2. what‘s bad on your network:
tackling it with
Vulnerability Management
Dirk Schrader
University of Manchester; March 24th, 2016
09:45 – 10:15, Theatre A
3. Introduction
• Greenbone Networks
• Develops Vulnerability
Management Solutions since
2004
• Open Source and Transparency
• Your data is your data:
NO CLOUD
• German
• Dirk Schrader
• CISSP (by ISC2)
in good standing
• CISM (by ISACA)
in progress
• 20+ years in IT Sec
• German, too
www.greenbone.net
4. What should be considered as ‚bad‘?
www.greenbone.net
Susceptibility Accessibility
Capability
Anything which is susceptible to misuse
and accessible by an adversary with
sufficient capabilities.
That can be:
• Software flaws
• Defaults or misconfigurations
• Unauthorized or
unsuspected installations
• Compliance deviation
or Non-Compliance
• Policy deviation or violation
5. Start with a different perspective, ..
www.greenbone.net
Processes, Policies
& Awareness
Physical
Perimeter
Network
Host & OS
Application
Data
Authentication
NG Firewall
N-IDPS
H-IDPS
AV-System
SIEM / ISMS
Vulnerability
Management
inside–outview
outside–inview
6. .. then prepare,
• Define secure configurations
• Whitelist systems and
applications
• Map to security controls
• Still, if none is there:
start simple, enhance stepwise
www.greenbone.net
Policies
Compliance
Guidelines
7. .. identify,
• Import and/or discover
assets
• Scan assets
• Scan them authenticated
• CPE information is vital
www.greenbone.net
8. .. classify,
• use CVSS, CVE, and CPE
• enhance with add SecInfo
• most important, tag with
Asset Criticality info
www.greenbone.net
9. .. prioritize,
• based on Score, Quality of Detection,
and available Solution Type
• adding Asset Criticality Information
• Attack status confirms
www.greenbone.net
10. .. assign,
• use Reports, Alerts, or a Ticket
System
• based on Knowlegde,
Experience, and Role
• track and trace assignment
www.greenbone.net
11. .. mitigate and remediate,
• patch and/or upgrade
• block and/or isolate
• work around
• override is also a temporary option
www.greenbone.net
12. .. store and repeat,..
• predict and trend assets
• handle changes in infrastructure
• time-stamped data supports Forensics
• average of 40 high severity flaws
published per week
• 24h/48h ‚Window of Vulnerability‘
www.greenbone.net
13. .. and improve!• Eases implementation of Updates
and Changes to Policies,
Guidelines, and Compliance
• Meaningful KPIs for the IT Security
documented
• The number of vulnerabilities over time is
not meaningful
• But the time needed to mediate/mitigate
(reduced by..)
• The time needed to identify
(faster by x)
• Fail/pass ratio of adherence to policy,
compliance (increased by ..)
www.greenbone.net
14. the process of Vulnerability
Management
www.greenbone.net
prepare
identify classify
prioritize
assign
mitigate &
remediate
store &
repeat
improve