Predictive Prioritization Focusing On What Matters First Tas - - PowerPoint PPT Presentation

predictive prioritization focusing on what matters first
SMART_READER_LITE
LIVE PREVIEW

Predictive Prioritization Focusing On What Matters First Tas - - PowerPoint PPT Presentation

Mar 18, 2023 46 likes •261 views

Predictive Prioritization Focusing On What Matters First Tas Jalali, CISSP, CISM, CEH Principal Security Engineer Vulnerability Management In Brief A Assess Legacy and A Modern Assets Remediate Intelligent R Prioritization M R

slide-1
SLIDE 1

Tas Jalali, CISSP, CISM, CEH

Principal Security Engineer

Predictive Prioritization Focusing On What Matters First

slide-2
SLIDE 2

Vulnerability Management In Brief

Assess – Legacy and Modern Assets Remediate – Intelligent Prioritization Manage – Measure

A R M A R M

slide-3
SLIDE 3

Predictive Prioritization

3

slide-4
SLIDE 4

Prioritization Is Critical

4

Risk-Driven Scoring

CVSS

Critical High Medium Low

Cyber Exposure Score (risk-based)

Critical High Medium Low

slide-5
SLIDE 5

5

THE THREE KEY QUESTIONS

A

Where are we exposed? Where should we prioritize based on risk?

R

How are we reducing exposure

  • ver time?

M

slide-6
SLIDE 6

Number of Vulnerabilities During the Past Decade

894 1020 1677 2156 1527 2451 4935 6610 6520 5632 5736 4652 4155 5297 5191 7946 6484 6447 14714 16555 1085 2000 4000 6000 8000 10000 12000 14000 16000 18000

199920002001200220032004200520062007200820092010201120122013201420152016201720182019

VULNERABILITIES DISCOVERED EACH YEAR

Source: NVD

slide-7
SLIDE 7

7

7%

  • f vulnerabilities had

an exploit available

63%

  • f vulnerabilities discovered

in environments are CVSS 7+

12%

  • f vulnerabilities disclosed in

2017 were CVSS 9+

16,500

VULNERABILITIES DISCLOSED IN 2018

slide-8
SLIDE 8

IF EVERYTHING IS IMPORTANT – NOTHING IS

8

59% High or Critical

Vulnerability Intelligence Report Tenable Research

slide-9
SLIDE 9

* Gartner Market Guide for Vulnerability Assessment, Craig Lawson, Prateek Bhajanka, June 19, 2018

Number of Vulnerabilities During the Past Decade

slide-10
SLIDE 10

HAYSTACK GETTING BIGGER HARDER TO FIND THE NEEDLES

10

  • 1,500 vulnerabilities

with exploits published

  • 28 exploitable

vulnerabilities every week.

Vulnerability Intelligence Report Tenable Research

slide-11
SLIDE 11

REDUCING THE BURDEN - DRAMATICALLY

11

Threat Intelligence

Insight into which vulnerabilities are actively being exploited by both targeted and

  • pportunistic threat actors.

Vulnerability Rating

The criticality, ease of exploit and attack vectors associated with the flaw.

Research Insights

Data science based analysis of over 109,000 vulnerabilities to differentiate between the real and theoretical risks vulnerabilities pose

97%

Reduction in vulnerabilities to be remediated with the same impact to the attack surface

PRIORITIZATION

PREDICTIVE

slide-12
SLIDE 12

13

SOME OF WHAT’S IN THE MODEL

  • CVE Age
  • No. Words in NVD Description
  • Days Since NVD Last Modified
  • Number of References
  • CVSS v3 Base Score
  • CVSS v3 Exploitability Score
  • CVSS v3 Impact Score
  • Total Affected Software
  • CWE
  • Distinct days with cyber exploits
  • Days since last cyber exploit
  • Total cyber exploit events
  • Days since first cyber exploit
  • Days since last cyber attack
  • Days since last ExploitDB entry
  • Days since first ExploitDB entry
  • Days since last Metasploit entry
  • Total ExploitDB entries
  • Total Metasploit entries
slide-13
SLIDE 13

14

VPR INSIGHT - 70 DAYS PRIOR TO CVSS SCORE

CVSS VPR

Linux Kernel Flaw

slide-14
SLIDE 14

A DATA SCIENCE APPROACH UNDERSTANDING THE MODEL

150 different aspects in 7 feature groups

▪ Past threat pattern ▪ CVSS ▪ NVD ▪ Past hostility ▪ Vulnerable software ▪ Exploit code ▪ Past threat source

Over 109,000 vulnerabilities tracked Forecast probability of exploit in near term future Updated daily

slide-15
SLIDE 15

Identify What Matters

3%-5%

Dynamic Prioritization

slide-16
SLIDE 16

The attack surface is expanding

17

Server Desktop Network infrastructure ICS/SCADA Industrial IoT Web app Mobile Laptop Enterprise IoT Virtual machine Cloud Container

IT Cloud IoT

§ T § AS MO M A EX § HI E TR HA W GR

slide-17
SLIDE 17

Creating a Cyber Exposure Gap

18

Server Desktop Network infrastructure ICS/SCADA Web app Mobile Laptop Enterprise IoT Virtual machine Cloud Container

IT Cloud IoT

Industrial IoT

§ T ADDIT CY C AN § P P T N C AS T SE

slide-18
SLIDE 18

19

Your Cyber Exposure Command Center

Prioritize

Advanced risk-based exposure scoring weighs vulnerabilities, threats, asset value and location, providing clear guidance about what to focus on

Identify

Visualizations of the entire modern attack surface to allow anyone, from analyst to executive, to quickly understand and explore their organization’s Cyber Exposure

Business Context

Benchmark by combining vulnerability data with asset business criticality and threat context and focus on the issues that matter most to the business

Company Confidential: Do Not Distribute
slide-19
SLIDE 19

Summary

ü Vulnerability overload ü Lack of visibility into global assets and Cyber Exposure ü Lack of quantitative approach to prioritize remediation & Measure reduction in Cyber Exposure

Address Longstanding VM Challenges

ü Improve decision making ü Business context for vulnerability management ü Present security information in business terms

Provide Greater Business Value

slide-20
SLIDE 20

ü How many vulnerabilities do you deal with every month? ü Do you patch every vulnerability? ü What does that cost your organization? ü How do you prioritize? ü Do you use threat intelligence? ü Could staff be more efficient?

21

KEY QUESTIONS

slide-21
SLIDE 21

Thank You