Risk Analytics: Using your Data to Solve Security Challenges www.skyboxsecurity.com Gidi Cohen CEO and Founder, Skybox Security Infosec Europe, 1 May 2014
May 08, 2015
Risk Analytics: Using your Data to
Solve Security Challenges
www.skyboxsecurity.com
Gidi Cohen
CEO and Founder, Skybox Security
Infosec Europe, 1 May 2014
© 2014 Skybox Security Inc. 2
Skybox Security Overview
Powerful security management platform
– Vulnerability and threat management
– Firewall assessment
– Network change management
Customers include:
Risk Analytics for
Cyber Security
© 2014 Skybox Security Inc. 3
Risk Analytics: Using your Data to Solve
Security Challenges
Agenda
Cyber Attacks - The Management Challenge
Risk Analytics - Attack Surface Visibility
Making Use of Risk Analytics
– Network Security Management
– Vulnerability and Threat Management
© 2014 Skybox Security Inc. 4
Enterprises are Unable to Defend Against
Cyber Attacks
Hacking incidents reported in 2013163,000
110 MillionData records lost at Target stores alone1
£7 Million Annual cost of cyber attacks
reported by enterprise2
Sources: 12013 Verizon Data Breach Report, 2 2013 Ponemon Cost of Cyber Crime Study
Coordinated ATM heist2
© 2014 Skybox Security Inc. 5
Attackers Understand Your Attack Surface
…You Don’t
Expansion Drivers
Vulnerabilities
Endpoints
Exploits
Contraction Drivers
Network segmentation
Fixing vulnerabilities
Technical Controls
Minutes to attack, months to defend
© 2014 Skybox Security Inc. 6
Security Processes Can’t Keep Up
Will spend more
on 2014 security3Common Problems
Too much data
Too many changes
Disruptive
No context
Difficult to analyze
Unable to take action
48%
Source: 32014 Cyberthreat Defense Report
by CyberEdge Group
© 2014 Skybox Security Inc. 7
Take HeartBleed, Please!
Attacks using publicly known
vulnerabilities in commercial software475%
Old data
Over half of organizations have
vulnerability data over 90 days old3
In April, HeartBleed vulnerabilities
revealed by Apple, Cisco, Google,
Symantec, Oracle, IBM, Fortinet,
McAfee, HP…
Source: 4“Raising the Bar for Cybersecurity”, J.A. Lewis, Center for Strategic and Intl Studies, Feb 2013
© 2014 Skybox Security Inc. 8
Network Visibility:Topology
Routing
Policies
Firewalls
Endpoints Visibility:Software
Patches
Vulnerabilities
Classification
Use Risk Analytics to Understand Your
Attack Surface - Continuously
Attack Vectors Risk Metrics Remediation Plan
Network Visualization Contextual Analysis
© 2014 Skybox Security Inc. 9
Network Visibility
Hosts, devices, zones
Firewall rules(ACLs)
Routing, NAT, VPN
Path Analysis
Firewall allows
port open from
the internet
Complete understanding of network
topology, segmentation and connectivity
© 2014 Skybox Security Inc. 10
Device Level Analysis
Access Policy
Compliance
Rule base analysis
– Usage
– Shadowed / Redundant
rules
Platform configuration
compliance
IPS Signatures analysis
© 2014 Skybox Security Inc. 11
Endpoint Visibility – Servers, Desktops,
Mobile, Cloud
Installed software
and versions
Installed and
missing patches
Vulnerabilities
Asset classification
Detailed understanding of configuration and
vulnerabilities of all hosts
© 2014 Skybox Security Inc. 12
Analytic Approach to Scanless Vulnerability
Discovery
Hosts &
Network
Devices
Installed
products,
missing
patches
(CPE)
Vuln List
(CVE)
Create a profile of
the products Apply rules to
extract
vulnerabilities
System
config
repository
© 2014 Skybox Security Inc. 13
Analytics Give You a
Continuous View of Vulnerabilities
Time
Month 1 Month 2 Month 3
50%
Combining active scanning and analytics
based vulnerability detection
100%
Active
scanner
Analytics
-based
detection
© 2014 Skybox Security Inc. 14
Network and Endpoint Visibility
Threat Origins and Exploitable Vulnerabilities
Internet Hacker
Compromised Partner
Rogue Admin
Vulnerabilities
CVE 2014-0160
CVE 2014-0515
CVE 2014-1776
© 2014 Skybox Security Inc. 15
Add Attack Simulation
Automatic Identification of Attack Vectors
Internet Hacker
Compromised Partner
Attack Simulations
Rogue Admin
Vulnerabilities
CVE 2014-0160
CVE 2014-0515
CVE 2014-1776
© 2014 Skybox Security Inc. 16
Look for “Hot Spots”
Risk and Exposure Based Prioritization
Enabling Optimal and Timely Remediation
Attack VectorsVirtual pen test
Target concentrations of
vulns to reduce overall risk
Target attack vectors against
critical assets
Look for Attack Vectors
Target specific high risk
attack vectors to assets
Vendor Security Bulletins
Business Units
Vulnerability Severity
Geo/ Tech Group
© 2014 Skybox Security Inc. 17
Verify Compliance
Model Network
Applying Risk Analytics to
Network Security Management Processes
AnalyseFirewalls
Manage Changes
Find security gaps in all firewalls
Check internal and external policies
Correlate network security data
Saves timeAnswers in
minutesStay
compliantAvoid risk
Check planned changes in advance
© 2014 Skybox Security Inc. 18
RemediateDiscover
Minutes not months
AnalyseThreat
Response
Scanless
Cover entire infrastructure
Find all risks automatically
Prioritize by risk
Context-driven remediation
Applying Risk Analytics to
Vulnerability and Threat Management
Identify relevant threats
Focus Fix Monitor
© 2014 Skybox Security Inc. 19
In Summary
• Continuous visibility of attack surface is
critical
• Combine network and endpoint data
• Use analytics to examine attack vectors
Focus on the Attack Surface
• Drive automation at every step
• Stay ahead of the attacks
Integrate into Security Processes
© 2014 Skybox Security Inc. 20
Thank you.
Request a Skybox product demo today.
www.skyboxsecurity.com