Improving Visibility into your Vulnerability Management Program



Similar documents
Vulnerability Management

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Security and Compliance Suite

BUILDING AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM. Henrik Åkerstrand Account Executive Nordics

White Paper The Dynamic Nature of Virtualization Security

FY 2007 E GOVERNMENT ACT REPORT FINAL SEPTEMBER 2007

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

OCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: Last updated: September 6, 2011

WHITE PAPER: THREAT INTELLIGENCE RANKING

IBM Security IBM Corporation IBM Corporation

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

National Cybersecurity Assessment and Technical Services

IT Security & Compliance. On Time. On Budget. On Demand.

Extreme Networks Security Analytics G2 Vulnerability Manager

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Your Cause. October 05, Technical Summary. External Vulnerability Assessment. Your Cause External

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Leveraging a Maturity Model to Achieve Proactive Compliance

Review: McAfee Vulnerability Manager

Repave the Cloud-Data Breach Collision Course

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Standard: Vulnerability Management and Assessment

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab

How To Tag Assets In A Microsoft Qoq On A Microsq.Com (For Free) On A Pc Or Macbook Or Macsoft.Com On A Macbook (For Paid) On An Ipad Or Ipad (

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Devising a Server Protection Strategy with Trend Micro

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

About Us. 2 Managed Services E: sales@ironcovesolutions.com T: W: Our Mission. What We Do

Vulnerability Scanning. By: Chandos Carrow, CISSP COV IS Conference Richmond, VA

Devising a Server Protection Strategy with Trend Micro

Top 20 Critical Security Controls

Lumension Endpoint Management and Security Suite

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist

THE TOP 4 CONTROLS.

Hope is not a strategy. Jérôme Bei

PCI DSS Overview and Solutions. Anwar McEntee

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Discover and Manage Your Network Perimeter

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Policy Compliance. Getting Started Guide. January 22, 2016

Critical Security Controls

Achieving SOX Compliance with Masergy Security Professional Services

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

How To Monitor Your Entire It Environment

CA Vulnerability Manager r8.3

Requirements Management Database

Developing A Successful Patch Management Process

ACTIVATE ALL NINE MODULES TO ACHIEVE STRAIGHT-THROUGH-PROCESSING

Addressing FISMA Assessment Requirements

Extreme Networks Security Analytics G2 Risk Manager

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Information Security Office

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

REPORT State of Vulnerability Risk Management

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Uncover security risks on your enterprise network

IBM Endpoint Manager Product Introduction and Overview

IBM Security QRadar Vulnerability Manager

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

LAFARGE SUPPLIER SUSTAINABILITY PROGRAM. Sustainability performance monitoring of Lafarge suppliers

Attachment A. Identification of Risks/Cybersecurity Governance

Best Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.

Information Security and Continuity Management Information Sharing Portal. Category: Risk Management Initiatives

2011 Forrester Research, Inc. Reproduction Prohibited

Integrated Threat & Security Management.

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Intelligent Vulnerability Management The Art of Prioritizing Remediation. Phone Conference

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Resource Advisor OVERVIEW

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Company Profile S Flores #205 San Antonio, TX

UF Risk IT Assessment Guidelines

Vulnerability Management ROI Calculator User Guide. v2.0 Monday, September 29, Copyright 2008, Lumension Security

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Network Security and Vulnerability Assessment Solutions

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Simplifying the Challenges of Mobile Device Security

Symantec Control Compliance Suite. Overview

Leveraging Network and Vulnerability metrics Using RedSeal

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Obtaining Enterprise Cybersituational

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

The Nexpose Expert System

Concierge SIEM Reporting Overview

Continuous Network Monitoring

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Closing the Vulnerability Gap of Third- Party Patching

Transcription:

Improving Visibility into your Vulnerability Management Program One of the most challenging aspects of managing your vulnerability management program is understanding where to focus your time and effort. It can be strenuous to balance resources and provide consistent progress, while providing updates to your stakeholders and working with your IT teams to prioritize and remediate issues based on the most accurate data available at that time. Communication is critical, yet how do you know what to target and how do you share this information with your organization? Sequris Quantifiable Vulnerability Scanning and Reporting (Q VSR) service is based on Rapid7 Nexpose technology and is the perfect tool to help you achieve your security goals and communicate your status to your team. Our focused SEQ OPS TM team of experts have been working with Rapid7 to provide improved visibility and reporting based on your feedback. We are delighted to introduce three reports that will dramatically improve your visibility and effectiveness with these new reports, the risk scorecard, the trend report and the Top 10/25 remediation s report. The Risk Scorecard Report With this report you can see where you are doing well, what areas need work, and where to invest more time and resources. Based on the popular Site Report Card, the Risk Scorecard report includes all of your favorite features plus some awesome new ones and a slick interface that will enhance the visual communication of your data. The Risk Scorecard report provides grades for each of the sites. Additional reporting can be performed by Asset Tags, or Asset Groups based on how you want to organize your environment. The grading system works on the A through F range and is based on a curved scale system of your environment. The grade works by calculating the average risk of assets within the grouping type (Site, Asset Group, or Tag). This average becomes the curve that each unit is graded against. Reporting on a larger number of components is recommended so you see more variety and accuracy in your graded results. Page 1 of 5

The grading framework works by calculating the average risk of the assets within a group for each asset in scope. The average of this average sets the curve. From there, the curve is defined in the following way: A - a group's average risk per asset is more than 15% lower than the average B - a group s average risk per asset is between 5% and 5% lower than the average C - a group s average risk per asset is within 5% of the average D - a group s average risk per asset is between 5% and 15% higher than the average F - a group s average risk per asset is more than 15% higher than the average Because these grades are based on a curve, they are relative to your environment and will help you to determine what areas need the most attention based on the specific security needs of your environment. You can use this data to compare sites in ways that make the most sense for you based on how you group your assets. You can compare based on Sites, Asset Groups, or Tags within the scope of this report. For example, lets say you tag your assets based on office locations: Los Angeles, Miami, and New York. You can use the Risk Scorecard report to compare those three locations to each other. Los Angeles receives an A grade in the report, but Miami and New York both get Ds. The Risk Scorecard report provides you with breakdowns of information such as asset counts, vulnerabilities by severity, and available exploits so you can do a quick, side- by- side comparison to see what is making the security of one office more successful than the others. As a result, this report helps you to have the conversations you need to have with your IT teams and use this report as your points of comparison. It enables you to share with them how they are performing and how to improve your overall risk posture. The Trend Report Have you ever wondered how to track the security posture of your organization and the success of your remediation efforts over time? Have you ever asked questions like: Are the number of vulnerabilities increasing or decreasing over time? Are the number of assets increasing or decreasing over time? Is my remediation process effective? How are critical, severe, or moderate vulnerabilities changing? Is the average age of vulnerabilities going up or down? Page 2 of 5

This report shows key vulnerability trends so that you can easily track your security posture and the success of your remediation efforts for the past three to twelve months. Trends include assets scanned, vulnerabilities discovered, vulnerability age, severity levels, and exploit and malware kit exposures. Similar to any other report provided with your Q VSR Subscription, you can restrict the data in the report to specific sites, asset groups, or vulnerability categories based on your specific needs. The report can also be generated based on 3, 6 or 12 months of trending. For example, if you have a dynamic asset group that is configured to only include Windows Assets, you can create a trend report that displays trend charts for the Windows assets in your environment. The vulnerability trend report contains several trending graphs, as show below in detail. The Assets Scanned and Vulnerabilities Discovered chart shown on the left, explains how the number of vulnerabilities and assets are changing over time: The Vulnerabilities with Malware and Exploit Over Time chart shown on left, explains how your exposure to exploits and malware kits are changing over time: The Severity Levels chart shown on the right, explains how critical, severe, and moderate vulnerabilities are changing over time: Page 3 of 5

The Vulnerability Age chart shown on the left informs us whether or not your remediation efforts are effective at fixing older vulnerabilities. m The Top Remediation s Report The Top Remediation s by Risk report orders the remediations according to their effect on your organization, rolling up solutions across assets and allowing you to take the most impactful steps available. What does this mean for you? Well instead of asking, what is wrong you can now ask what should I do. Similar to other reports in Q VSR you can restrict and filter the data in the report to specific sites, asset groups or vulnerability categories for further configuration, granularity and visibility. For example, if you have a Dynamic Asset Group that is configured to include only Windows Assets, you can create a remediation report that only prioritizes remediation efforts for the windows assets in your environment. This allows you to tailor actionable reports to different IT groups within your organization. Making patch management and remediation more effective and improving efficiencies for your IT Team. Summary Page 4 of 5

Each of the reports presented above are just one aspect of the value Sequris Group and our expert team of security advisors and analysts have to offer. If you are not taking full advantage of your vulnerability management program contact a Sequris Account Team member today. By visiting our website at www.sequrisgroup.com or calling 248-837- 1400. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information