Minimizing Risk Through Vulnerability Management. Presentation for Rochester Security Summit 2015 Security Governance Track October 7, 2015

Similar documents
Best Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard

IT Security & Compliance. On Time. On Budget. On Demand.

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Best Practices for Vulnerability Management

How To Monitor Your Entire It Environment

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Vulnerability Management

Continuous Network Monitoring

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

The Value of Vulnerability Management*

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

IBM Security QRadar Vulnerability Manager

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

Extreme Networks Security Analytics G2 Vulnerability Manager

Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great)

A HELPING HAND TO PROTECT YOUR REPUTATION

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Next-Generation Vulnerability Management

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Dealing with Big Data in Cyber Intelligence

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

WHITE PAPER: THREAT INTELLIGENCE RANKING

Whitepaper. Advanced Threat Hunting with Carbon Black

Cybersecurity and internal audit. August 15, 2014

IBM Security IBM Corporation IBM Corporation

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

National Cybersecurity Assessment and Technical Services

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Analysis of the Global Vulnerability Management Market Platform Convergence Intensifies Competition but Creates Opportunity in Growth Technology

Network Security and Vulnerability Assessment Solutions

OCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: Last updated: September 6, 2011

CDM Vulnerability Management (VUL) Capability

Information Technology Security Review April 16, 2012

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Optimizing Network Vulnerability

SANS Top 20 Critical Controls for Effective Cyber Defense

Data Loss Prevention Program

Attack Intelligence: Why It Matters

FIVE PRACTICAL STEPS

Metrics that Matter Security Risk Analytics

Cyber Governance Preparing for the Inevitable Perimeter Breach

Vulnerability management lifecycle: defining vulnerability management

Information Security Office

Obtaining Enterprise Cybersituational

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Developing National Frameworks & Engaging the Private Sector

White Paper The Dynamic Nature of Virtualization Security

Achieving Cyber Resilience. By Garin Pace, Anthony Shapella and Greg Vernaci

Proactive Vulnerability Management Using Rapid7 NeXpose

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Cisco Security Optimization Service

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

How To Manage A Network Security Risk

STATE OF NEW JERSEY IT CIRCULAR

An Information Security and Privacy Perspective for Procurement Services Projects

Qualys Scanning for PCI Devices University of Minnesota

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

BIG SHIFT TO CLOUD-BASED SECURITY

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

FREQUENTLY ASKED QUESTIONS

Application Security in the Software Development Lifecycle

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Big Data and Security: At the Edge of Prediction

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Strengthen security with intelligent identity and access management

The Four-Step Guide to Understanding Cyber Risk

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

The Value of Automated Penetration Testing White Paper

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Preemptive security solutions for healthcare

Transcription:

Minimizing Risk Through Vulnerability Management Presentation for Rochester Security Summit 2015 Security Governance Track October 7, 2015

Speaker Bio Partnering with clients to drive effective cyber risk reduction strategies Director of CyberSecurity Sales at ÜberGuard, a division of Infinite Group, Inc. Over ten years of applied experience in the software technology industry with a focus on cybersecurity Passionate about partnering with clients to address cyber risks and continuously improve cyber security Entrepreneur with experience working with all levels of an organization 2

ÜberGuard/IGI Overview Leader in proactive security risk management Proactive management of cyber risks Complete visibility of network risks and threat exposures Driving continuous vulnerability management and risk reduction Powerful vulnerability scanning and proprietary reporting technology Vulnerability assessment platform vulnerability identification & reporting Complete visibility of network and application risks Streamlined reporting drives effective remediation A report on SQL vulnerabilities, for SQL SME 3

Fact: We all have (lots of) Vulnerabilities Exponential Growth in Vulnerabilities in National VD & Open Source VD The OSVDB is currently tracking 120,980 Vulnerabilities 72,692 CVE vulnerabilities in national vulnerability database Staggering increases in number of Zero Day Threats discovered YOY Number of Zero-Day vulnerabilities discovered per year increasing exponentially 1.2 billion successful exploits witnessed in 2015 to date, compared to 220 million successful exploits witnessed in 2013 and 2014 combined an increase of 445 percent 4

Vulnerability Management Challenges Vulnerability Management Challenges Vulnerability data overload, unwieldy reporting Limited resources & bandwidth constraints Reactive whack-a-mole vulnerability management Weak, nonexistent VM Policy Finding vulnerabilities Need multiple scanners to cover bases Eliminate False + s & s 5

Challenges - Time and Money Cost to ignore vulnerability VS. cost to remediate Threat level increases due to lack of remediation Exposure Liability Cost to reputation Bottom line (revenue and earnings) Lack of comprehensive knowledge of issues Force tough decisions Can you afford a breach? 6

Risk Manager s Responsibilities More expansive domain to maintain Any IP address is a potential vulnerability Assess ALL points Not just internal ones What to do with the information Identification is only half the battle Constant attention and diligence is required The risk manager s world is expanding 7

Managing risk in today s environment Are you the Risk Manager? CIO Who is a Risk Manager? IT CTO Network security responsibility If something fails, who gets blamed? CISO What is the chain of command? 8

Assessment of Issues Now what? Remediation challenges Prioritization Time and sense of urgency Lack of centralization Who owns the problem and the fix Methods to determine if remediation was successful Are policy and procedures 9

Next Gen Vulnerability Management Proactive vulnerability identification and discovery Analysis, prioritization and reporting Remediation and threat mitigation Post-remediation validation and baseline Monitoring & active threat management 10

Will the Status Quo be enough? Standalone systems only provide spotty assessment Available tools not integrated to execute all safeguards Forces Risk Manager to be a fortune teller Disconnected view of network leaves room for error Essential to understand all aspects of network Reactive mode is not conducive to security Poor use of limited resources Bandages do not fix the problem 11

Options for Consideration A holistic approach can ensure increased security Streamline policy configuration management Implement workflow improvements Isolate problems and target for remediation New tools and policies can combat threat Vulnerability assessments offer active view of network Be proactive not reactive to threats Scan, Report, Manage 12

Implementing an Effective Strategy Scan Create policies to scan for vulnerabilities Execute scans Report Meaningful Relevant Actionable Manage Determine actions for moving forward Remediate Re-scan 13

So, are you a forward thinker? Comprehensive management program minimizes risk Holistic approach ensures broader security Focus on Vulnerability, Assets, Threats Streamline policies and configuration management Use all tools available Strategically manage vulnerabilities Scan, Report and Manage Consolidate tools for best impact Become Proactive not Reactive Stop by our booth 10/5/2015 IGI PowerPoint Template 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information