Presentation is loading. Please wait.

Presentation is loading. Please wait.

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.

Published byKristin Flook Modified over 9 years ago

Similar presentations

Presentation on theme: "SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO."— Presentation transcript:

1 SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO

2 #RSAC 2 We called 2013 the year of the data breach…

3 #RSAC 3 …but 2014 started in much the same spirit…

4 #RSAC Background  Open System Administration Channels  Default and Weak Passwords  End-user has Admin Privileges  Outdated Software Versions 4

5 #RSAC Outdated Software Versions 5

6 #RSAC Background  Open System Administration Channels  Default and Weak Passwords  End-user has Admin Privileges  Outdated Software Versions  Non-Hardened Configurations => Flaws in System Administration 6

7 #RSAC Solution  20 Critical Security Controls  What works in Security? 7

8 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input 8

9 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industryexpert input 9

10 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation 10

11 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation 11

12 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industryexpert input  International Participation 12

13 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industryexpert input  International Participation 13

14 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation  5 Tenets 14

15 #RSAC 5 Tenets 20 CSC  Offense informs Defense  Prioritization  Metrics  Continuous Diagnostics and Mitigation  Automation 15

16 #RSAC 5 Tenets 20 CSC  Offense informs Defense  Prioritization  Metrics   Continuous Diagnostics and Mitigation  Automation  16

17 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation  5 Tenets  Prioritized 17

18 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation  5 Tenets  Prioritized 18

19 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation  5 Tenets  Prioritized  Implementation Guidelines 19

20 #RSAC Solution  20 Critical Security Controls  What works in Security?  Owned by the Council on Cybersecurity  With widespread industry expert input  International Participation  5 Tenets  Prioritized  Implementation Guidelines = Quick Wins, Visibility/Attribution, Configuration/Hygiene, Advanced 20

21 #RSAC Implementation Guidelines 21

22 #RSAC Implementation Guidelines  Quick Win 1 - Control 1 – HW Inventory  Implement an automated discovery engine (active/passive)  Quick Win 3 – Control 2 – SW Inventory  Scan for Deviations from Approved List  Quick Win 3 – Control 3 – Secure Configurations  Limit Admin privileges  Quick Win 10 – Control 4 – Vulnerability Scanning  Risk rate by groups 22

23 #RSAC Implementation Guidelines  Measure Success  Control 1: Detect new machines in 24 hours  Control 1: How many unauthorized machines on network?  Control 2: How many unauthorized software packages installed?  Control 3: Percentage of machines that do not run an approved image ?  Control 4: Percentage of machines not scanned recently (3d)? 23

24 #RSAC Implementing Quick Wins - Prototype  QualysGuard, API, PERL, Splunk  Daily Authenticated Scan of Network  Scripted API Access and Load 24

25 #RSAC Implementing Quick Wins - Prototype 25

26 #RSAC Implementing Quick Wins - Prototype  Logins - user, date, type  Scans - user, date, type, target, duration  Reports - user, date, type, duration, size  Hosts – machine, date, active, fixed, severity counts, scores  Vulnerabilities – id, severity, cvss, age  Software – name, publisher  Certificates – subject, validdate, signer, self-signed  Ports – date, ports 26

27 #RSAC Implementing Quick Wins - Prototype  Logins - user, date, type  Scans - user, date, type, target, duration  Reports - user, date, type, duration, size  Hosts – machine, date, active, fixed, severity counts, scores  Vulnerabilities – id, severity, cvss, age  Software – name, publisher  Certificates – subject, validdate, signer, self-signed  Ports – date, ports 27

28 #RSAC Implementing Quick Wins - Prototype  QualysGuard, API, PERL, Splunk  Daily Authenticated Scan of Network  Scripted API Access and Load  Data Transformation in Scripts  Scoring – Dept. State CVSS based  Data Promotion  Software, Patches, MAC address  Splunk for Reports and Graphing 28

29 #RSAC CSC1 – HW Inventory - Quick Win 1  Deploy Asset Inventory Discovery Tool (active/passive)  Goal: Discover new machines within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for new Machines  ~ where the earliest scandate is within the last day 29

30 #RSAC CSC1 – HW Inventory - Quick Win 1  Asset Inventory Discovery Tool (active/passive)  Discover new machines within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for new Machines 30

31 #RSAC CSC2 – SW Inventory - Quick Win 3  Discover Unauthorized Software  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for new Server Ports  ~ where the earliest scandate is within the last day 31

32 #RSAC CSC2 – SW Inventory - Quick Win 3  Discover Unauthorized Software  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk 32

33 #RSAC CSC2 – SW Inventory - Quick Win 3  Discover Unauthorized Software  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for new Software  ~ where the earliest scandate is within the last day 33

34 #RSAC CSC2 – SW Inventory - Quick Win 3  Discover Unauthorized Software  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for new Server Ports  ~ where the earliest scandate is within the last day  Query Splunk for new Software 34

35 #RSAC CSC2 – SW Inventory - Quick Win 3  Discover Unauthorized Software  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for new Software  ~ where the earliest scandate is within the last day  Can be Alerted On 35

36 #RSAC CSC3 – Secure Configuration  Automation: Discover Non Standard Setups  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for certain SoftwareMarker  Here: “Qualys Desktop Build” – which is a custom SW package that identifies our IT standard builds 36

37 #RSAC CSC3 – Secure Configuration  Automation: Discover Non Standard Setups  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for certain SoftwareMarker  Here: “Qualys Desktop Build” – which is a custom SW packag that identifies out IT standard builds 37

38 #RSAC CSC3 – Secure Configuration  Automation: Discover Non Standard Setups  Goal: Within 24 hours  Daily Active Scan of the Network -> Splunk  Query Splunk for certain Software Marker  Here: “Qualys Desktop Build” – which is a custom SW package that identifies out IT standard builds  Can be Alerted On 38

39 #RSAC Further Uses and Projects  Plot Progress for a Machine 39

40 #RSAC Further Uses and Projects  Plot Progress for a Machine 40

41 #RSAC Further Uses and Projects  Plot Progress for a Machine  Plot Progress for a Network 41

42 #RSAC Further Uses and Projects  Plot Progress for a Machine 42

43 #RSAC Other Operational Reports  Usage Reporting  User Logins  API Logins  Reports  Anomaly Detection  GeoIP 43

44 #RSAC Other Operational Reports  Usage Reporting  User Logins  API Logins  Reports  Anomaly Detection  GeoIP 44

45 #RSAC Beyond Prototyping  Continuous Monitoring  Alert on Additions & Changes  Machines  Vulnerabilities  Ports  Certificates  Simple Configuration 45

46 Questions? wkandek@qualys.com @wkandek http://laws.qualys.com

Download ppt "SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Scenario: EOT/EOT-R/COT Resident admitted March 10th Admitted for PT and OT following knee replacement for patient with CHF, COPD, shortness of breath.

Scenario: EOT/EOT-R/COT Resident admitted March 10th Admitted for PT and OT following knee replacement for patient with CHF, COPD, shortness of breath.
1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.

1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.
SunGuide TM Software Development Project Release 3.1: I-95 Express Lanes Design Review Follow-up January 29, 2008.

SunGuide TM Software Development Project Release 3.1: I-95 Express Lanes Design Review Follow-up January 29, 2008.
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Processes and Operating Systems

Processes and Operating Systems
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
STATISTICS Joint and Conditional Distributions

STATISTICS Joint and Conditional Distributions
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Objectives: Generate and describe sequences. Vocabulary:

Objectives: Generate and describe sequences. Vocabulary:
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination. Introduction to the Business.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.

Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
Custom Services and Training Provider Details Chapter 4.

Custom Services and Training Provider Details Chapter 4.

Similar presentations

Ads by Google