Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version...
Transcript of Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version...
![Page 1: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/1.jpg)
Continuous vulnerability assessment and remediation
Andrii Solomko senior pre-sale engineer
![Page 2: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/2.jpg)
Tenable Solution Components
INTEGRATEDPLATFORM
SCCV HOSTDATA
PASSIVELISTENING
INTELLIGENT CONNECTORS
AGENT SCANNING
ACTIVESCANNING
Cloud DevicesUsersEndpointNetworksWeb VirtualMobile
![Page 3: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/3.jpg)
Security Center Continuous View
Nessus Network Monitor™
former PVS
PASSIVE VULNERABILITY
SCANNER
LCE™
LOG CORRELATION ENGINEEVENT
EVENT
EVENT
NESSUS®
AGENT
SECURITYCENTER™
CONTINUOUS VIEW
NESSUS®
SCANNER
TENABLE.IO®
CLOUD
![Page 4: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/4.jpg)
INTERNET
DMZ
Branch Office
SOC
Corporate HQVMware ESXi
VM VM VM
VMware ESXi
VM VM VM
VMware ESXi
VM VM VM
Scan
Collect
Sense
SC
Scan
Collect
ScanNA
NA
SenseLCLC
NCcloudservices
![Page 5: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/5.jpg)
NESSUS®
VULNERABILITY SCANNER
Nessus Network Scan
Opened Network Port (TCP / UDP)
Vulnerabilities
Default Password
Network Based Scanning
![Page 6: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/6.jpg)
![Page 7: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/7.jpg)
NESSUS®
VULNERABILITY SCANNER
Nessus Credential Scan
Details System Information
Programs and DLLs version
OS Version
Vulnerabilities
Running Services
Unwanted Service
Established Connections
Compare Against Botnet
Database
Host connected with botnet
(Compromised)
Running Process
Known Malware (Compare with 29 AV Vendors)
Compromised Host
Known Good Software
Unknown Process
Compromised Host
System Configuration
Compare Against Security
Baseline
Out of Compliance
System
Files and Folders
Permission
Compare Against Security
Baseline
Out of Compliance
System
File Content Pattern Check
Find out file with Sensitive Pattern
System Configuration Verification
Credential Based Scanning
![Page 8: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/8.jpg)
![Page 9: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/9.jpg)
Active/Agent Scanning
Vulnerability assessment – Security devices – Network devices – ICS/SCADA systems – Storage – OSs – Hypervisors – Databases – Applications
![Page 10: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/10.jpg)
Active/Agent Scanning
Configuration auditing – Security devices – Network devices – ICS/SCADA systems – Storage – OSs – Hypervisors – Databases – Applications
![Page 11: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/11.jpg)
Active/Agent Scanning
Malware detection • Unique or unknown
• Executables • Processes • “Autoruns”
![Page 12: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/12.jpg)
Third-Party Data
• Mobile device management • Patch management • Network & security devices • Credential management • Cloud infrastructure • Threat intelligence
![Page 13: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/13.jpg)
Network Packets
Analysis by Plugins
OS Version
Vulnerabilities
Application Running
Unwanted Application, e.g. Bitcoin Mining
Malware Behavior
New / Established Connections
Compare Against Botnet Database
Host connected with botnet
(Compromised)
New Hosts / MAC / Network
Services
Hosts Monitoring, Rouge Host Detection
Connections Type Breakdown
Assist to Identify Suspicious Behavior
Web / DNS Queries
Compare Against Botnet Database
Host connected with botnet
(Compromised)
Failed QueriesMisconfigured / Compromised
Host
Service Usage Summary
NESSUS NETWORK MONITOR™
(formerly PASSIVE VULNERABILITY SCANNER)
Passive Scanning
![Page 14: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/14.jpg)
![Page 15: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/15.jpg)
Passive Listening
Network mapping • General network information • Details by host • Internal host connectivity • Continuous vulnerability
assessment
![Page 16: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/16.jpg)
Passive Listening
● Malware and backdoor ● Botnet ● Data leakage ● Porn ● Gaming ● Peer-to-peer ● Tunneling
Network Traffic● VPN ● Policy concerns ● CGI ● Internet services ● Internet messaging ● Non-standard traffic
![Page 17: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/17.jpg)
Log Correlation Engine (LCE)
![Page 18: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/18.jpg)
Host Data
● Suspicious events; e.g. ○ Login failures ○ Error spikes ○ DNS query failures
● New software ● Never-before-seen ● Anomalous behavior
![Page 19: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/19.jpg)
![Page 20: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/20.jpg)
![Page 21: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/21.jpg)
![Page 22: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/22.jpg)
![Page 23: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/23.jpg)
How Tenable Can Help with GDPR?
![Page 24: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/24.jpg)
Security FrameworksAutomate assessment and conformance
VISIBILITYContinuous
Critical
Decisive
CONTEXT
ACTION
Tenable automates the assessment of most technical controls
Centralized data store for controls so you can extract precise data for audits/reports
Assurance Report Cards (ARCs) communicate status and areas needing improvement
![Page 25: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/25.jpg)
Security FrameworksDashboards & Assurance Report Cards (ARCs)
![Page 26: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/26.jpg)
CIS Critical Security Controls
![Page 27: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/27.jpg)
What are the CIS Critical Security Controls?
Technical measures to detect, prevent, respond, and mitigate damage from the most common to the most advanced attacks.
Five Critical Tenets • Offense Informs Defense • Prioritization • Metrics • Continuous Monitoring • Automation
![Page 28: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/28.jpg)
![Page 29: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/29.jpg)
Foundational Cyber Hygiene Controls
Highest payback. Foundation for subsequent controls.
• CSC 1: Inventory of Authorized and Unauthorized Devices
• CSC 2: Inventory of Authorized and Unauthorized Software
• CSC 3: Secure Configurations for Hardware and Software…
• CSC 4: Continuous Vulnerability Assessment and Remediation
• CSC 5: Controlled Use of Administrative Privileges
![Page 30: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/30.jpg)
![Page 31: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/31.jpg)
![Page 32: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/32.jpg)
![Page 33: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/33.jpg)
ISO:IEC 27001/27002 Details
![Page 34: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/34.jpg)
What is ISO/IEC 27001/27002?
ISO 27001: Information Security Management Systems – Requirements
ISO 27002: Code of Practice for Information Security Controls
Benefits ✓ Improved Information
Security ✓ Business Alignment ✓ Compliance Foundation ✓ Internationally Recognized ✓ Available Certification
![Page 35: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/35.jpg)
ISO 27002: Administrative and Technical Controls
Administrative (~75%); e.g. ● Policies ● Processes and Procedures ● Roles and Responsibilities
Technical (~25%); e.g. ● Controls Against Malware ● Event Logging ● Vulnerability Management
Tenable Automates Mst ISO 27002 Technical Controls
![Page 36: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/36.jpg)
CSC ARCs and Dashboards
![Page 37: Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware](https://reader035.fdocuments.in/reader035/viewer/2022081222/5f7880a43f93b22ab9481af9/html5/thumbnails/37.jpg)
▪ Automation▪ Communication▪ Consolidation
SecurityCenter CV Benefits