+ All Categories
Home > Documents > THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules...

THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules...

Date post: 11-Oct-2020
Category:
Upload: others
View: 1 times
Download: 0 times
Share this document with a friend
20
THREAT EXPOSURE MANAGEMENT Fedon Konstantinou Security Engineer ITway Hellas
Transcript
Page 1: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

THREAT EXPOSURE MANAGEMENT

Fedon Konstantinou

Security Engineer

ITway Hellas

Page 2: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Rapid7 Overview

Metasploit

Nexpose

Appspider

Q & A

Agenda

2

Page 3: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Rapid7 Timeline

3

2000 – Founded by Alan Matthews, Tas Giakouminakis & Chad Loder

2004 – Nexpose Commercial Release

2008 – Bain Capital Ventures invests $10 million in Rapid7

2009 – Acquired the Metasploit Project

2011 – Technology Crossover Ventures invests $50 million in Rapid7

2012 – Acquired Mobilisafe

2013 – Founded Rapid7 Labs

2013 – Announcement of new Products: ControlsInsight & UserInsight

2014 – Bain Capital Ventures invests $30 million in Rapid7

2015 - Announcement of new Acquisition: NTOBJECTives becomes Rapid7 Appspider

2015 – RAPID7 IPO – NASDAQ “RPD”

2015 – Acquisition of LogEntries (log search engine) to boost Rapid7’s analytics platform

Page 4: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

4

Delivering Security Data & Analytics that revolutionize the practice of cyber security

34%Fortune 100

5,100+Customers

800+Employees

90+Countries

NASDAQ: RPD

Page 5: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

5,100+ Customers in More Than 90 Countries

5

Technology/

Communication

Retail/

WholesaleEnergy Financial Services Healthcare Manufacturing

EducationMedia &

Entertainment

Government

Public SectorOthers

Page 6: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

6

Data ProblemLack of understanding

of environment and

context across

physical, virtual, cloud

and mobile

Scan and PatchRemediation practice

not effective or

credible & lacks

operational measures

across IT

Attacker Blind SpotAsset data, control

data & threat data

operating ineffectively

in isolation

Addressing Threat Exposure Challenges

Page 7: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Vulnerability

Management

Security Configuration

Assessment

Web Application

Security

Virtualization Security

PCI Compliance

Management

7

Vulnerability

Verification

Penetration Testing

Reduce Phishing

Exposure

Password Auditing

Test Security

Controls

Continuously

applications

monitoring

Automated virtual

patching

Meet compliance

requirements

Quickly re-play web

attacks

Rapid7 Product Portfolio

Page 8: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

8

Know your

weak pointsPrioritize what

matters most

Improve Your

Outcomes

Rapid7 Workflow

Page 9: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Reduce Your Risk of a Breach

Page 10: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Simulate real-world attacks

against your defenses

Utilize world’s largest code-

reviewed exploit database

Uncover weak and reused

credentials

Community

Members

200,000

Exploit Modules MetaModules

#1

Threat Action(Verizon DBIR 2015)

200 Post-exploitation

modules

Evade Anti-Virus,

Firewall, and IPS

Brute-force Password Auditing

VPN Pivoting

10

Page 11: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

11

Reduce user risk using

phishing campaigns and

education

Run penetration testing

programs at scale

Complete compliance

programs faster

Multiple Projects Multiple Users

Customizable Audit

Reporting

Pass

Compliance Reports Validate Vulnerabilities,

Identify Exceptions

Clone Webpages Measure User

RiskSend, track, and

target education

Task Chaining

Page 12: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Reduce Your Risk of a Breach Nexpose Awards

Page 13: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Validate Vulnerabilities

with Metasploit®

Uncover your hidden

attack surface

Contextualize assets using

RealContext™

Physical Cloud MobileVirtual

Closed-loop Integration

Asset Owner Asset Location Asset Importance

13

Page 14: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Deliver impactful,

actionable remediation

plans

Focus on the highest

risks with RealRisk™

Implement best practice

security controls

Granular Scoring (0-1000)

Exploit & Malware Kit(Increases risk)

Weighted Scoring (using RealContext™)

Owner Assignment(using RealContext™)

Top remediation

reports Clear steps

to follow

Measure effectiveness

of controls

Visualize deployment

of controlsPrioritizes controls for

implementation

14

Page 15: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Application Assessment for the Modern World

Page 16: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

16

Web applications are a primary target…

Web application attacks remain the most frequent incident

pattern in confirmed breaches and accounted for up to 35%

of breaches in some industries.

The 2015 Verizon Data Breach Investigation Report

35%

Page 17: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

17

1990 1995 2000 2005 2010 2015

HTML

Static

PagesCGI

Web 2.0

(AJAX)

Web 3.0 &

Mobile

(JSON, REST,

AMF, SOAP)

Application

Frameworks

2020

JavaScript Com

ple

xity

So, why is application security still so hard?

Page 18: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

18

Application Assessment for the Modern World

Maximum application

testing and breadth of

coverage

Deep analysis

with interactive

reports

Automated WAF and

IPS virtual patching

Page 19: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

Technology Partner Ecosystem

SIEM NGFW - IPSIT GRC

Patch

Ticketing

Credentials

WAF

Topology Risk

Virtualization

NAC

SaaS

19

Page 20: THREAT EXPOSURE MANAGEMENT - Infocom Security · (Verizon DBIR 2015) 200 Post-exploitation modules Evade Anti-Virus, Firewall, and IPS Brute-force Password Auditing VPN Pivoting 10.

THANK YOU


Recommended