Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Similar documents
GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

Cloud Services MDM. Management Admin Guide

Vodafone Secure Device Manager Administration User Guide

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

AVG Business SSO Partner Getting Started Guide

Cloud Services MDM. ios User Guide

Sophos Mobile Control SaaS startup guide. Product version: 6

Preparing for GO!Enterprise MDM On-Demand Service

Best Practices. Understanding BeyondTrust Patch Management

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Sophos UTM. Remote Access via SSL Configuring Remote Client

The ForeScout Difference

DATA BREACH RISK INTELLIGENCE FOR HIGHER ED. Financial prioritization of data breach risk in the language of the C-suite

Adobe Summit 2015 Lab 718: Managing Mobile Apps: A PhoneGap Enterprise Introduction for Marketers

An Overview of Samsung KNOX Active Directory and Group Policy Features

Web Application Firewall

Mobility Manager 9.5. Users Guide

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

ForeScout MDM Enterprise

Administrator's Guide

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Telstra Mobile Device Management (T MDM) Getting Started Guide

Mobility Manager 9.5. Installation Guide

BarTender Print Portal. Web-based Software for Printing BarTender Documents WHITE PAPER

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

mbits Network Operations Centrec

Novell ZENworks Asset Management 7.5

Copyright 2012 Trend Micro Incorporated. All rights reserved.

What Do You Mean My Cloud Data Isn t Secure?

BYOD Guidance: BlackBerry Secure Work Space

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

BeyondInsight Version 5.6 New and Updated Features

IBM Security QRadar Vulnerability Manager Version User Guide

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Secure Your Mobile Workplace

Document OwnCloud Collaboration Server (DOCS) User Manual. How to Access Document Storage

Sophos Mobile Control Startup guide. Product version: 3.5

Using and Contributing Virtual Machines to VM Depot

Kaspersky Security for Mobile Administrator's Guide

How to configure Mac OS X Server

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Extreme Networks Security Analytics G2 Vulnerability Manager

How To Integrate An Ipm With Airwatch With Big Ip On A Server With A Network (F5) On A Network With A Pb (Fiv) On An Ip Server On A Cloud (Fv) On Your Computer Or Ip

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

Safe Haven User Guide

Comodo Endpoint Security Manager SME Software Version 2.1

STABLE & SECURE BANK lab writeup. Page 1 of 21

End User Devices Security Guidance: Apple ios 8

Manage Mobile Devices

GCM for Android Setup Guide

Comodo MyDLP Software Version 2.0. Endpoint Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Creating an Apple APNS Certificate

Using the Cisco OnPlus Scanner to Discover Your Network

Introduction to Google Apps for Business Integration

mobilecho: 5-Step Deployment Plan for Mobile File Management

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

Complete Patch Management

ReadyNAS Remote. User Manual. June East Plumeria Drive San Jose, CA USA

Release Notes for Websense Security v7.2

Welcome to ncrypted Cloud!... 4 Getting Started Register for ncrypted Cloud Getting Started Download ncrypted Cloud...

McAfee Public Cloud Server Security Suite

Actualtests.C questions

Web Application Vulnerability Testing with Nessus

Managed Antivirus Quick Start Guide

Workday Mobile Security FAQ

Managing Enterprise Devices and Apps using System Center Configuration Manager 20696B; 5 Days, Instructor-led

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

How To Configure A Windows 8.1 On A Windows (Windows) With A Powerpoint (Windows 8) On A Blackberry) On An Ipad Or Ipad (Windows 7) On Your Blackberry Or Black

Multi-Factor Authentication Job Aide

Sophos Mobile Control Technical guide

Remote Application Server Version 14. Last updated:

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

The Secure Web Access Solution Includes:

Managing Qualys Scanners

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Introduction to Mobile Access Gateway Installation

NEFSIS DEDICATED SERVER

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

GETS AIRWATCH MDM HANDBOOK

Administration Quick Start

Remote Application Server Version 14. Last updated:

System Administration Training Guide. S100 Installation and Site Management

Kaspersky Lab Mobile Device Management Deployment Guide

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Mobile Labs Plugin for IBM Urban Code Deploy

Administering Jive Mobile Apps

Copyright 2013, 3CX Ltd.

Introduction to the AirWatch Browser Guide

Securing Office 365 with MobileIron

Sophos Mobile Control Startup guide. Product version: 3

WatchDox Administrator's Guide. Application Version 3.7.5

Transcription:

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing A Deployment Methodology... 5 Perform A Data Breach Risk Scan... 6 1. Click on Scan Computers... 6 2. Choose the Organization to Scan... 7 3. Choose a Data Breach Risk Scan Type... 7 A Note About the Data Breach Risk Scan... 7 A Note About Scan Short Codes... 8 4. Choose Scan Delivery Method... 8 5. CLI Scanner Command Line Arguments... 9 6. Running The Scan... 10 Monitoring Progress... 11 Generating Reports... 14 Generate Data Breach Risk Report... 14 1. Navigate To Reports... 14 2. Run Data Breach Risk Report... 15 3. View Report... 16 4. Report Sharing... 17 Enable Sharing... 17 Copy URL... 18 Generate Security Threat Report... 19 1. Navigate to Reports... 19 2. Run Vulnerable Hosts Report... 20 3. View Report... 21 Summary... 22 Conclusions... 22

3 Overview Data Breach Risk Intelligence In today's world of cyber attacks and data breaches, it's important to understand the goals and motivations of attackers as well as how attacks happen. Everyday businesses are at risk to becoming the next victim of a data breach. These breaches continue to happen because organizations never had the ability to visualize the combined intelligence exposing security threats, unprotected data at rest and insider access to unprotected data. iscan Online provides a powerful patented data breach risk intelligence platform that delivers the combined intelligence necessary for organizations to understand, and act upon their risk exposure of a data breach attack. Data Breach Prevention Lifecycle Defined

4 The security of corporate sensitive data is now under relentless attack. Fighting the war on digital data loss has reached the status of a global epidemic. The vast majority of data breaches are caused by unprotected data at rest residing on vulnerable endpoints resulting in an easy entry point for attackers. iscan Online recognizes today's cyber security challenges and enables organizations to protect themselves by continuously assessing their environments using proven technology that follows the Data Breach Prevention Lifecycle. Discover - Unprotected sensitive data at rest and the insiders that have access to the data Detect - Security threats providing vulnerable entry points for attackers to access your data Prioritize - At risk assets by leveraging the combined intelligence of security threat and data intelligence Remediate - Security threats by applying patches, mitigating solutions and encrypting or removing unprotected data Manage - The entire lifecycle process through a single scalable cloud deployed console In this getting started guide, we will walk through implementing the iscan Online Data Breach Prevention Lifecycle using the iscan Online Data Breach Risk Intelligence Platform. We will cover how to effectively deploy the solution to discover data and vulnerabilities as well as generating data breach risk reports to help prioritize activities for remediation. We will conclude with a reflection on the entire process and how it can help prevent a data breach in your organization before it occurs.

5 Choosing A Deployment Methodology The iscan Online Data Breach Risk Intelligence Platform utilizes a host based scanning methodology to discover unprotected data at rest as well as discover the security threats and vulnerabilities that exist on the endpoints where data is stored. The host based scans can be delivered in various ways depending upon the target user-base, network topologies involved and device types. Currently iscan Online supports three primary scan delivery methods described below. Browser Plugin The iscan Online Browser Plugin for Mac and Windows provides a simple way for users to self assess their own devices. It can be integrated into network access points with captive portals, offered as a self service scan option on intranets or public facing web pages and even integrated into web single sign on providers. This powerful and flexible solution can help solve one of the biggest challenges for enterprises by providing opportunistic assessment of devices which typically go undetected by traditional scan methodologies. CLI (Command Line) Scan The iscan Online CLI Scanner for Mac, Windows and Linux is the most versatile scan delivery method. Its non persistant design allows scans to be launched from the command line, or integrated with a variety of systems management tools such as McAfee epo, LanDesk, Dell Kace, Microsoft Active Directory or System Center as well as other script capable endpoint management solutions. Other common deployment scenarios include scanning remote users via VPN using the on connect script functionality. The cli scanner does not require installation on the endpoint and can be launched from a network share. Mobile Apps For scanning Android and Apple ios devices, iscan Online provides native mobile apps available via the Google Play store or from the itunes App Store. These native mobile apps provide data discovery and vulnerability scanning and also provides lite MDM (Mobile Device Management) functionality such as locate, lock and wipe. Summary As you plan your production deployment strategy consider each of the scan deployment methods above as each provides valuable ways to scan devices. For the purpose of this getting started guide, we will

6 focus primarily on the CLI scan and deploying using common systems management tools. Perform A Data Breach Risk Scan As described in the Data Breach Prevention Lifecycle, the first steps are to discover unprotected sensitive data at rest, the insiders that have access to the data and detect the security threats that can lead to compromise of the endpoints. The iscan Online Data Breach Risk Intelligence Platform provides the Data Breach Risk Scan to assess endpoints for this critical intelligence. In this getting started guide, we will walk through how to perform a Data Breach Risk Scan on various endpoints using the CLI scanner. 1. Click on Scan Computers After logging onto the iscan Online Console, click on Scan Computers from the Side Nav menu.

7 2. Choose the Organization to Scan In the iscan Online Console, "Organizations" are used to group devices and results by terms familiar to your company. For example an Organization might be defined as an office location, particular type of devices (servers vs workstations) or whatever is meaningful to you. To change from the currently displayed organization to a different, click the Change button then select the desired organization. 3. Choose a Data Breach Risk Scan Type A Note About the Data Breach Risk Scan The Data Breach Risk Scan is pre configured to discover the following types of sensitive data: Credit Cards Social Security Numbers Drivers License Date of Birth Drivers License

8 A Note About Scan Short Codes In the screen shot above notice the column titled Short Code. A scan Short Code defines a particular scan type and configuration for the organization. These short codes are created automatically by the system when accounts and organizations are created. Short Codes can be used as command line arguments to the CLI scanner as described in the next step. 4. Choose Scan Delivery Method In this getting started guide we will be using the CLI scanner to perform data breach risk scans. From the Choose Scan Delivery Method combo box select Command Line Executable This displays the various methods of deployment for the CLI scanner and the appropriate platforms.

9 The simplest way to run a command line scan is to use the provided PowerShell script on Windows platforms or the curl script on Mac and Linux Platforms. These scripts are designed to automatically download the CLI executable if it doesn t exist or is outdated on the target and launch the selected scan on the device. 5. CLI Scanner Command Line Arguments Command Line Arguments for Scan Type If you ve chosen to download the CLI Scanner and not the Powershell or curl scripts, it will be named iscanruntime_xxxxxx_.exe Where XXXXXX is the short code for the scan type you selected. The file is named this as a matter of convenience so that command line switches are not required. However you could also rename the file to iscanruntime.exe and pass a command line argument with the desired short code. Example: C:>ren iscanruntime_xxxxxx.exe iscanruntime.exe Then C:> iscanruntime -k XXXXXX This allows you to store a single copy of the executable on a shared file path and pass the desired scan configuration short code. Command Line Arguments for Proxy If you will be scanning devices behind a proxy, iscan Online requires an internet connection and the ability to send HTTPS (443) traffic to https://app.iscanonline.com. The CLI scanner accepts as an argument the proxy server ip and port for authentication as shown below: C:> iscanruntime -k XXXXXX -x 192.168.1.2:8080

10 6. Running The Scan There are a variety of ways to distribute the CLI scan to endpoints in your organization. Since the CLI scanner does not require it to be installed on the actual device being scanned it can be located on a network share and then created as a scheduled task or a cron job on linux devices. Most common deployment scenarios leverage Microsoft Active Directory. iscan Online provides detailed step by step directions for running scans via active directory directly from the console. Simply choose Active Directory as the Scan Delivery Method and follow the steps. iscan Online also provides a McAfee epo distribution package that can be used to distribute scans. You can find details on the package download and instructions inside the iscan Online Cloud Console under the Resources menu option. The CLI scan can be run by any endpoint management tool that can execute a command on an endpoint including but not limited to: Microsoft System Center McAfee EPO Webroot Dell Kace cron jobs Login script VPN on connect script

11 Refer to your management solution documentation for instructions on how to execute a scheduled task on the desired endpoints. Monitoring Progress The iscan Online Cloud Console is designed to provide high level dashboards and detailed reporting across the entire enterprise. Several dashboard widgets are available the display top hosts by risk, most vulnerable hosts and various other statistics related to data discovered and trends. As hosts are being scanned you can monitor the progress of individual scans and view details of completed scan results by clicking on View and Manage then Scan Results.

12 The Scan Results view is a simple but very powerful user interface that allows filtering and sorting by any of the columns in the view. By double clicking on a host in the Scan Results view, it will display the detailed scan results.

13 Above is a sample Data Breach Risk scan report for a single host. It combines all of the intelligence of the data discovered, the vulnerabilities detected and which users have access to the data into a single view.

14 Generating Reports Generate Data Breach Risk Report Now that a data breach risk scan has been run on one or more devices it is possible to generate the Data Breach Risk Report 1. Navigate To Reports After logging into the iscan Online Cloud Console click on Reports from the left nav bar

15 2. Run Data Breach Risk Report Click on Data Breach Risk from the report grid

16 3. View Report The Data Breach risk report is displayed. Note that this is an active report view that allows filtering, grouping and analysis of data. Hovering over the graph data allows the viewing of details associated with the selected data point. Clicking on the graph legend allows the inclusion / exclusion of the data type from the graph In the column filters expressions can be included such as < > = to scope numeric filters. For example typing: > 200 in the credit card filter would show matches with greater than 200 credit card data found.

17 4. Report Sharing iscan Online has implemented a unique report sharing function that allows you to distribute reports without generating PDF files. This allows the report recipient to have the same powerful filtering and analytics capability but without requiring direct access to the iscan Online console. To share a report, click on the Share button found at the top right of the report. Enable Sharing Click on Share this Report

18 Copy URL Once shared, the dialog will display the public shared URL for the report. Copy this URL into an email and share it with the appropriate personnel in your organization.

19 Generate Security Threat Report The security scan report is valuable for performing analysis and prioritization of assets to be remediated for security threats. 1. Navigate to Reports After logging into the iscan Online Cloud Console click on Reports from the left nav bar

20 2. Run Vulnerable Hosts Report Click on Vulnerable Hosts from the report grid

21 3. View Report The vulnerability report is displayed. Note that this is an active report view that allows filtering, grouping and analysis of data. Hovering over the graph data allows the viewing of details associated with the selected data point. Clicking on the graph legend allows the inclusion / exclusion of the data type from the graph In the column filters expressions can be included such as < > = to scope numeric filters. For example typing: > 10 in the high severity filter would show hosts with greater than 10 high severity vulnerabilities.

22 Summary Conclusions In this walkthrough we defined the iscan Online Data Breach Prevention lifecycle and walked through how to apply the Data Breach Risk Intelligence Platform to fulfill the following requirements: Discover unprotected sensitive data and the insiders that have access Detect Security Threats Prioritize Remediation based on detected threats and liability amounts. We hope this guide was beneficial to guiding you in understanding the platform and hope you continue to explore the iscan Online Data Breach Risk Intelligence Platform

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information