RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
1 like906 views
The document discusses Risk Control's vulnerability detection capabilities. It can deduce vulnerabilities without scanning by leveraging existing repositories, providing faster discovery across all systems including those that are difficult to scan. It augments traditional vulnerability scanning by continuously updating vulnerability data and detecting vulnerabilities across operating systems, network devices, applications, and client-side software.
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
- 1. Risk Analytics for Cyber Security Liran Chen Technical Director
- 2. Risk Control’s Differentiators: Discovery Discovery Analysis Remediation Scanless: Vulnerability Detector Scanless vulnerability assessment, finds vulnerabilities from existing repositories without a scan Advantages: ■ © 2013 Skybox Security Inc. Automatically and accurately deduces vulnerabilities Provides faster scan cycles (hours or even minutes) Delivers continuous, up-to-date discovery Covers all nodes including difficult-to-scan systems, e.g. critical systems, mobile devices, cloud assets 2
- 3. Ask Yourself… How Well is our VM Program Working? Discovery Analysis and Prioritization How often is vulnerability data collected? How much of the network is covered? Is scanning disruptive to the business? Does the VM approach consider the network and security controls context? Are we prioritizing by exploitation risk? Remediation How fast are critical vulnerabilities fixed? Do we consider alternatives to patching? Is risk level going up or down over time? © 2013 Skybox Security Inc. 3
- 4. Vulnerability Discovery Augment Active Scans with Daily Updates Active Scanner Skybox Vulnerability Detector Skybox Vulnerability Dictionary Asset Database Threat Intel Patch Database Product Catalog (CPE) Rule-based Profiling Consolidated Vulnerability List (CVE) Updated Daily © 2013 Skybox Security Inc. 7
- 5. With or Without a 3rd Party Scanner Continuous View of Vulnerabilities Combining 3rd party and Skybox Vulnerability Detector data gives constant vulnerability knowledge 100% Skybox Vulnerability Detector Q 50% 3rd party scanner Month 1 © 2013 Skybox Security Inc. Time Month 2 8 Month 3
- 6. Vulnerability Dictionary Most comprehensive vulnerability data source 41,000 vulnerabilities on 1,000 products Vulnerability Research Team consolidates info from 20+ sources. Latest advisories, scanners, IPS, others Additional data analysis, modeling, info added for use by Skybox analytics engine CVE compliant, CVSS v2 standard, cross-referenced Also contains vulnerabilities not found in CVE list © 2013 Skybox Security Inc. 9
- 7. Vulnerability information sources The Vulnerability Dictionary aggregates data from these sources: © 2013 Skybox Security Inc. 10
- 8. Vulnerability Detector supported platforms Operating Systems © 2013 Skybox Security Inc. Network Devices Enterprise service Applications 11 Client side Applications
- 9. Summary Augment your scanner with Risk Control to get better discovery – analysis and remediation reporting. Discover vulnerabilities across your entire enterprise – especially in places you currently don’t scan Discover vulnerabilities within days of announcement, not weeks or months © 2013 Skybox Security Inc. 13