SlideShare a Scribd company logo

2012-12-12 Seminar McAfee Risk Management

Pinewood
Pinewood

In de praktijk blijkt het vaak lastig te bepalen welke risico’s een organisatie loopt en wat daarvoor een passend beveiligingsniveau is. Deze kennis is echter wel noodzakelijk om de juiste maatregelen te nemen en effectief in informatiebeveiliging te investeren. Pinewood organiseerde op 12 december 2012 in samenwerking met McAfee een seminar die hierop inspeelde. Handige tools zoals Risk Management en McAfee Nitro (het SIEM product van McAfee) en de pragmatische aanpak van Pinewood bieden concrete handvatten en inzicht om tot een effectief informatiebeveiligingsbeleid te komen.

Related slideshows

Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Kaspersky
KasperskyKaspersky
Kaspersky
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
1 of 18
Download to read offline
Risk Management Fix what matters most….first Drs. René Pieëte, CISSP Senior SE Manager Northern Europe December 12th , 2012
Current Threat Landscape “TJ MAXX’s $1 billion data breach” Playstation breach called one TJ MAXX first large database Biggest breach so far, over Security leak in MySQL easy of the largest ever; Sony breach. 45 mln. credit card 150 mln. credit card records to use. Huge amount of should have alerted customers records stolen. stolen. exploits expected by security sooner, some say experts. (CVE-2012-2122) 50% of EMEA healthcare Mcdonald's and Walgreens: Lockheed strengthens network Hackers get Symantec anti- organizations unaware of email addresses, birth dates security after hacker attack virus source code security threats stolen by hackers
The Need Companies struggle to determine where to focus security efforts Threats increasing at an alarming rate 97% of organizations lack visibility into risk posture
CURRENT APPROACH to dealing with threats LOG FILES CONSOLES PHONE CALLS/EMAILS SPREADSHEETS MINUTES HOURS DAYS WEEKS
RISK AND COMPLIANCE Holistic Approach DIAGNOSE PROTECT MANAGE HR BPM 61 64 60 62 63
Risk & Compliance: Diagnose DISCOVER ASSESS QUANTIFY RISK Automatic asset discovery Uncover vulnerabilities Real-time risk profile Comprehensive and Audit configurations and Address highest risks to customized views policies optimize protection and minimize cost Eliminate disruption to critical business apps
McAfee Vulnerability Manager DIAGNOSE MANAGE PROTECT • Agentless Vulnerability Scanner with the broadest checks of any in the market (>40,000 and growing) Policy Auditor • Automatic asset discovery includes a dozen techniques to find everything • Scalable to millions of IP addresses MVM Database • Detects over 437 operating system types • False positives next to zero MVM Web • Credentialed, non-credentialed • Open database allows unparalleled access to vulnerability data MVM • Integration with McAfee products and your applications via an open API • Deployment options include appliance, software, virtual, and SaaS
MVM for Web Apps DIAGNOSE MANAGE PROTECT • Web Application Scanner fully integrated into MVM assets and workflow • Web app discovery/crawl and map; sitemap report Policy Auditor • Scanning covers OWASP, PCI, CWE • Capable of authenticating and scanning protected web applications MVM Database • Web scan configurations (entry URLs, exclude URLs, etc) and credential sets MVM Web • Meaningful reports: request made, injection point, response given • “Safe mode” scanning MVM
MVM for Databases DIAGNOSE MANAGE PROTECT • Over 4,300 vulnerability checks Patch levels, Weak passwords, Configuration baselining (CIS/STIG) Policy Auditor Backdoor detection, Sensitive data discovery (PII, SSN, etc) Vulnerable PL/SQL code, Unused features, Custom checks MVM Database • Reports in countless formats according to stakeholders: DBA, Developers, InfoSec, Audit • Fully Managed from ePO MVM Web MVM
McAfee Policy Auditor DIAGNOSE MANAGE PROTECT Policy Auditor Policy Auditor Patch Status Dashboard
McAfee Policy Auditor DIAGNOSE MANAGE PROTECT • Agent based audit automation against regulations, standards, and best practices Policy Auditor PCI, SOX, HIPAA, FISMA ISO, COBIT MVM Database CIS, DISA, FDCC, STIG • Broad Win/UNIX/Linux/Mac support MVM Web • Supports industry standard SCAP and supporting protocols (CVE, CPE, CCE, OVAL, XCCDF, CVSS) • Integration with MVM for agentless SCAP scanning MVM • PA Content Creater • Gold system baselining • ePO Integration
Risk & Compliance: Protect ENFORCE DENY ACCESS CONTROL Enforce policies Deny unauthorized access Increase control and visibility Real-time change Dynamic Application Whitelisting Improve system integrity, monitoring Zero-day protection availability and performance Prevent compliance drift by Protection for embedded Reduce operating expense enforcing policies and systems configurations
McAfee Application Control DIAGNOSE MANAGE PROTECT • Dynamic Whitelisting prevents unauthorized applications from running Database Activity Application attempts to launch Monitoring Could be an executable or OS component MAC verifies binary code from Whitelist Change Control If not in Whitelist, then program is not launched Attempt is logged for alerts and auditing • Memory Protection (three different types) protects against known Application and unknown buffer overflow attacks Control • Image deviation allows customers to compare their deployed images to a desired standard image with on-demand reporting.
McAfee Change Control DIAGNOSE MANAGE PROTECT • Integrity Monitoring alerts on critical and unauthorized changes Database Activity • File Integrity Monitoring provides real-time tracking across Monitoring Win/UNIX/Linux • Change Reconciliation tracks changes to their corresponding Change Requests within Remedy Change Control • Change Prevention selectively prevents out-of-policy changes and logs any attempted out-of-policy change Application Control
McAfee Database Activity Monitoring DIAGNOSE MANAGE PROTECT • “Inside Out” protection leveraging unique memory-based, read-only sensor in memory • Just another process at OS level Database Activity • No kernel changes or reboots Monitoring • No database packages or scripts • High performance, zero latency • Full segregation of duties and audit trails Change Control DBA, sysadmins, InfoSec • Optimized for Virtualization & Cloud Memory-based monitoring sees VM-to-VM traffic Application Agent-based model supports distributed /cloud environments • Virtual Patching (vPatch) protects against known and unknown attacks without downtime Control or code changes until you can patch
McAfee Risk Advisor DIAGNOSE MANAGE PROTECT • Correlates vulnerabilities, global threat data, and countermeasures • Improves security effectiveness using risk scores and ROI of deployed security products • Enables risk-based approach to critical patching decisions • Fully customizable IT Risk Dashboards • Rule driven alerts • “What If” Analysis for new countermeasures
COUNTERMEASURE AWARE Risk Management Stuxnet McAfee Risk Advisor Conficker 001 100 110 010011 100 1001 100110 11 1 110 10 010011 010011 100 1001 100110 11 100 1 110 10 010011 001 100 110 GTI 11 001 100 010011 100 10010001 100110 11 1 110 10 110 Threat feed Aurora AV LOW HIGH Vulnerabilities HIPS Configuration Countermeasures System State Patch level NSP Applications MAC Critical systems
2012-12-12 Seminar McAfee Risk Management

More Related Content

2012-12-12 Seminar McAfee Risk Management

  • 1. Risk Management Fix what matters most….first Drs. René Pieëte, CISSP Senior SE Manager Northern Europe December 12th , 2012
  • 2. Current Threat Landscape “TJ MAXX’s $1 billion data breach” Playstation breach called one TJ MAXX first large database Biggest breach so far, over Security leak in MySQL easy of the largest ever; Sony breach. 45 mln. credit card 150 mln. credit card records to use. Huge amount of should have alerted customers records stolen. stolen. exploits expected by security sooner, some say experts. (CVE-2012-2122) 50% of EMEA healthcare Mcdonald's and Walgreens: Lockheed strengthens network Hackers get Symantec anti- organizations unaware of email addresses, birth dates security after hacker attack virus source code security threats stolen by hackers
  • 3. The Need Companies struggle to determine where to focus security efforts Threats increasing at an alarming rate 97% of organizations lack visibility into risk posture
  • 4. CURRENT APPROACH to dealing with threats LOG FILES CONSOLES PHONE CALLS/EMAILS SPREADSHEETS MINUTES HOURS DAYS WEEKS
  • 5. RISK AND COMPLIANCE Holistic Approach DIAGNOSE PROTECT MANAGE HR BPM 61 64 60 62 63
  • 6. Risk & Compliance: Diagnose DISCOVER ASSESS QUANTIFY RISK Automatic asset discovery Uncover vulnerabilities Real-time risk profile Comprehensive and Audit configurations and Address highest risks to customized views policies optimize protection and minimize cost Eliminate disruption to critical business apps
  • 7. McAfee Vulnerability Manager DIAGNOSE MANAGE PROTECT • Agentless Vulnerability Scanner with the broadest checks of any in the market (>40,000 and growing) Policy Auditor • Automatic asset discovery includes a dozen techniques to find everything • Scalable to millions of IP addresses MVM Database • Detects over 437 operating system types • False positives next to zero MVM Web • Credentialed, non-credentialed • Open database allows unparalleled access to vulnerability data MVM • Integration with McAfee products and your applications via an open API • Deployment options include appliance, software, virtual, and SaaS
  • 8. MVM for Web Apps DIAGNOSE MANAGE PROTECT • Web Application Scanner fully integrated into MVM assets and workflow • Web app discovery/crawl and map; sitemap report Policy Auditor • Scanning covers OWASP, PCI, CWE • Capable of authenticating and scanning protected web applications MVM Database • Web scan configurations (entry URLs, exclude URLs, etc) and credential sets MVM Web • Meaningful reports: request made, injection point, response given • “Safe mode” scanning MVM
  • 9. MVM for Databases DIAGNOSE MANAGE PROTECT • Over 4,300 vulnerability checks Patch levels, Weak passwords, Configuration baselining (CIS/STIG) Policy Auditor Backdoor detection, Sensitive data discovery (PII, SSN, etc) Vulnerable PL/SQL code, Unused features, Custom checks MVM Database • Reports in countless formats according to stakeholders: DBA, Developers, InfoSec, Audit • Fully Managed from ePO MVM Web MVM
  • 10. McAfee Policy Auditor DIAGNOSE MANAGE PROTECT Policy Auditor Policy Auditor Patch Status Dashboard
  • 11. McAfee Policy Auditor DIAGNOSE MANAGE PROTECT • Agent based audit automation against regulations, standards, and best practices Policy Auditor PCI, SOX, HIPAA, FISMA ISO, COBIT MVM Database CIS, DISA, FDCC, STIG • Broad Win/UNIX/Linux/Mac support MVM Web • Supports industry standard SCAP and supporting protocols (CVE, CPE, CCE, OVAL, XCCDF, CVSS) • Integration with MVM for agentless SCAP scanning MVM • PA Content Creater • Gold system baselining • ePO Integration
  • 12. Risk & Compliance: Protect ENFORCE DENY ACCESS CONTROL Enforce policies Deny unauthorized access Increase control and visibility Real-time change Dynamic Application Whitelisting Improve system integrity, monitoring Zero-day protection availability and performance Prevent compliance drift by Protection for embedded Reduce operating expense enforcing policies and systems configurations
  • 13. McAfee Application Control DIAGNOSE MANAGE PROTECT • Dynamic Whitelisting prevents unauthorized applications from running Database Activity Application attempts to launch Monitoring Could be an executable or OS component MAC verifies binary code from Whitelist Change Control If not in Whitelist, then program is not launched Attempt is logged for alerts and auditing • Memory Protection (three different types) protects against known Application and unknown buffer overflow attacks Control • Image deviation allows customers to compare their deployed images to a desired standard image with on-demand reporting.
  • 14. McAfee Change Control DIAGNOSE MANAGE PROTECT • Integrity Monitoring alerts on critical and unauthorized changes Database Activity • File Integrity Monitoring provides real-time tracking across Monitoring Win/UNIX/Linux • Change Reconciliation tracks changes to their corresponding Change Requests within Remedy Change Control • Change Prevention selectively prevents out-of-policy changes and logs any attempted out-of-policy change Application Control
  • 15. McAfee Database Activity Monitoring DIAGNOSE MANAGE PROTECT • “Inside Out” protection leveraging unique memory-based, read-only sensor in memory • Just another process at OS level Database Activity • No kernel changes or reboots Monitoring • No database packages or scripts • High performance, zero latency • Full segregation of duties and audit trails Change Control DBA, sysadmins, InfoSec • Optimized for Virtualization & Cloud Memory-based monitoring sees VM-to-VM traffic Application Agent-based model supports distributed /cloud environments • Virtual Patching (vPatch) protects against known and unknown attacks without downtime Control or code changes until you can patch
  • 16. McAfee Risk Advisor DIAGNOSE MANAGE PROTECT • Correlates vulnerabilities, global threat data, and countermeasures • Improves security effectiveness using risk scores and ROI of deployed security products • Enables risk-based approach to critical patching decisions • Fully customizable IT Risk Dashboards • Rule driven alerts • “What If” Analysis for new countermeasures
  • 17. COUNTERMEASURE AWARE Risk Management Stuxnet McAfee Risk Advisor Conficker 001 100 110 010011 100 1001 100110 11 1 110 10 010011 010011 100 1001 100110 11 100 1 110 10 010011 001 100 110 GTI 11 001 100 010011 100 10010001 100110 11 1 110 10 110 Threat feed Aurora AV LOW HIGH Vulnerabilities HIPS Configuration Countermeasures System State Patch level NSP Applications MAC Critical systems