Date post: | 14-Jan-2017 |
Category: |
Technology |
Upload: | rahul-neel-mani |
View: | 435 times |
Download: | 2 times |
ENGINEERING BETTER SECURITYSECURITY DATA & ANALYTICS Presenter:- Yogesh Kulkarni
Sales Engineer, SAARCOSCP, Rapid7 Nexpose & Metasploit Pro certified, GCIH, CEH, CHFI & ECSA
Confidential and Proprietary 2
Delivering Security Data & Analytics that revolutionize the practice of cyber security
37%Fortune 1000
5,100+Customers
800+Employees
99Countries
NASDAQ: RPD
By 2020,
60% of enterprise information security budgets will be allocated for
rapid detection and response approaches up fromless than 20% in 2015.
- Gartner: “Shift Cybersecurity Investment to Detection,” dated 7 January 2016
Massive Shift to Risk-Based Approach to Security
Prevention-Based Security
“Block and Protect”
OLD MODEL:
Risk-Based Security NEW MODEL:
Prevention
Detection
Correction
Correction
Detection
Data & Analytics
Prevention
Confidential and Proprietary 3
Confidential and Proprietary 6
Industry recognition
Rapid7 Selected by SANS Community as Best Vulnerability Assessment Solution
https://www.sans.org/press/announcement/2015/03/30/1
Confidential and Proprietary 7
Nexpose Vulnerability ManagementKnow Your Network
• Security assessment for the modern network
• Identify what’s important to your business
• Use attacker mindset to find weaknesses
Manage Risk Effectively
• Use critical threat awareness from Metasploit
• Prioritize business risks that matter
• Create concise actionable remediation plans
Simplify Your Compliance
• Perform fast, unified security & compliance assessment
• Automate workflows
• Leverage built-in Audit & PCI report templates
Flexible and Scalable Architecture
Multiple deployment optionsAgentless scanningScale with scan enginesOpenAPI™ for integrations
Enterprise Architecture
9Confidential and Proprietary
Why Nexpose?• Advanced remediation reports, Built-in actionable report templates, dynamic
asset group/ vulnerability filtering, and customizable report templates• Scan logs available beyond scan reports • largest vulnerability and best exploitation knowledge (having 200000
community members)• Unlimited and free scan engines• Flexible deployment, Deploy as standalone solution as software, virtual
appliance, or cloud• Risk rating available between 0-1000 (risk score Patented by Rapid7)• Single modules & interfaces for Infra vulnerability, compliance scanning, Data
base scanning & basic web app security testing• Multiple pre-built user roles and granular permission customization• Two-tier support model allows first engineer to resolve case without escalation• Vulnerability correlation & validation out of the box
Confidential and Proprietary 11
Test Your Defenses More EfficientlyPhishing Simulation
• Manage phishing awareness to reduce user risk
• Use for user education or as part of a penetration test
Vulnerability Validation
• Validate vulnerabilities to demonstrate risk
• Close-loop integration with Nexpose for remediation
Penetration Testing
• Simulate a real-world attack to test your defenses
• Conduct penetration tests 45% faster
Why Metasploit Pro
Conduct penetration tests 45% faster
Validate vulnerabilites to
prioritize remediation
Manage phishing awareness to reduce
user risk
Metasploit Pro is an efficient, scalable way to test your defenses.
Confidential and Proprietary 17
Why AppSpider?
• AppSpider assess all of the advanced formats including:
• Rich Internet Applications (RIA):– AJAX-JSON (JQuery), AJAX-REST, AJAX-GWT
• Web Services (includes mobile interfaces): – Web Services (REST, SOAP with or without WSDL,
XML, RPC), Flash Remoting – AMF, Mobile JSON, Mobile REST
• Complex workflows:– CSRF/XSRF, Workflow/sequences (eg. Shopping
carts)
• AppSPider provides Compliance testing Certifications:
• PCI, SOX, HIPAA, OWASP, DISA-STIG, GLBA, FISMA, CWESANS
Accuracy Vulnerability validation non-destructive scans
Confidential and Proprietary 19
From Compromise to Containment — Fast!
Speed InvestigationsContextual Investigations
Endpoint ForensicsEnterprise Search
Cut Through the NoiseBehavioral Analytics
Detection TrapsAlerting
End Data DrudgeryLog, Machine and User Data
AttributionCompliance Reporting
20
Detect and Investigate User-Based Attacks DETECT
Effective Detection of Attacks
• Detect attacker’s entry and lateral movement in the network
• Detection with no overhead: automatic detection without the need to build and maintain rules
INVESTIGATEFast Incident Investigation
• Rapid investigation of impacted users
• Quickly define “who else is impacted”
• Easily triage significant events
DISCOVERSimple Discovery of User Risk
• Discover user behavior across on premise, cloud and mobile environments
• Discover policy violations
• Track all administrator activity
• Discover user behavior in provisioned cloud services
Confidential and Proprietary 22
Why Insight?
• User activities behavioral base monitoring:- FIND THE ATTACKS YOU'RE MISSING
• Detect Attacks & Known malwares (irrespective of your antivirus) Automatically
• Investigate Quickly
• Detect compromised credentials across your entire ecosystem
• Spot lateral movement, a common attacker method
• Get endpoint visibility without "yet another agent“
• Stop wasting time writing rules
Confidential and Proprietary 24
Rapid7 Solutions at GlanceTHREAT EXPOSURE MANAGEMENT User Risk Management
> Assess risk based on vulnerabilities, configurations > Asset discovery> Vulnerability Validation> Prioritized remediation> Compliance reporting
> Operationalize offensive security
> Automate penetration testing
> Verify controls effectiveness
> Test exposure to phishing
> Audit web applications
> Visibility into user risk across on premise, mobile & cloud
> Detect compromised users
> Monitor risky behavior
> Fast incident response
> Mobile risk management
> Vulnerability detection accuracy > Breadth of coverage> Integration and Correlation> Ability to test apps at scale> Compliance reporting