Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges

Risk Analytics: Using your Data to

Solve Security Challenges

www.skyboxsecurity.com

Gidi Cohen

CEO and Founder, Skybox Security

Infosec Europe, 1 May 2014

© 2014 Skybox Security Inc. 2

Skybox Security Overview

Powerful security management platform

– Vulnerability and threat management

– Firewall assessment

– Network change management

Customers include:

Risk Analytics for

Cyber Security

© 2014 Skybox Security Inc. 3

Risk Analytics: Using your Data to Solve

Security Challenges

Agenda

Cyber Attacks - The Management Challenge

Risk Analytics - Attack Surface Visibility

Making Use of Risk Analytics

– Network Security Management

– Vulnerability and Threat Management

© 2014 Skybox Security Inc. 4

Enterprises are Unable to Defend Against

Cyber Attacks

Hacking incidents reported in 2013163,000

110 MillionData records lost at Target stores alone1

£7 Million Annual cost of cyber attacks

reported by enterprise2

Sources: 12013 Verizon Data Breach Report, 2 2013 Ponemon Cost of Cyber Crime Study

Coordinated ATM heist2

© 2014 Skybox Security Inc. 5

Attackers Understand Your Attack Surface

…You Don’t

Expansion Drivers

Vulnerabilities

Endpoints

Exploits

Contraction Drivers

Network segmentation

Fixing vulnerabilities

Technical Controls

Minutes to attack, months to defend

© 2014 Skybox Security Inc. 6

Security Processes Can’t Keep Up

Will spend more

on 2014 security3Common Problems

Too much data

Too many changes

Disruptive

No context

Difficult to analyze

Unable to take action

48%

Source: 32014 Cyberthreat Defense Report

by CyberEdge Group

© 2014 Skybox Security Inc. 7

Take HeartBleed, Please!

Attacks using publicly known

vulnerabilities in commercial software475%

Old data

Over half of organizations have

vulnerability data over 90 days old3

In April, HeartBleed vulnerabilities

revealed by Apple, Cisco, Google,

Symantec, Oracle, IBM, Fortinet,

McAfee, HP…

Source: 4“Raising the Bar for Cybersecurity”, J.A. Lewis, Center for Strategic and Intl Studies, Feb 2013

© 2014 Skybox Security Inc. 8

Network Visibility:Topology

Routing

Policies

Firewalls

Endpoints Visibility:Software

Patches

Vulnerabilities

Classification

Use Risk Analytics to Understand Your

Attack Surface - Continuously

Attack Vectors Risk Metrics Remediation Plan

Network Visualization Contextual Analysis

© 2014 Skybox Security Inc. 9

Network Visibility

Hosts, devices, zones

Firewall rules(ACLs)

Routing, NAT, VPN

Path Analysis

Firewall allows

port open from

the internet

Complete understanding of network

topology, segmentation and connectivity

© 2014 Skybox Security Inc. 10

Device Level Analysis

Access Policy

Compliance

Rule base analysis

– Usage

– Shadowed / Redundant

rules

Platform configuration

compliance

IPS Signatures analysis

© 2014 Skybox Security Inc. 11

Endpoint Visibility – Servers, Desktops,

Mobile, Cloud

Installed software

and versions

Installed and

missing patches

Vulnerabilities

Asset classification

Detailed understanding of configuration and

vulnerabilities of all hosts

© 2014 Skybox Security Inc. 12

Analytic Approach to Scanless Vulnerability

Discovery

Hosts &

Network

Devices

Installed

products,

missing

patches

(CPE)

Vuln List

(CVE)

Create a profile of

the products Apply rules to

extract

vulnerabilities

System

config

repository

© 2014 Skybox Security Inc. 13

Analytics Give You a

Continuous View of Vulnerabilities

Time

Month 1 Month 2 Month 3

50%

Combining active scanning and analytics

based vulnerability detection

100%

Active

scanner

Analytics

-based

detection

© 2014 Skybox Security Inc. 14

Network and Endpoint Visibility

Threat Origins and Exploitable Vulnerabilities

Internet Hacker

Compromised Partner

Rogue Admin

Vulnerabilities

CVE 2014-0160

CVE 2014-0515

CVE 2014-1776

© 2014 Skybox Security Inc. 15

Add Attack Simulation

Automatic Identification of Attack Vectors

Internet Hacker

Compromised Partner

Attack Simulations

Rogue Admin

Vulnerabilities

CVE 2014-0160

CVE 2014-0515

CVE 2014-1776

© 2014 Skybox Security Inc. 16

Look for “Hot Spots”

Risk and Exposure Based Prioritization

Enabling Optimal and Timely Remediation

Attack VectorsVirtual pen test

Target concentrations of

vulns to reduce overall risk

Target attack vectors against

critical assets

Look for Attack Vectors

Target specific high risk

attack vectors to assets

Vendor Security Bulletins

Business Units

Vulnerability Severity

Geo/ Tech Group

© 2014 Skybox Security Inc. 17

Verify Compliance

Model Network

Applying Risk Analytics to

Network Security Management Processes

AnalyseFirewalls

Manage Changes

Find security gaps in all firewalls

Check internal and external policies

Correlate network security data

Saves timeAnswers in

minutesStay

compliantAvoid risk

Check planned changes in advance

© 2014 Skybox Security Inc. 18

RemediateDiscover

Minutes not months

AnalyseThreat

Response

Scanless

Cover entire infrastructure

Find all risks automatically

Prioritize by risk

Context-driven remediation

Applying Risk Analytics to

Vulnerability and Threat Management

Identify relevant threats

Focus Fix Monitor

© 2014 Skybox Security Inc. 19

In Summary

• Continuous visibility of attack surface is

critical

• Combine network and endpoint data

• Use analytics to examine attack vectors

Focus on the Attack Surface

• Drive automation at every step

• Stay ahead of the attacks

Integrate into Security Processes

© 2014 Skybox Security Inc. 20

Thank you.

Request a Skybox product demo today.

www.skyboxsecurity.com