Creating a means and method for measuring operational security risk
SITUATION/CHALLENGE - Effective vulnerability management has grown increasingly more essential over the last few years. Not only has the number of known vulnerabilities grown significantly over the years, but the severity and complexity has also. Companies cannot afford to neglect vulnerability management and still expect to successfully maintain system availability and protect sensitive data. As part of a defense-in-depth security strategy, it is necessary to take a proactive approach. Vulnerabilities and weaknesses need to be identified and addressed before they cause a security issue.
As a first step to managing vulnerabilities, most organizations have deployed a network vulnerability assessment scanner. A network vulnerability assessment scanner enables an organization to identify networked devices, applications, and vulnerabilities. A vulnerability assessment scanner does this by scanning the IP addresses of an organization’s network segments to identify open network ports and the associated application and operating system. The scanner then probes the open ports in an attempt to determine the patch level and configuration of
applications and operating systems so that it can identify the vulnerabilities present. The result is a list of hosts and network devices that are reachable with the operating attributes, including running services, software and operating system version, and vulnerabilities. This raw data identifies the network vulnerabilities present but has difficulty prioritizing meaningful remediation efforts and provides limited remediation options.
Many companies have also realized that vulnerability assessment scanners only provide a view of the vulnerabilities that are accessible to them. Since organizations will often deploy multiple scanners throughout the network and configure network access policies that grant wider access to the scanners, it becomes extremely difficult to understand how a vulnerability may be exposed to a threat source or if deeper within the network, may be exposed to other attackable hosts.
Name: Mike Lloyd
Title: Chief Scientist
Company: RedSeal Systems, Inc.
SOLUTION - The most useful measurements to consider when testing network vulnerabilities are:
Relative scoring of hosts: allow the user to assess which networked machines are the most exposed; which are the most at risk, etc.
Trending: allow the user to track the all metrics of a network host over time.
Prioritization of workload: allow the user to decide what mitigation actions are the most overall effective in reducing risk in the environment
Scalability: allow the user to quickly find the needle in a large haystack
To ensure that our end-users can effectively use these metrics, we developed an advanced analysis engine for RedSeal SRM. The analysis engine allows enterprises to quickly prioritize the results of a network vulnerability assessment scan, identify the hosts that are exposed to all untrusted networks, and determine the remediation steps that will provide the most impact to the security of the enterprise. RedSeal SRM’s analysis engine has two major components, the Network Map Analysis™ and the Threat Map Analysis™.
The Network Map Analysis engine analyzes configuration data from network devices to determine what traffic is allowed between any two points in the network and iterates on each and every node on the network to build a complete map of the network, including trusted and untrusted networks.
Meanwhile, the Threat Map Analysis helps security teams tackle the first challenge of vulnerability management-determining which hosts are directly exposed to untrusted networks. By utilizing the results from Network Map Analysis, Threat Map Analysis can overlay the network with host and vulnerability data from your network vulnerability assessment scanner. The results of the Threat Map Analysis are recorded and end-users can choose any point in their network and review all threat links from that source or to that source.
Identifying the hosts directly exposed to untrusted networks is the most important step in prioritizing remediation efforts. End-users can query the RedSeal Threat Map to review all threats that originate from all of their untrusted networks or they can use the RedSeal SRM downstream risk metric to identify and prioritize the directly exposed hosts. The hosts with the greatest downstream risk present the greatest risk to the enterprise based on of the severity of the vulnerabilities present and the network access allowed from the host to other hosts within the network.
The four key metrics our end-users analyze are their exposure, business value of their vulnerabilities, their overall risk and their downstream risk. Providing these enterprises with effective network and threat mapping tools enables them to effectively analyze their networks and make the most informed decisions possible to enhance overall IT security.
Info Security Products Guide
CONCLUSION - RedSeal’s SRM provides instant visibility into the threats that leave an open door to valuable company resources as well as key metrics that allow businesses to thoroughly analyze all threats to their network. Companies of all sizes in all industries, - whether they are the smallest retail store or the largest manufacturer - need to ensure their security infrastructure works. RedSeal SRM offers users the opportunity to identify and proactively minimize security risk. We’ve found that we have two types of users, and they both benefit significantly. By using RedSeal SRM security consultants can offer services more quickly and more broadly, and companies can more rapidly adapt to the changing threat landscapes as well as make more rapid changes to their infrastructure to facilitate new revenue generating applications.
Mike's 20-year professional and academic experience includes thought leadership and execution in the building of large-scale modeling and analysis systems. Prior to RedSeal Systems, Mike served as Chief Technologist for the Assured Networks division of Avaya. His prior experience also includes CTO and principle architect roles in route control technology and MPLS VPN provisioning systems. Mike has co-authored several patents on routing optimization and network traffic security, and actively collaborates on projects between academic and commercial research institutions.
RedSeal Systems, Inc.
350 Convention Way
Suite 375
Redwood City, CA 94063
Tel: 1-650-413-4160
