SlideShare uma empresa Scribd logo

Threat Intelligence: The Key To A Complete Vulnerability Management Strategy

Transferir como PPTX, PDF
AlienVault
AlienVault

While vulnerability assessments are essential, considering vulnerability data in a vacuum greatly limits your ability to prioritize your action plan in an effective way. Without the context of which vulnerabilities are the most severe, which are actively being targeted, which are on critical assets, etc, you may waste time checking things off the list without actually improving security. Join AlienVault for this session to learn: - Strategies for addressing common vulnerability management challenges - The pros and cons of different vulnerability scanning techniques - How to integrate threat intelligence into your vulnerability management strategy

Tecnologia
1 de 26
THREAT INTELLIGENCE: THE KEY TO A COMPLETE VULNERABILITY MANAGEMENT STRATEGY Sandy Hawke VP, Product Marketing @sandybeachSF
KEY DISCUSSION POINTS Rethinking Vulnerability Management Overcoming challenges Overview of vulnerability scanning techniques Benefits of shared threat intelligence Customer feedback Key takeaways Q&A 2
WHY DO WE DO VULNERABILITY MANAGEMENT?
WHY DO WE DO VULNERABILITY MANAGEMENT? BECAUSE THAT’S WHAT ATTACKERS EXPLOIT.
SO WHY ISN’T VULNERABILITY MANAGEMENT DONE IN THE CONTEXT OF ACTUAL THREATS?    Historical: limitations of initial products to market Became part of a “silo’ed” process Many have taken the “checklist” mindset in approaching this problem.
OVERCOMING OPERATIONAL CHALLENGES
COMMON CHALLENGES With vulnerability management programs Prioritizing remediation tasks • • Which vulnerability matters most? What’s the larger risk context? Active threats? Removing false positives • What can I do to reduce this “noise”? Optimizing workflows • • How do I minimize disruption but maximize accuracy? How do I go from a static report to active remediation? (e.g. who owns this vulnerable asset anyway?)
IS THIS WHAT YOUR VULNERABILITY REPORT LOOKS LIKE? What are you supposed to do with this?
PRIORITIZING VULNERABILITIES Avoiding the “vulnerability visibility vacuum” • • View vulnerabilities inside the context of actual threats – both global and local At a glance, be able to understand: • What other software is installed on these systems? • What type of traffic do these vulnerable hosts generate? • Who owns these systems? • Have these systems been targeted by known attackers? • Are there recent alarms in my SIEM that have been triggered involving vulnerable systems?
VIEWING VULNERABILITIES IN THE CONTEXT OF THREATS Step 3: Follow step-by-step guidance in responding to the threat. Step 1: Immediately identify known malicious IPs targeting these vulns. Step 2: Review vulnerabilities on assets that are being targeted in active threats.
REMOVING FALSE POSITIVES Leverage a variety of scanning techniques   Continuous Vulnerability Monitoring correlate data from asset discovery & inventory scans with the latest known vulnerabilities  Benefits: avoids network “noise”; minimizes system impact; requires minimal resources Active Network Scanning actively scan to identify vulnerable services and software.  Authenticated – more accurate, but potentially more impactful  Unauthenticated – less accurate, but less impactful
OPTIMIZING WORKFLOWS Breaking down silos    Streamline this process:  Run the scan, vet the data, prioritize remediation* based on global and local threat intelligence, then re-run a validation scan. Document the process:  Integrated ticketing system makes this much easier. Secret to success?  Having all of the essential functionality in one place. *sometimes this is a patch, and sometimes it’s a workaround.
USING A UNIFIED, THREATBASED APPROACH FOR VULNERABILITY MANAGEMENT
Piece it all together Look for strange activity which could indicate a threat Start looking for threats What functionality do I need? Figure out what is valuable Identify ways the target could be compromised 14
Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Identify ways the target could be compromised 15 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory
Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Vulnerability Assessment 16 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing
Piece it all together Look for strange activity which could indicate a threat Threat Detection Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Vulnerability Assessment 17 Network IDS Host IDS Wireless IDS File Integrity Monitoring
Piece it all together Behavioral Monitoring Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment 18 • • • Log Collection Netflow Analysis Service Availability Monitoring
Security Intelligence Behavioral Monitoring What functionality do I need? Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 19 SIEM Event Correlation Incident Response
Security Intelligence Behavioral Monitoring Unified Security Management Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 20 SIEM Event Correlation Incident Response
WHY ALIENVAULT USM?    All-in-one functionality  Vulnerability assessment within a broader context  Targeted remediation, easier to manage Flexible reporting, multiple modules, formats & queries… as detailed as you want it. Threat intelligence from AlienVault Labs  Know WHO is targeting vulnerabilities, HOW they’re doing it and WHAT to do about it 21
ALIENVAULT LABS THREAT INTELLIGENCE: SECURITY FOR YOU, POWERED BY ALL 22
ALIENVAULT LABS THREAT INTELLIGENCE: COMPLETE COVERAGE TO STAY AHEAD OF THE THREAT        Network and host-based IDS signatures – detects the latest threats in your environment Asset discovery signatures – identifies the latest OS’es, applications, and device types Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems Correlation rules – translates raw events into actionable remediation tasks Reporting modules – provides new ways of viewing data about your environment Dynamic incident response templates – delivers customized guidance on how to respond to each alert Newly supported data source plug-ins – expands your monitoring footprint 23
CUSTOMER SUCCESS
ACHIEVING COMPLETE VULNERABILITY MANAGEMENT  Unify your security monitoring controls for better visibility into vulnerabilities  Use emerging threat intelligence to prioritize remediation  Evolve from checklist reporting to true risk reduction
NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join us for a LIVE Demo! http://www.alienvault.com/marketing/alienvaul t-usm-live-demo Questions? hello@alienvault.com

Recomendados

TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 

Recomendados

TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Mais conteúdo relacionado

Mais de AlienVault

Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 

Mais de AlienVault (20)

Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Threat Intelligence: The Key To A Complete Vulnerability Management Strategy

  • 1. THREAT INTELLIGENCE: THE KEY TO A COMPLETE VULNERABILITY MANAGEMENT STRATEGY Sandy Hawke VP, Product Marketing @sandybeachSF
  • 2. KEY DISCUSSION POINTS Rethinking Vulnerability Management Overcoming challenges Overview of vulnerability scanning techniques Benefits of shared threat intelligence Customer feedback Key takeaways Q&A 2
  • 3. WHY DO WE DO VULNERABILITY MANAGEMENT?
  • 4. WHY DO WE DO VULNERABILITY MANAGEMENT? BECAUSE THAT’S WHAT ATTACKERS EXPLOIT.
  • 5. SO WHY ISN’T VULNERABILITY MANAGEMENT DONE IN THE CONTEXT OF ACTUAL THREATS?    Historical: limitations of initial products to market Became part of a “silo’ed” process Many have taken the “checklist” mindset in approaching this problem.
  • 7. COMMON CHALLENGES With vulnerability management programs Prioritizing remediation tasks • • Which vulnerability matters most? What’s the larger risk context? Active threats? Removing false positives • What can I do to reduce this “noise”? Optimizing workflows • • How do I minimize disruption but maximize accuracy? How do I go from a static report to active remediation? (e.g. who owns this vulnerable asset anyway?)
  • 8. IS THIS WHAT YOUR VULNERABILITY REPORT LOOKS LIKE? What are you supposed to do with this?
  • 9. PRIORITIZING VULNERABILITIES Avoiding the “vulnerability visibility vacuum” • • View vulnerabilities inside the context of actual threats – both global and local At a glance, be able to understand: • What other software is installed on these systems? • What type of traffic do these vulnerable hosts generate? • Who owns these systems? • Have these systems been targeted by known attackers? • Are there recent alarms in my SIEM that have been triggered involving vulnerable systems?
  • 10. VIEWING VULNERABILITIES IN THE CONTEXT OF THREATS Step 3: Follow step-by-step guidance in responding to the threat. Step 1: Immediately identify known malicious IPs targeting these vulns. Step 2: Review vulnerabilities on assets that are being targeted in active threats.
  • 11. REMOVING FALSE POSITIVES Leverage a variety of scanning techniques   Continuous Vulnerability Monitoring correlate data from asset discovery & inventory scans with the latest known vulnerabilities  Benefits: avoids network “noise”; minimizes system impact; requires minimal resources Active Network Scanning actively scan to identify vulnerable services and software.  Authenticated – more accurate, but potentially more impactful  Unauthenticated – less accurate, but less impactful
  • 12. OPTIMIZING WORKFLOWS Breaking down silos    Streamline this process:  Run the scan, vet the data, prioritize remediation* based on global and local threat intelligence, then re-run a validation scan. Document the process:  Integrated ticketing system makes this much easier. Secret to success?  Having all of the essential functionality in one place. *sometimes this is a patch, and sometimes it’s a workaround.
  • 13. USING A UNIFIED, THREATBASED APPROACH FOR VULNERABILITY MANAGEMENT
  • 14. Piece it all together Look for strange activity which could indicate a threat Start looking for threats What functionality do I need? Figure out what is valuable Identify ways the target could be compromised 14
  • 15. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Identify ways the target could be compromised 15 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory
  • 16. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Asset Discovery • • • • What functionality do I need? Asset Discovery Vulnerability Assessment 16 Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing
  • 17. Piece it all together Look for strange activity which could indicate a threat Threat Detection Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Vulnerability Assessment 17 Network IDS Host IDS Wireless IDS File Integrity Monitoring
  • 18. Piece it all together Behavioral Monitoring Asset Discovery • • • • What functionality do I need? Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment 18 • • • Log Collection Netflow Analysis Service Availability Monitoring
  • 19. Security Intelligence Behavioral Monitoring What functionality do I need? Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 19 SIEM Event Correlation Incident Response
  • 20. Security Intelligence Behavioral Monitoring Unified Security Management Asset Discovery • • • • Asset Discovery Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Detection Vulnerability Assessment • • • Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence • • 20 SIEM Event Correlation Incident Response
  • 21. WHY ALIENVAULT USM?    All-in-one functionality  Vulnerability assessment within a broader context  Targeted remediation, easier to manage Flexible reporting, multiple modules, formats & queries… as detailed as you want it. Threat intelligence from AlienVault Labs  Know WHO is targeting vulnerabilities, HOW they’re doing it and WHAT to do about it 21
  • 22. ALIENVAULT LABS THREAT INTELLIGENCE: SECURITY FOR YOU, POWERED BY ALL 22
  • 23. ALIENVAULT LABS THREAT INTELLIGENCE: COMPLETE COVERAGE TO STAY AHEAD OF THE THREAT        Network and host-based IDS signatures – detects the latest threats in your environment Asset discovery signatures – identifies the latest OS’es, applications, and device types Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems Correlation rules – translates raw events into actionable remediation tasks Reporting modules – provides new ways of viewing data about your environment Dynamic incident response templates – delivers customized guidance on how to respond to each alert Newly supported data source plug-ins – expands your monitoring footprint 23
  • 25. ACHIEVING COMPLETE VULNERABILITY MANAGEMENT  Unify your security monitoring controls for better visibility into vulnerabilities  Use emerging threat intelligence to prioritize remediation  Evolve from checklist reporting to true risk reduction
  • 26. NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join us for a LIVE Demo! http://www.alienvault.com/marketing/alienvaul t-usm-live-demo Questions? hello@alienvault.com

Notas do Editor

  1. Transform flat reporting into rich contextual data
  2. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  3. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  4. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  5. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  6. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  7. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  8. http://www.techvalidate.com/product-research/alienvault-unified-security-management-platform/charts