results of a vulnerability scan in the context of the network. In this context you can analyze the relationships between hosts and untrusted networks by understanding the network architecture and access policies that define the relationships. By including the network context in the analysis of vulnerability data, security teams can easily identify the vulnerabilities that present the greatest threat to the enterprise, communicate the urgency to remediate these threats, and identify the remediation steps that will provide the greatest impact to the security of the business. RedSeal Networks has developed a vulnerability management solution, Vulnerability Advisor, which enables organizations to overcome these challenges and protect your most valuable assets. Capabilities include Network architecture and access policy analysis identification of threat paths into the network, by correlating network and vulnerability data Features like the Network Path Explorer, and Threat Map for identifying remediation options, and determining which approach will provide the greatest increase in security See for yourself in a trial of RedSeal technology how you can spot your most critical vulnerabilities and make more informed decisions on what to do about them. About RedSeal: RedSeal Networks develops proactive security intelligence software that enterprise organizations depend on to visualize their security effectiveness, maintain continuous compliance with regulations and protect their most critical assets and data. Unlike systems that measure the impact of attacks once they already occur, RedSeal isolates gaps in security infrastructure before they are discovered by hackers analyzing the cumulative ability of security devices to control access and vulnerability exposure across the entire enterprise and providing critical metrics necessary for optimal management of real-world IT risk and exposure. For more information on RedSeal products please visit the company s web site at or contact RedSeal representatives directly at (888)
13 What a Vulnerability Assessment Scanner Can t Tell You WHITE PAPER 13
14 WHITE PAPER RedSeal Networks, Inc Freedom Circle, Suite 800, Santa Clara, Tel (408) Toll Free (888) Copyright 2011 RedSeal Networks, Inc. All rights reserved. RedSeal and the RedSeal logo are trademarks of RedSeal Networks, Inc.
ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationOptimizing Network Vulnerability
SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965
More informationYOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE
FAST FORWARD YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE VISUALIZE COMPLY PROTECT RedSeal Networks, Inc. 3965 Freedom Circle, 8th Floor, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888)
More informationREDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance
REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationImproving Network Security Change Management Using RedSeal
SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure Improving Network Security Change Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationLeveraging Network and Vulnerability metrics Using RedSeal
SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationEnabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal
SOLUTION BRIEF Enabling Continuous PCI DSS Compliance Achieving Consistent PCI Requirement 1 Adherence Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationSample Vulnerability Management Policy
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
More informationSECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER
SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER An AlgoSec Whitepaper MANAGE SECURITY AT THE SPEED OF BUSINESS AlgoSec Whitepaper Introduction Corporate networks today must deliver hundreds
More informationSecurity solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.
Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?
More informationPrevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management
Prevent cyber attacks. SEE what you are missing. See Your Network MAPS. Prevent cyber attacks. [RedSeal] is meeting our expectations and is playing an integral role as it feeds right into our overall risk
More informationSECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK
SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK BACKGROUND The National Institute of Standards and Technology (NIST) Special Publication 800-53 defines a comprehensive set of controls that is the basis
More informationFIREMON SECURITY MANAGER
FIREMON SECURITY MANAGER Regain control of firewalls with comprehensive firewall management The enterprise network is a complex machine. New network segments, new hosts and zero-day vulnerabilities are
More informationPrevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management
Prevent cyber attacks. SEE what you are missing. See Your Network MAP. Prevent Cyber Attacks. Driven by the need to support evolving business objectives, enterprise IT infrastructures have grown increasingly
More informationHow To Test For Security On A Network Without Being Hacked
A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few
More informationBest Practices for Vulnerability Management
4 Steps to Reducing Risk with Vulnerability Management Best Practices Is Your Vulnerability Management Process Meaningful To Your Business? The vulnerability management process can be very useful and provide
More informationTechnology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time
Technology Blueprint Assess Your Vulnerabilities Maintain a continuous understanding of assets and manage vulnerabilities in real time LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationRisk-based solutions for managing application security
IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated
More informationUsing Skybox Solutions to Achieve PCI Compliance
Using Skybox Solutions to Achieve PCI Compliance Achieve Efficient and Effective PCI Compliance by Automating Many Required Controls and Processes Skybox Security whitepaper August 2011 1 Executive Summary
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationLOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION
LOGIIC Remote Access June 2015 Final Public Report Document Title LOGIIC Remote Monitoring Project Public Report Version Version 1.0 Primary Author A. McIntyre (SRI) Distribution Category LOGIIC Approved
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationContinuous Diagnostics & Mitigation:
WHITE PAPER Continuous Diagnostics & Mitigation: CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL Table of Contents What is CDM Requirements, Mandates & Policy that drive for adoption of Continuous Monitoring....
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts
SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationReining in the Effects of Uncontrolled Change
WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,
More informationScanless Vulnerability Assessment. A Next-Generation Approach to Vulnerability Management
Scanless Vulnerability Assessment A Next-Generation Approach to Vulnerability Management WHITEPAPER Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network strategy to meet new threats and achieve expanded business imperatives
WHITEPAPER The Emergence of Adaptive Network Security Evolve your network strategy to meet new threats and achieve expanded business imperatives Frank Andrus CTO, Bradford Networks Executive Summary...
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationEmbracing Microsoft Vista for Enhanced Network Security
Embracing Microsoft Vista for Enhanced Network Security Effective Implementation of Server & Domain Isolation Requires Complete Network Visibility throughout the OS Migration Process For questions on this
More informationEndpoint Security Management
Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationI D C E X E C U T I V E B R I E F
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com I D C E X E C U T I V E B R I E F P e netration Testing: Taking the Guesswork Out of Vulnerability
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationHow to Leverage IPsonar
Top 3 Undiscovered Vulnerabilities IPsonar Finds on a First Scan A publication of Lumeta Corporation www.lumeta.com Introduction Large enterprises function in an ever-expanding IP space and often have
More informationLoadMaster Application Delivery Controller Security Overview
LoadMaster Application Delivery Controller Security Overview SSL Offload/Acceleration, Intrusion Prevention System (IPS) and Denial of Service (DOS) Overview Small-to-medium sized businesses (SMB) are
More informationFinding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network
LiveAction Application Note Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network September 2012 http://www.liveaction.com Table of Contents
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationHow To Manage A Network Security Risk
Scanless Vulnerability Assessment: Skybox Security whitepaper July 2014 1 Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationNext-Generation Vulnerability Management
White Paper Transform Checkbox Compliance into a Powerful Risk Mitigation Tool Skybox Security whitepaper, June 2014 Executive Summary Vulnerability management is the process of identifying, classifying,
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationWHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Secure Network Access Control Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationWhite Paper The Dynamic Nature of Virtualization Security
White Paper The Dynamic Nature of Virtualization Security The need for real-time vulnerability management and risk assessment Introduction Virtualization is radically shifting how enterprises deploy, deliver,
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationWHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network security strategy to meet new threats and simplify IT security operations
WHITEPAPER An Adaptive Approach to Network Security Evolve your network security strategy to meet new threats and simplify IT security operations Frank Andrus CTO, Bradford Networks Executive Summary...
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationIBM Global Technology Services Preemptive security products and services
IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationA Modern Framework for Network Security in the Federal Government
A Modern Framework for Network Security in the Federal Government 1 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Trends in Federal Requirements for Network Security In recent years,
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More information