Vulnerability Management Attacks with Risk-Based Defending ...
Transcript of Vulnerability Management Attacks with Risk-Based Defending ...
![Page 1: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/1.jpg)
Defending against Ransomware Attacks with Risk-Based Vulnerability Management
Chris Jensen
Public Sector Business Development
![Page 2: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/2.jpg)
![Page 3: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/3.jpg)
• Complete ransomware protection is multi-phased:
•Preventing attacks
•Backing up data to minimize damage from an attack
•Building in resiliency to recover quickly from an attack
• This briefing focuses on prevention
PREVENTION VS. CURE
![Page 4: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/4.jpg)
• Hackers are not specifically targeting you; they are looking for easy
targets
• Local governments are appealing targets in general – lots of valuable PII, but limited budgets and resources
•It’s a big neighborhood (over 75,000 local government entities in the US)
•Be the hard target; send hackers to a softer target down the street
DEFENDING YOUR NETWORK “HOME”
![Page 5: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/5.jpg)
Ransomware Infection Techniques
![Page 6: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/6.jpg)
Malicious Emails – Opening the Door
![Page 7: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/7.jpg)
Bruteforce – Exploiting weak locks
![Page 8: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/8.jpg)
Software Vulnerabilities – Breaking In
![Page 9: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/9.jpg)
Ransomware Hits Multiple, Older Vulnerabilities
Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.
Ransomware attacks are taking advantage of vulnerabilities that might have gone unnoticed by security teams, with more than half of exploited vulnerabilities having a CVSS v2 score less than 8.
This 2019 report found that 35% of the vulnerabilities exploited in ransomware attacks were more than 3 years old.
Source: https://www.darkreading.com/vulnerabilities---threats/ransomware-hits-multiple-older-vulnerabilities-/d/d-id/1335930
9
Dark
9/26/19
![Page 10: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/10.jpg)
10
Yesterday’s vulnerability management isn’t good enough
Limited Visibility Vulnerability Overload Poor Communication of Risk
![Page 11: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/11.jpg)
Upgrade toRisk-basedVulnerabilityManagement
• See the full attack service• Eliminate vulnerability overload• Measure risk, not vulnerabilities
![Page 12: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/12.jpg)
12
Risk-Based Vulnerability Management
Risk-Based Vulnerability Management (RBVM) is a process that
uses machine learning analytics to correlate vulnerability severity,
threat actor activity and asset criticality to identify and manage
issues posing the greatest risk.
![Page 13: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/13.jpg)
13
![Page 14: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/14.jpg)
14
COMPARING LEGACY VM TO RBVM
VM RBVM
Vuln Data Correlated w/ Threat Intelligence & Asset Criticality
Proactive
Prioritization & Strategic Decision Support
Dynamic, Continuous Visibility
Expansion to Apps & Modern Assets
Risk Driven
Vulnerability Data Only
Reactive
Policies & Audit Support
Static, Point in Time Visibility
Infrastructure/IT Focus
Compliance Driven
![Page 15: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/15.jpg)
15
![Page 16: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/16.jpg)
Prioritize Vulnerabilities
and Assets
![Page 17: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/17.jpg)
16500+VULNERABILITIES DISCLOSED IN 2018
59%Of vulnerabilities disclosed in 2018
were rated critical or high.
Over 9,500+ Vulnerabilities
15%Of vulnerabilities disclosed in 2018 were CVSS 9+
2,500 Vulnerabilities
7%Of vulnerabilities disclosed had
publicly available exploits
Over 1,100 Vulnerabilities
![Page 18: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/18.jpg)
VPRLeverages supervised machine learning algorithms to calculate the
priority of a vulnerability based on the real threat posed.Key Drivers include
ExploitabilityThreat IntensityThreat Recency Vulnerability Age Threat Sources
VULNERABILITY PRIORITY RATING
![Page 19: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/19.jpg)
Elevation of privilege vulnerability in WindowsUsed in Texas (+ other) 2019 ransomware attacks
![Page 20: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/20.jpg)
ASSET CRITICALITY RATINGACR
Leverages algorithms to calculate the criticality of an asset to focus prioritization efforts.
Key drivers include
ConnectivityDevice TypeBusiness Purpose Capabilities Location 3rd Party Data
![Page 21: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/21.jpg)
Prioritize assets based on the indicators of
business value and impact
ASSET CRITICALITY RATING
ACRObjectively measure the Cyber Risk of an asset, business unit or whole
organization
CYBER EXPOSURE SCORE
CESVULNERABILITY PRIORITY RATING
Leverage machine learning and threat
intelligence to prioritize vulnerabilities based on
likelihood of exploitation
VPR+ =
FOCUS FIRST ON WHAT MATTERS MOST
![Page 22: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/22.jpg)
22
“Tenable executes on its vision to build the single-source-of-truth platform for VRM. Part of Tenable’s strong strategy relies on translating data to provide business insight to provide prioritization.”
![Page 23: Vulnerability Management Attacks with Risk-Based Defending ...](https://reader030.fdocuments.in/reader030/viewer/2022012801/61bd0b0d61276e740b0ec5a9/html5/thumbnails/23.jpg)
23
Thank you