2. What is a Vulnerability Assessment?
It is a process for the identification of networks and
devices vulnerabilities, performed before intruders may
exploit such security flaws.
It is a process to detect possible flaws in security
policies.
Its result must prove whether the network security
complies with the established policies.
3. The Experts Say…
•"Enterprises that implement a vulnerability management process
will experience 90 percent fewer successful attacks than those that
make an equal investment only in intrusion detection systems"
• Gartner
•“99%
of network
•“The Yankee Group intrusions result from
recommends vulnerability exploitation of known
management services for vulnerabilities or
enterprises that would configuration errors where
incur financial risk if their countermeasures were
network or key business
available.”
applications were to
become unavailable due to •Carnegie Mellon Univ.
a misconfiguration or
cyberattack..” •Mastercard
and VISA demand periodic VA to
•CERT Recommends maintain active e-commerce websites
•Vulnerability Assessment
4. Proactivity Reduce Costs!
•“Currententerprise security spending tends to be focused on reactive
technologies more than proactive technologies” – Amrit Williams,
Gartner
ce •NAC •Ident
plian Aut ifica
•C om tems he
•A ntic
tion
ys s/ atio /
S tion cce
ss n
gula
ell o log cov ork
• Re
•C
•P
on
y
i es
er
tro
s w
olic
K
ls
Di et
I
•P N
•
ige y
e
•T
nc
• ID
• In
Tra
In
raf
Man rability
•“Shrink the
sp
sp
S
en t
op
•“Stop the Bullets”
fic
fc
ec
e
•T
agem
•Targets”
tiio
I nt
• IPS
on
ulne
n
•Asset Intelligence •Blocking
•V
•Blocking
•& •&
•Fire
•Proactive •Reactive
en ce
Poi nt
ion
urat t
•Risk Reduction •Event Mgmt.
wall
n
ntellig
em e
•E nd
nag
fig
I
s
i ng
•Heavy Spending
iru
n
Ma
• Co
er t
-V
Al
nti
•A
• In •Th
Th te re
•A
lli
re ge at s
at nc sic
Fe e r en EM
ed • Fo /S
s IM
•S
en t
• Incid
onse
Resp
5. Differences between a Vulnerability
Assessment and a Pen Test
•Vulnerability •Penetration Testing
Assessment
•What to
probe?
•Target definition •Target definition
•Attacker skill.
•Collectall the
•Obtain Information •Obtain Information possible information
about the target
•Vulnerability
•Vulnerability
Assessment •Assessment
•Planning the attack
•Information Planning
•Obtain administrator privileges on the
attack system
•Attack
•Ready •NO • Pivot
?
•Take advantages of privileges
•YE
S
•Reportand Analyze
•Report •Clean
results
6. The Birth of Vulnerability Management
(agent-less)
•IP360 •Foundscan •QualysScan •REM/Retin
•Lightning
Console/
•Service/Produc
a
•Product •Service/Produc Nessus
t t •Product
•2001 •2002 •2003 •2004 •2005
•BufferOverflows Increase
Sophistication
•New Attack Vectors emerge
7. ATTAKA, e different kind of Vulnerability
Assessment
VA with “service centric” vision
Attaka allows now to integrate all the participants through
internal/external remediation, documentation and reporting
workflows
They are not expensive, which allows to repeat them
frequently, reinforcing the concept of "security = process",
and they help carry out the complex processes to "be in
compliance"
Integrates with company's Help Desk to provide greater
support to clients
Gives users the possibility of interacting with their
companies' security status, in a continuous and cooperative
process
•ATTAKA transform in
• “An integrated, collaborative and management Platform”
8. ATTAKA, e different kind of Vulnerability
Assessment
•ATTAKA assesses more than 16000 security vulnerabilities on network
environments
•It consists of the following modules:
Discovery:
Asset consolidation and assessment (internal and external).
Reporting:
Interactive, historical and dashboard reports with key
indicators and summarized information on vulnerabilities,
statistics and current infrastructure state
Remediation:
This includes documentation and workflow. Follow-up,
improvement and resolution of issues are recorded in the Patch
Management process (vulnerability remediation)
Support:
24/7 on-line access based on a ITIL – Help Desk that
provides support
9. ATTAKA, Key features
Dashboard report
Is recognized by MITRE (http://cve.mitre.org),Searches by CVE code
Vulnerabilities remediation module (patch management)
Performs external and internal audits under the company management
supervision
Security news module
Performance and scalability
Possibility of assessing hundreds of IPs per report/session
Integrate 24/7 on-line access based on a ITIL – Help Desk , ISO9001
certified, that provides support
Multi-language capability
12. ATTAKA, benefits for your business!
Reduces operating costs, minimizing TCO for vulnerability
assessment and management tasks.
Reduces human error and false positives, by a double
checking with our security specialists and knowledge
databases.
Easy operation and implementation – it does not require
network changes, special software or experts to make it
works.
Complements and adds value to firewalls, IDS and antivirus
software, by detecting failures in their configuration.
Speeds up security troubleshooting processes, presenting
added information for a quick view the company's
vulnerability state, complete details for each vulnerability
ranked by risk level, and the recommended action for solving
it.
14. Our offices
•Development Centersz
•:: Globant Argentina :: •:: Globant Argentina :: •:: Globant Argentina:: :: Globant Argentina :::: Globant Argentina:Globant Argentina ::
• • • ::
Buenos Aires I Buenos Aires II La Plata Tandil Cordoba Rosario
•Commercial Offices ::
•:: US
•:: UK :: •:: US :: •:: US :: •:: CHile :: •:: Colombia:: •:: Mexico::
•London •Silicon Valley •Austin •Santiago •Bogota •México DF
Boston