Beruflich Dokumente
Kultur Dokumente
TM
TM
skyboxsecurity.com
Service
Providers
TM
Government &
Defense
Energy &
Utilities
Technology
Healthcare
Consumer
skyboxsecurity.com
Service
Providers
TM
Government &
Defense
Energy &
Utilities
Technology
Consumer
GCC
skyboxsecurity.com
The Challenges
97% of breaches are avoidable through standard controls
No visibility of the environment
Security big data
Disjointed security tools, process and
data silos
Securing strategic business programs
Shortage of skilled personnel
Evolving threat landscape
Organizations dont understand
their attack surface
TM
skyboxsecurity.com
Systematic Approach
TM
TM
SECURITY CONTROLS
Firewalls
IPS
VPNs
NETWORK TOPOLOGY
Routers
Load Balancers
Switches
TM
ASSETS
Servers
Workstations
Networks
VULNERABILITIES
Location
Criticality
THREATS
Hackers
Insiders
Worms
skyboxsecurity.com
New Vulnerabilities
Vulnerabilities on sensitive
data leads to compromise
Violating Rule
Allows inbound access from
DMZ to deeper in network
Vulnerability Density
Multiple exploitable
vulnerabilities allowing
ongoing connection
TM
Indicators of Exposure
Vulnerability Density
Violating firewall rules
Directly exposed vulnerabilities
Platform violations
New vulnerabilities
Unauthorized change
Remediation latency
Policy violation
Unused firewall rules
Network zoning policy violation
TM
Benefits
TM
skyboxsecurity.com
11
Modular approach
Flexible deployment options
Software platform scalable to the
largest networks
Each module addresses a piece
of the attack surface
Integrated with 100+ security
tools
Built-in vulnerability intelligence
feed
TM
skyboxsecurity.com
12
2 models
5500: 32 GB RAM, 8 threads CPU
Manufactured by Patriot
OS CentOS (Linux)
Virtual appliance
Software
TM
skyboxsecurity.com
13
Skybox Architecture
TM
skyboxsecurity.com
14
Deployment diagram
Integrates with existing infrastructure
Automation, workflows
No agent software, no impact to
live network
Built-in ticketing system
APIs for integration with
third-party systems
Appliance, Virtual appliance,
Software only
skyboxsecurity.com
15
Your Network
Skybox logs
database queries
OS information
Skybox Local
Agent
REMOTE ACCESS
LINK
Create alerts
Identify anomalies
Dashboard
ANALYTICS ENGINE
AMS
Center
Reports generation
Activity tracking
REPORTING ENGINE
skyboxsecurity.com
16
SECURITY CONTROLS
NETWORK TOPOLOGY
Firewalls
IPS
VPNs
Network Devices
Ingress / Egress
Network Zones
Model
Network
Analyze
Firewalls
Network
topology view
Rule and
configuration checks
Normalized data
from 100+ vendors
Access simulation
Risky rule
identification
Rule optimization
Change tracking
Understand
network context
TM
Confirm
effective controls
Monitor
Compliance
Automated audits
PCI DSS 3.0
FISMA
Manage
Rule Lifecycle
Change process
workflow
Change request
NERC
Comprehensive risk
assessment
NIST
Reconcile changes
Custom policies
Document
compliance
Verify changes
Continuously
verify rulebase
skyboxsecurity.com
19
Firewall Management
Firewall Analysis
Organizational
Policies
Industry Policy
NIST, PCIDSS
Rule
Compliance
Analysis
Risky Rule
Identification
Firewall
Optimization
Security
Network
Operations
TM
Executive
Auditors
skyboxsecurity.com
20
TM
skyboxsecurity.com
21
Complete Visibility
Routing
NAT
Firewall
rules (ACL)
VPN
TM
skyboxsecurity.com
23
Only port 80
No Access
US
New
York
DMZ
Europe
London
Partners
Resellers
TM
Paris
Development
Finance Servers
skyboxsecurity.com
24
Firewall
allows access
to risky
service
Change causes
compliance
impact
Access policy
violation in
partner zone
TM
Change Causes
Vulnerability
Exposure
skyboxsecurity.com
25
Blocks Access
Security Gaps
skyboxsecurity.com
26
Capture
business
and/or
technical
details
Technical
Details
Translate
Path
identification
Rule analysis
Risk
Assessment
Identify policy
violations &
Vulnerability
exposures
Implementation
Assign to
team for
provisioning
Accept/Reject
Verification
Reconcile
against
observed
changes
Verify Access
skyboxsecurity.com
27
Recertification
Date?
Creation
Workflow
Policy
Violations?
Path analysis
Risk analysis
Provisioning with metadata
Reconciliation
TM
Auto Ticket
Generation
Recertification
Workflow
Rule or Object
Usage?
Recertify
or Reject
Deprovision
Workflow
Validate request
Approval
Deprovision rule, IP,
object or service
Reconciliation
skyboxsecurity.com
28
TM
skyboxsecurity.com
29
Process Challenges
Correlate
Risk Assess
Remediate
skyboxsecurity.com
31
Remediation
Hard to convert vulnerability
info to patch needs
Disruptive scans
Unnecessary patching
Analysis
Discover
No network context
Hard to correlate data from
multiple sources
Remediate
Analyze
skyboxsecurity.com
32
SECURITY CONTROLS
Firewalls
IPS
VPNs
NETWORK TOPOLOGY
Routers
Load Balancers
Switches
TM
ASSETS
Servers
Workstations
Networks
VULNERABILITIES
Location
Criticality
THREATS
Hackers
Insiders
Worms
skyboxsecurity.com
33
Hosts
Example:
Microsoft Corporation | Microsoft SQL Server 2005
(64bit) | 9.4.5000.00
cpe:2.3:a:microsoft:sql_server::2005:sp4:::::x64:
CVE-xxxx-xxxx
Extraction
Rules
Library
System, Asset
or Patch
Management
Daily
Sync
TM
Products
Patches
Product
Profiling
Vulnerability
Detection Rules
Library
Product
Catalog
Vulnerability
Profiling
Non-Microsoft
Vulnerabilities
Vulnerability List
Microsoft
Vulnerabilities
skyboxsecurity.com
34
Exploitation
pre-conditions
Vulnerabilities with
no CVE
Likelihood of attack
Remediation
solutions
Conflict resolution
Cross-references
Updated daily
SCANNERS
Cisco PSIRT
Microsoft Security Bulletin
Oracle
RedHat
eEye Retina
IBM Scanner
IMcAfee
Foundstone
TM
OTHER
IPS
Qualys Guard
Rapid7 Nexspose
Tenable Nessus
Tripwire nCircle
Fortinet FortiGate
HP TippingPoint
IBM Proventia
McAfee IPS
Palo Alto
Networks
Cisco Sourcefire
CERT
Mitre CVE
NISTs NVD
Rapid7 Metasploit
Secunia
Symantec Security Focus
Symantec Worms
skyboxsecurity.com
35
Skybox
Vulnerability
Database
Attack vectors
information
Product and
vulnerability
profiling rules
Data Collection
into Security
Model
Attack
Simulation
Vulnerability
Detector
TM
skyboxsecurity.com
36
Discover
Vulnerabilities
Analyze
Attack Surface
Prioritize
Response
Scanless
vulnerability
detection
Compensating
controls
Risk exposure
Attack simulation
Network context
Customizable
security indicators
Vulnerability
intelligence feed
Same-day
identification
TM
Business impact
Vulnerability risk
assessments
Highlight assets
at risk
Attack vectors
Heat maps
Remediate
& Track
Remediation
planning
Ticketing and
workflow
Dashboards and
reporting
SIEM tuning
Focus on areas of
greatest impact
Respond
quickly
skyboxsecurity.com
37
Exposure Analysis
Attack Vectors
Virtual pen test
Filter
Vulnerabilities
by Threat
Origin
TM
Check Impact of
Remediation
Activity
skyboxsecurity.com
40
Analyst View
Relevancy Identification /
KPIs / Exposure Analysis /
Business Impact
Analysis
Analysis
Analysis
TM
Correlated
Events
Forensics
Watchlist
SIEM
Firewall
Configs
Scanner
Data
Alerts
Network Packet
Capture
Router
Threat
Configs Intelligence
Logs
Pre-Attack
TM
Post-Attack
Key Challenges
Customer A
Multiple Sites
Customer C Single
Site, Shared Server
Generic approach
No customer context
Lots of irrelevant noise still
Large research function
Lots of manual analysis
Security
Analysts
Event
Processing
MSP SOC
TM
skyboxsecurity.com
44
Import New
Threat Data
Assign
and Track
Assess Relevancy
and Impact
Correlate to
Vulnerabilities
Threat intelligence
Threat analytics
Symantec
DeepSight
Identify threats
relevant to the
business
Confirm existing
vulnerabilities
Remediation
progress
Update tickets
with vulnerability
info
Record workflow
VeriSign iDefense
Skybox Dictionary
Automatically
trigger tickets
SLA on tickets
Reconcile and
Close Ticket
TM
skyboxsecurity.com
45
TM
skyboxsecurity.com
46
Questions
www.skyboxsecurity.com
Thank You
www.skyboxsecurity.com