Revelations about recent breaches have certainly put the question to security professionals across the world, “What can I do to prevent an attack from happening?” Current threats are complicated and driven by highly motivated adversaries.
You can’t defend what you don’t know. This can be a big challenge when it comes to network visibility. Many organizations don’t have a true sense of all that is on their network. Network situational awareness represents the foundation of comprehensive vulnerability management.
In this informative webcast, Tripwire and Lumeta provide insight on how to:
-Identify and fingerprint more assets in your environment
-Ensure greater coverage for scanning devices on your network, including BYOD
-Compile a proper and complete inventory of assets, even those that are unused
-Intelligently prioritize vulnerabilities
-Effectively reduce risk on critical systems
4. 20% Gap in Network Visibility
“You can’t defend what you don’t know.”
Mark Orndorff, Director of Mission Assurance and Network Operations
Defense Information Systems Agency
5. Network Element Government Manufacturing Financial Technology
Assumed Device Count ~150,000 ~60,000 ~800,000 ~100,000
Discovered Devices ~170,000 89,860 842,400 ~114,000
Visibility Gap ~12% ~33% ~5% ~12%
Unknown Networks 3,278 24 771 433
Unauthorized Devices 520 n/a n/a 2,026
Non-Responding Networks 33,256 4 16,828 45
Established VM Program Yes Yes Yes Yes
6. Network change and complexity outpacing policy and procedures
Organizations can only manage and secure what they know
How much risk does this gap introduce?
An effective Vulnerability Management strategy must incorporate
comprehensive Network Situational Awareness, in order to
actively reduce overall risk
8. Step Goal
“Organizations that operationally implement applicable IT controls
through a vulnerability management program will achieve the
strongest security posture.”
1 Validate Network
Address Space
Discover entire scope of IP address space in use with the environment
2 Determine Network
Edge
Understand the boundary of the network under management
3 Discover & Profile
Endpoints
Understand the presence of all devices on the network
4 Identify
Vulnerabilities
Evaluate and comprehend network vulnerabilities for remediation
5 Mitigate
Risk
Remediate risks in priority order with patches/changes or accept lesser risks.
9.
10.
11.
12.
13. •
Inventory of Authorized and Unauthorized
Hardware and Software
•
•
•
•
14. HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
INFO
INFO
LOW
LOW
LOW
MEDIUM
MEDIUM
MEDIUM
18. • Dollars & resources are being spent on things that don’t increase security
• Outdated (10 yrs old) security regulations require manual testing every three years on systems
• Diverse tool sets implemented across the civil landscape
What is the
challenge?
• Refocus dollars and resources on what increases security
• CDM stops 85% of cyber attacks by: Searching for, finding, fixing, and reporting the worst
cyber problems first in near-real time
• Understand networks, devices, software and people’s interaction with the network in real time
What can be
done?
• In 2010, OMB assigns Cybersecurity responsibility to DHS
• In FY 2013, DHS proposes to deploy proven continuous monitoring technology across the .gov
network
Who is
responsible?
21. • Control of HW assets through visibility
• Unauthorized/unmanaged HW discovery
• ID, block, or manage vulnerable assets
• Group assets based on risk profiles
Hardware Asset
Management (HWAM)
• Unauthorized/unmanaged SWCI discovery
• Remove and/or block vulnerable SWCI
• Dynamic, complete, and accurate inventory
• Timely response to malware vulnerabilities
Software Asset
Management (SWAM)
• Increased control through visibility
• Establishment of trusted “Gold Builds”
• Reduce and avoid misconfigurations
• Improved security patch asset maintenance
Configuration
Management
(CM)
• Perform threat and vulnerability analysis
• Discover vulnerabilities
• Support remediation
• Automate response to known threats
Vulnerability
Management
(VUL)
Continuous Monitoring
•Maps to risk tolerance
•Adapts to ongoing needs
•Actively involves
management
Dynamic 360 degree CDM and CMaaS capability defending against asymmetric cyber threats
22. • DHS DAA ATO
• Agency DAA updates ATO for CDM sensors
• DHS DAA establishes ESSA/EISA
Innovation Targets: Enhanced
Analytics, DAD, Global Threat
Intelligence and Process Optimization
State 2-Select
CMaaS
System
6-Monitor
Security
Security
Controls
3-Implement
Security
Controls
5-Authorize
Information
System
Continuous Asset Evaluation, Situational Awareness, Risk Scoring
• Operate CDM tools internally
to ID malware and prevent propagation
• Share CDM outputs to support ongoing A&A for CMaaS,
ESSA/ISA and agency systems containing CDM sensors,
agency dashboards
• Support SP 800-137 D/A ISCM strategy development and
maintenance, including CyberScope alignment
• Match outputs to governance training, mentoring, and
change management
• Support DHS critical control review
• Conduct site security assessment to identify differences impacting
A&A baseline
• Provide outputs to DHS and Agency DAAs to Develop POA&Ms
• Apply NIST SP 800-53 High and SSH
4300 Baseline for TS Systems
• Develop Pre-Populated Templates and
Artifacts for SO Agencies
4-Assess
Security
Controls
• Apply Type Accreditation Strategy.
o Unclass CMaaS System High
Categorization and Tools Selection
Promotes Maximum Scalability and
Tools Inheritance.
• Classified CMaaS System is classified at
Top Secret.
1-Categorize
Information
System
Zero day exploits
Targeted attacks and advanced malware
Spear phishing attacks
Data exfiltration
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.
Lumeta IPsonar discovers all of an organization’s network space, resulting in a clear definition of your network connections and assets.
Tripwire IP360 uses that foundational intelligence as the most complete starting point for deeper profiling of the devices and applications on your network, to deliver the most complete vulnerability detection available.
With the addition of discovery data from Lumeta IPsonar, Tripwire IP360’s reach can be extended to cover the complete enterprise, eliminating gaps in coverage that may leave an organization exposed.