Optimizing Network Vulnerability

Transcription

1 SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc Freedom Circle, Suite 800, Santa Clara, Tel (408) Toll Free (888)

2 2 SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Contents Executive Summary: 3 Blind Faith: Relying on Today s Under Informed Vulnerability Remediation Approach 3 The Shortcomings of Traditional Vulnerability Management Practices 4 Adding Network Access Awareness to Vulnerability Assessment 5 The Solution: RedSeal Proactive Security Intelligence 7 Conclusions: 8

3 Adding Real-World Exposure Awareness to Vulnerability and Risk Management SOLUTION BRIEF 3 Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal Executive Summary: This solution brief examines the opportunity for organizations to adopt capabilities that dramatically advance the effectiveness of vulnerability management initiatives by providing detailed visibility into network access and risk to inform remediation based on real-world exposure. In addition to highlighting the inefficiency of vulnerability prioritization methods that fail to account for mitigation by network defenses, the paper will document the specific manner in which RedSeal s proactive security intelligence solutions allow organizations to rank vulnerabilities based on their exposure to threat sources and relation to business critical assets. By lending contextual awareness of network protection to vulnerability scoring and driving remediation related to proven risk, RedSeal transforms vulnerability management from a costly guessing game of plugging holes into a strategic process reducing attack surface and optimizing resource allocation. Blind Faith: Relying on Today s Under Informed Vulnerability Remediation Approach While the dawn of the vulnerability management era was hailed as the end of reactive IT security, most organizations reliance on risk scoring methodologies that lack awareness of mitigating conditions and network exposure have failed to deliver on that promise. Despite the fact that efforts to proactively identify and remediate vulnerabilities before they can be breached represents a tremendous step forward compared to the traditional mindset of react and respond, a shortfall of contextual information regarding direct and indirect network exposure has severely limited vulnerability management s payoff. In addition to generating false positives that encourage remediation teams to focus on vulnerabilities that have been mitigated by network controls, the manner in which

4 4 SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management most vulnerability assessment tools rank the issues they find using industry severity ratings like the Common Vulnerability Scoring System fails to account for the most significant factor when measuring risk: whether or not they are actually exposed to threat sources or protected by layered defenses. According to Gartner s Jan report Understanding Vulnerability Management Life Cycle Functions, scanning programs that focus only on simple assessment of flaws themselves are weak specifically based on a lack of focus on the vulnerabilities surroundings. Knowing you have a problem, and what type of vulnerability it is, provides critical intelligence to security strategists, but without providing further intelligence regarding the likelihood of being exploited by attackers, Gartner observes, organizations utilize an a approach that isn t optimized for mitigation. To better prioritize patching and remediation efforts, make the most of ongoing scanning and ensure that efforts remain focused on protection of each organization s critical assets, today s enterprises must widen the scope of vulnerability management beyond basic scanning to include correlation of network access and security controls with vulnerability findings. The Shortcomings of Traditional Vulnerability Management Practices As noted in the 2010 Dark Reading feature The Truth About Vulnerability Scanners, enterprises relying on traditional network assessment tools alone are likely maintaining a false sense of protection. While no security expert would argue that proactively seeking out existing network vulnerabilities to proactively address them constitutes faulty logic, most scanning tools are, as reported in Dark Reading s article, limited in identifying the complex avenues an attacker could take to compromise your network. In addition to lacking the ability to understand where the flaws are exposed to network access, most vulnerability assessment tools provide organizations with a massive volume of results that it makes it extremely difficult for staff to analyze the information and effectively prioritize remediation. In its 2010 white paper Data-centric Vulnerability Management security services giant Verizon Business points out that in addition to overwhelming numbers of results, too many issues are typically identified by scanners as high or critical making it challenging to determine how to handle so many. Despite the fact that network vulnerability assessments are valuable in reducing risk, it has become obvious that traditional methods also bear significant shortcomings, including: Inability to provide insight into whether or not the issues discovered are truly exposed to external networks or have been mitigated by layered defenses.

5 Adding Real-World Exposure Awareness to Vulnerability and Risk Management SOLUTION BRIEF 5 A lack of information about whether, or how, any vulnerabilities might be connected to other vulnerabilities, and allow potential advanced attacks via pivoting. Generation of so many results that it prevents efficient analysis, delaying resolution and wasting available resources. To address this problem, organizations must expand vulnerability management beyond scanning to gain visibility into highly relevant factors such as the current state of network protection and underlying host value to the business. By overlaying intelligence of such important conditions on vulnerability scan data, organizations can immediately optimize response and drive more effective remediation. RedSeal provides an interactive network security visualization for browsing the analysis results and identifying vulnerabilities that are exposed to various parts of the network both internal and external. This screen shot shows that a single subnet is exposed to both Internet connections and if exploited could be used to launch additional attacks deeper in the network pivot attack. Adding Network Access Awareness to Vulnerability Assessment To ensure that vulnerability management is targeted at discovery and remediation of organizations most pressing security issues, today s enterprises require more inclusive processes that provide added network context and visibility. By lending additional information to their scanning processes, organizations can far more effectively prioritize their efforts and ensure that they are patching those problems that actually represent real-world exposures. In its Techniques for Security Risk Analysis of Enterprise Networks, the National Institute of Standards and Technology (NIST), contends that to accurately assess

6 6 SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management the security of networked systems one must understand how vulnerabilities can be combined to stage an attack. Using available solutions that analyze all available access permitted across the entire network and understand valuation of underlying assets based on importance to the specific organization, enterprises can greatly advance the overall effectiveness of their vulnerability management efforts, providing important benefits including: The ability to identify precisely those vulnerabilities that represent significant risk for exploitation based on their exposure to threat sources like the Internet and other external networks. Faster interpretation of vulnerability scan results, providing security teams with more time to direct their efforts on additional investigation or patching of problems. Validation that the coverage of existing scanning initiatives is sufficient for identifying any potentially high-risk vulnerabilities. As noted by Verizon Business in its Data-centric Vulnerabilbity Management report, knowing where to start and focus remediation efforts isn t easy, and scarce resources may be misallocated to fixing lower-impact vulnerabilities, ultimately leaving the most critical data still vulnerable to a breach. By evolving vulnerability management from basic scanning to continuous assessment of risk based on a confluence of critical factors, related to everything from network access to vulnerabilites interrelation, practitioners can isolate their most dangerous problems, and derive greater return out of related investments. RedSeal s Security Performance Reporting engine provides out-of-the-box vulnerability metrics and the ability to define custom metrics. This screen shot shows four metrics: vulnerable hosts that are directly exposed and indirectly exposed, hosts that are protected by security controls and vulnerable hosts that are directly exposed and could be used to pivot off of to launch additional attacks.

7 Adding Real-World Exposure Awareness to Vulnerability and Risk Management SOLUTION BRIEF 7 The Solution: RedSeal Proactive Security Intelligence RedSeal s proactive security intelligence solutions are the only products on the market today that provide organizations with the specific information they need to stop wasting costly resources and gain the visibility necessary to most effectively guide remediation. With RedSeal, organizations retain the ability to understand how layers of network security devices shield certain vulnerabilities from exploitation and isolate those problems that may appear unimportant, but actually represent pressing real-world exposures. RedSeal provides security management with the contextual awareness of network access, vulnerability proximity and the relation to critical hosts needed to optimize existing assessment and remediation initiatives to: Proactively identify those vulnerabilities that can be accessed from threat sources to isolate exposure to attacks. Determine how effectively defenses have been aligned to prevent pivot attacks from advancing across networked infrastructure by exploiting additional vulnerabilities. Understand where specific critical assets are exposed to potential attack by the combination of access and vulnerability. By leveraging powerful automation to deduce every point and pathway of connection across the entire network, RedSeal offers organizations the power to focus vulnerability management on their greatest risks, improve protection of critical assets and prove that maximum ROI is garnered from network scanning and remediation. Using RedSeal, enterprises can collect and analyze key metrics that highlight the overall performance of vulnerability assessment and remediation programs, prove ongoing diligence to external compliance auditors, and drive more efficient allocation of valuable staff and resources over time. RedSeal provides a variety of security visualizations for analyzing vulnerability risk. This screen shot of RedSeal patented Risk Map visualization highlights in red the vulnerable hosts that pose the most risk to the business based on vulnerability severity and exposure to threat sources.

8 8 SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Conclusions: With the increasing complexity of everything from infrastructure itself to the sophistication of cutting-edge attacks, enterprises must identify those vulnerabilities that need to be remediated first to prevent the potential for subsequent data breaches. As noted by security industry training specialists SANS in its 20 Critical Security Controls, organizations must speed vulnerability management and remediation as any significant delays in finding or fixing dangerous vulnerabilities provides ample opportunity for persistent attackers to break through, gaining control over the vulnerable machines and getting access to the sensitive data they contain. RedSeal s proactive security intelligence solutions are the only products on the market that empower today s enterprises with the detailed visibility into available network access, vulnerability interrelation and the value of underlying business assets allowing them to advance vulnerability management and drive more efficient remediation that addresses their most dangerous real-world risks. About RedSeal: RedSeal Networks develops proactive security intelligence software that enterprise organizations depend on to visualize the effectiveness of security infrastructure, maintain continuous policy compliance and protect their most critical business assets and data. Unlike systems that measure the impact of attacks after they transpire or address individual elements of network protection, RedSeal analyzes the cumulative ability of defenses to control access and mitigate vulnerability exposure across the entire enterprise, providing the critical metrics necessary to trend performance and isolates gaps before they can be discovered by hackers. For more information on RedSeal products please visit the company s web site at or contact RedSeal representatives directly at (888)

9 Adding Real-World Exposure Awareness to Vulnerability and Risk Management SOLUTION BRIEF 9

10 WHITE PAPER RedSeal Networks, Inc Freedom Circle, Suite 800, Santa Clara, Tel (408) Toll Free (888) Copyright 2011 RedSeal Networks, Inc. All rights reserved. RedSeal and the RedSeal logo are trademarks of RedSeal Networks, Inc.