On Demand Unlimited Network Vulnerability Scanning. February 2013

Size: px

Start display at page:

Download "On Demand Unlimited Network Vulnerability Scanning. February 2013"

Melissa McDonald
8 years ago
Views:

1 On Demand Unlimited Network Vulnerability Scanning

2 About the Company Company Background Founded in (A) Economically Disadvantaged Woman Owned Small Business (EDWOSB) GSA MOBIS 874 GSA Schedule 70 GSA FABS 520 GSA 8(a) STARS Subcontractor to Zia Engineering Market Presence More than 130 clients Large and complex domestic and international clients Offices in: Washington DC Miami Orlando Philadelphia India

Subcontractor to Zia Engineering Market Presence More than 130 clients Large and complex

3 About the Company Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory Compliance Assurance and Attestation IT Audit & Advisory Fraud and IT Forensics Privacy and Consumer Protection Sectors Governmental Financial Services Oil & Gas Energy Retail & Distribution Healthcare Manufacturing High Tech & Telecom Higher Ed Legal Services Hospitality Food, Beverage and Entertainment Leisure & Tourism High Tech

Protection Sectors Governmental Financial Services Oil & Gas Energy Retail & Distribution Healthcare

4 About the Presenter Georgios Mortakis Director of Consulting Services CISSP, CISA, CRISC, PCIP, PCI QSA, PCI ASV MS Computer Science MBA Information Systems Core Experience: Regulatory Compliance and Standards Technical Security Assessment Risk and Vulnerability Management Ethical Hacking Digital Forensics Business Continuity

Core Experience: Regulatory Compliance and Standards Technical Security

5 Vulnerability Management Part of the Information Security Policy Demonstrate Information Security Life Cycle Necessary step of proper Risk Management Risk Assessment Vulnerability Assessment Required by Regulatory Compliance and Standards PCI DSS GLBA FACTA SOX HIPAA/HITECH etc

Risk Management Risk Assessment Vulnerability Assessment Required by

6 Vulnerability Assessment Different types Network Layer Wired Services Wireless SSID/Encryption Application and Database Layer Platforms Operating System Configurations

7 Vulnerability Scanner Automated process Map Assets Enumerate listening ports TCP/UDP Identify Services and underlying Operating Systems Match to vulnerability database Vulnerability Assessment/Scanning is NOT Penetration Testing! Exploitation

Operating Systems Match to vulnerability database

8 Benefits Vulnerability Status Snapshot Identify issues Mitigate exceptions Patch Management Control your sys-admins Stay up-to-date Prepare against what everyone knows Common Knowledge Don t be the last one to catch up

sys-admins Stay up-to-date Prepare against what

9 Facts You need to perform frequentvulnerability assessments on your infrastructure components and systems to ensure security controls are in place 53 new confirmed vulnerabilities for the top 50 apps every week on average in 2012 (2710/year) 920already in for 2013 Source : CVE database website

place 53 new confirmed vulnerabilities for the top 50 apps every week on

10 Fact Once a year penetration testing engagements do not cut it anymore Outdated Reactive mode Find out what might have already been exploited Expect to see regulatory compliance and standards to require more frequent assessments

might have already been exploited Expect to see

11 Question of the Day What s more important to you and your environment Security Compliance

12 Service Details Vulnerability Scanning Dedicated Automated Fully managed Combination of tools Subscription Based No usage limits No licenses No maintenance and management On-Demand 24/7 Available Scheduled or Adhoc Unlimited

Subscription Based No usage limits No licenses No

13 Covers CORE Services Network Devices Firewalls Routers Switches System Components Web Application Databases FTP/ Operating Systems All flavors Mainframes AS/400 OS Workstations All flavors Printers All types Wireless

FTP/Email Operating Systems All flavors Mainframes

14 Covers Customized Service Configuration Assessment Authentication on: Operating System Application Database Access Control Assessment File-system Access User Profile Data Assurance Sensitive Data Mapping Pre-DLP Assessment

Database Access Control Assessment File-system Access

15 How does it work Deploy Solution Determine size and scope Determine tools to be used Determine infrastructure Dedicated devices Managed and Maintained by ERM Pre-Schedule or Request on Demand Fast 24 hours turnaround Professional to review results and advise

devices Managed and Maintained by ERM Pre-Schedule or Request on

16 Sample

17 Why not just use tools on your own Different tools for different types One shoe does not fit all Licensing can get expensive Value of the people behind the tool Security Professionals Dedicated on Vulnerability Management This requires a full-time position Need to allocate internal resources - operational cost Let the experts do what they do best Dynamic as your environment Approach can change as your needs change Tools do not change unless customized (coding)

requires a full-time position Need to allocate internal resources - operational cost Let the experts do what they

18 Questions and Inquiries For further information please contact: Georgios Mortakis Director of Consulting Services CISSP, CISA, CRISC, PCI-QSA, PCIP, PCI-ASV (o) (m)

CISSP, CISA, CRISC, PCI-QSA, PCIP, PCI-ASV 305-447-6750 (o)

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory