Cybersecurity Strategies for Effective Attack Surface Reduction
Download as PPTX, PDF0 likes505 views
The document discusses strategies for effective attack surface reduction in cybersecurity, emphasizing the importance of understanding and managing the entire IT attack surface due to its expansion over recent years. Key topics include common attack vectors, vulnerability management processes, challenges faced by organizations, and the need for continuous visibility and automation in assessing and mitigating security risks. SecPod's solutions and the Sanernow platform are introduced as tools to aid organizations in enhancing their cybersecurity posture.
Cybersecurity Strategies for Effective Attack Surface Reduction
- 1. Dave Gruber, Principal Industry Analyst Chandrashekhar, CEO, SecPod Cybersecurity Strategies for Effective Attack Surface Reduction
- 2. © 2022 TechTarget, Inc. All Rights Reserved. 2 Speaker Introductions Chandra SecPod Founder, CEO Dave Gruber ESG Principal Analyst
- 3. © 2022 TechTarget, Inc. All Rights Reserved. 3 Today’s Agenda • Understanding Your Attack Surface • Security Strategies for Attack Surface Reduction • Asset Visibility • The Role of Automation in Vulnerability Management • SecPod Solution Introduction • Q&A
- 4. © 2022 TechTarget, Inc. All Rights Reserved. 4 10 Common Attack Vectors
- 5. © 2022 TechTarget, Inc. All Rights Reserved. Understanding Your Attack Surface Your attack surface = the sum of all exposed IT assets across all attack vectors. oThe entire area of IT infrastructure that is susceptible or exposed to potential compromise. oProtecting an organization requires careful review of every attack vector, and a detailed understanding of all assets associate with every attack vector, and what vulnerabilities exist in them.
- 6. © 2022 TechTarget, Inc. All Rights Reserved. 6 Question text: In general, how would you characterize growth in your organization’s attack surface over the past two years? (Percent of respondents, N=398) Attack Surfaces are Growing! …especially among organizations with more IT assets 22% 45% 23% 5% 4% The attack surface at my organization has increased substantially over the past 2 years The attack surface at my organization has increased slightly over the past 2 years The attack surface is about the same size today as it was 2 years ago The attack surface at my organization has decreased slightly over the past 2 years The attack surface at my organization has decreased substantially over the past 2 years 12% 20% 26% The attack surface at my organization has increased substantially over the past 2 years 1,000 or fewer IT assets (N=43) 1,001 to 10,000 IT assets (N=142) More than 10,000 IT assets (N=210) 67% ESG Research: 2021 Security Hygiene and Posture Management
- 7. © 2022 TechTarget, Inc. All Rights Reserved. 7 Reasons Why the Attack Surface is Increasing Data reflects business and IT infrastructure changes Question text: You indicated that your organization’s attack surface has increased over the past two years. What are the primary reasons for this increase? (Percent of respondents, N=269, three responses accepted) © 2021 TechTarget, Inc. All Rights Reserved. 15% 17% 23% 25% 25% 26% 28% 30% 32% 32% 32% My organization has grown through… My organization has increased the… My organization has increased the… My organization has increased its… My organization has increased the… My organization made changes to its… My organization has increased its… My organization has increased its… My organization has increased its… My organization has increased user… My organization has increased its IT…
- 8. © 2022 TechTarget, Inc. All Rights Reserved. 8 Detection & Response Security Strategies: Changing the Shape of the Threat Funnel Attack Surface Reduction Active Security Controls Detection & Response IR Recovery Prevention
- 9. © 2022 TechTarget, Inc. All Rights Reserved. 9 Types of Vulnerabilities.. oHere are some common vulnerabilities found in IT infrastructure: Vuln software, vuln configs (includes open ports, etc.), assets void of required security monitoring and prevention software (includes rouge/unknown assets), misconfigured security software, unauthorized or unwanted software operating on an asset, Misconfigured network assets APIs that lack strict access controls Over-privileged accounts Application functions that provide unauthorized access to the wrong people. (over-privileged access) Sensitive data with open network access
- 10. © 2022 TechTarget, Inc. All Rights Reserved. 10 The Vulnerability Management Process Identify Assess Risk Prioritize Patch Report
- 11. © 2022 TechTarget, Inc. All Rights Reserved. 11 Question text: If you were to give your organization a grade for its vulnerability management program, what would it be? (Percent of respondents, N=398) Grading Vulnerability Management 65% admit that there is work to be done – and the work is cumbersome and significant 35% 46% 15% 3% 1% (complete understanding of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in all cases) B (good understanding of most of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in most cases, but there is room for improvement in some areas) C (some understanding of most of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in some cases, but there is room for improvement in many areas) D (limited understanding of most of our asset inventory & cannot identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation & needs improvement in many areas) F (very limited understanding of most of our asset inventory & cannot identify, analyze, & prioritize internal/external vulnerabilities & remediat them in an acceptable timeframe for risk mitigation & needs improvement in all areas)
- 12. © 2022 TechTarget, Inc. All Rights Reserved. 12 Biggest Vulnerability Management Challenges © 2021 TechTarget, Inc. All Rights Reserved.
- 13. © 2022 TechTarget, Inc. All Rights Reserved. 13 Vulnerable Software and Misconfigurations Most Common Points of Entry for Successful Ransomware Attacks Question text: What was the initial point of compromise for the successful ransomware attack on your organization? (Percent of respondents, N=368, three responses accepted) © 2022 TechTarget, Inc. All Rights Reserved. 15% 17% 24% 26% 27% 31% 31% 33% 36% Reinjected from an old data… A business partner network Web search or web browsing Software supply chain Email Misconfiguration of… Application user permissions… Systems software vulnerability Application software… ESG Research: 2022 The Long Road Ahead to Ransomware Preparedness
- 14. © 2022 TechTarget, Inc. All Rights Reserved. 14 Vulnerability Management Challenges Question text: Which of the following are the biggest challenges associated with vulnerability management at your organization? (Percent of respondents, N=398, multiple responses accepted) © 2021 TechTarget, Inc. All Rights Reserved. 4% 17% 18% 21% 21% 24% 24% 25% 25% 26% 26% 28% 28% 29% 29% 30% None of the above Conducting/scheduling vulnerability scans Lack of understanding of business risk due to… Inability to understand asset exploitability,… Patching vulnerabilities in a timely manner Tracking vulnerability and patch management over… Coordinating vulnerability scans across multiple… Tracking the cost and efficiency of the vulnerability… Prioritizing which vulnerabilities could be exploited… Tracking software vulnerabilities for which no patch… Identifying all assets that need to be scanned Analyzing the results of vulnerability scans Coordinating vulnerability management processes… Coordinating vulnerability management processes… Automating the process of vulnerability discovery,… Keeping up with the volume of open vulnerabilities The data backs up assumptions about the overwhelming nature of vulnerability management.
- 15. Are We Uncovering the entire risks in the IT security landscape? Is vulnerability assessment integrated with vulnerability remediation? Are vulnerabilities continuously & automatically managed from a single console? IT SECURITY TEAMS ARE LEFT TO PONDER Very Low Certainty Poor Control No Continuity
- 16. MODERN IT SECURITY TEAMS NEED A SINGLE SOLUTION THAT EXPOSES EVOLVING ATTACK SURFACE AND TAKES OWNERSHIP OF REMEDIATION • Continuous visibility into computing environment • Risk identification beyond software vulnerabilities • Continuous mitigation of risks to reduce attack-surface • Automating preventive routines
- 17. ADVANCED VULNERABILITY MANAGEMENT FRAMEWORK Gain Visibility into IT Infrastructure REPORT VISIBILITY IDENTIFY ASSESS REMEDIATE PRIORITIZE Vulnerabilities Misconfigurations Missing Patches Other Security Risk Exposures Assess security risk from single console and insightful reports Prioritise vulnerabilities and missing patches based on severity Patch Vulnerabilities Fix Misconfigurations Apply Security Controls • Manage Vulnerabilities & Security Risks Beyond CVEs • Mitigate Vulnerabilities On-time with Integrated Remediation Controls • Execute everything from a truly integrated, centralized console • Automate end-to-end tasks and establish a continuous routine Perform strategic analysis with insightful and customizable reports Centralised Management Console APIs APIs
- 18. Certainty Control Continuity TRADITIONAL VULNERABILITY MANAGEMENT ADVANCED VULNERABILITY MANAGEMENT
- 19. 019 SANERNOW CYBERHYGIENE PLATFORM SanerNow CM Compliance Management SanerNow AE Asset Exposure SanerNow EQR Endpoint Query Response SanerNow VM Vulnerability Management SanerNow EM Endpoint Management SanerNow PM Patch Management WORKSTATIONS SERVERS VIRTUAL DEVICES ALL MAJOR OSs NETWORK DEVICES SanerNow CyberHygiene Platform Single-Console Single-Agent On-Cloud On-Premise PREVENTION | AUTOMATION | CONTINUOUS Advanced Vulnerability Management
- 20. SanerNow Tools Single screen to query, analyze, detect, respond, automate and prevent attacks
- 21. For inquiries, contact us at: Email: info@secpod.com WWW.SECPOD.COM PREVENT CYBER ATTACKS. CONTINUOUS. AUTOMATED. TRY SANERNOW FREE
Editor's Notes
- #3: Secureworks is a leader in cybersecurity providing best-in-class cybersecurity solutions and threat intelligence that reduces risk, optimizes IT and security investments, and fills security team talent gaps. Secureworks Taegis™, a cybersecurity analytics cloud platform built on 20+ years of real-world threat intelligence and research, improves your ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
- #6: The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access. Your attack surface is the totality of all vulnerabilities in connected hardware and software. The combination of all attack vectors and all vulnerable assets within them is known as an organization’s attack surface. Attack vectors Specific paths that attackers use to gain unauthorized access to your environment. A simple analogy would be leaving a door or window to a building unlocked or open. While not always exploited, these openings provide an opportunity for unauthorized entry and therefore creates risk for malicious or unwanted activities that may take place. Common cyber-attack vectors include firewalls, DDoS attacks, malware, passwords, misconfigured APIs, and phishing – however organizations often have 100 or more attack vectors, adding lots of opportunity for risk. Protecting an organization requires careful review of every attack vector, and a detailed understanding of all assets associate with every attack vector, and what vulnerabilities exist in them. The combination of all attack vectors and all vulnerable assets within them is known as an organization’s attack surface. Your attack surface therefore reflects the entire area of IT infrastructure that is susceptible or exposed to potential compromise.
- #9: Vulnerability management. Prioritization, and Remediation. Attack surface reduction begins with an attack surface analysis. Vulnerability assessment tools are a core component of operationalizing attack surface analysis, automating the process of capturing a comprehensive list of know assets and any associated vulnerabilities associated with them. This list is constantly changing, so this process must be continuous to reflect an accurate view of potential risk. Attack simulation (pen testing, red teaming, etc.) – Expose externally-facing weaknesses. Attack Surface Management tools – automated assessment tools that identify and classify externally facing access to systems, data, and networks. Find assets and check for vulnerabilities. Continuously monitor and discover the external assets attackers can see and evaluate them against commercial, open source and proprietary threat intelligence feeds to generate security ratings for an organization's overall security posture. Risk assessment. Assessing potential risk associated with vulnerable assets requires an understanding of who or what systems are utilizing each asset, and what data is stored or processed on each asset. Risk prioritization. Once vulnerabilities and risk are assessed, both can be prioritized, focusing on highest-risk assets that need to be secured first. All of these processes must be operationalized – meaning that they must happen continuously, and automatically. Link to typical vuln definition…
- #16: - Software Vulnerabilities with CVE - Misconfigurations with CVE - Asset Exposures - Missing Security Patches - Security Control Deviations or Risk Exposures
- #17: - Software Vulnerabilities with CVE - Misconfigurations with CVE - Asset Exposures - Missing Security Patches - Security Control Deviations or Risk Exposures
- #19: What’s the talk track for this graphic?