1 / 28

Ryan Bragg

Ryan Bragg. Channel Sales Engineer. Predictive Vulnerability Prioritization. Focusing on What Matters First. Questions. The massive WannaCry outbreak caused an estimated $1 billion in damage costs in just its first four days , according to Stu Sjouwerman , CEO at  KnowBe4.

marthalewis
Download Presentation

Ryan Bragg

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ryan Bragg Channel Sales Engineer Predictive Vulnerability Prioritization Focusing on What Matters First

  2. Questions

  3. The massive WannaCry outbreak caused an estimated $1 billion in damage costs in just its first four days, according to Stu Sjouwerman, CEO at KnowBe4. CSO Online:https://www.csoonline.com/article/3197582/ransomware-damages-rise-15x-in-2-years-to-hit-5-billion-in-2017.html Source: Bank Info Security Website

  4. Foundational Barriers

  5. Focus determines success

  6. The Visibility Barrier

  7. Creating a Cyber Exposure Gap Cyber Exposure Gap

  8. Process Barriers Ponemon Institute, Dec 2018

  9. Not Asking the Right Questions ? ? ? ? How are we reducing exposure over time? How do we compare? Where are we exposed? Where should we prioritize based on risk?

  10. Volume & Prioritization Barriers

  11. Vulnerability Trends Gartner Market Guide for Vulnerability Assessment, Craig Lawson, PrateekBhajanka, June 19, 2018

  12. The Severity Problem 60% 12% 7% 17,000 • Vulnerabilities Disclosed in 2018 of vulnerabilities had an exploit available of vulnerabilities disclosed in 2017 were CVSS 9+ of vulnerabilities discovered in environments are CVSS 7+

  13. CVSSv3 COMPOUNDS PRIORITIZATION CHALLENGE Vulnerability Intelligence ReportTenable Research

  14. Vulnerability Management by Severity

  15. CVSS — Shortcomings “CVSS is designed to identify the technical severity of a vulnerability. What people seem to want to know, instead, is the risk a vulnerability or flaw poses to them, or how quickly they should respond to a vulnerability.”TOWARDS IMPROVING CVSSSOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITYDecember 2018

  16. TOP 10 VULNERABILITIES USED BY CYBERCRIMINALS IN 2018 Of the top 10 Only 4 have a CVSS Score > 9.0 March 19,2019

  17. Attacks on New Vulnerabilities Attackers have an average of 7 day head start from Time to Exploit Availability against the Time to Assess Source: Tenable Research Report – “Quantifying the Attackers First Move Advantage”

  18. What Should We Do?

  19. Threat Intelligence Insight into which vulnerabilities are actively being exploited by both targeted and opportunistic threat actors. Vulnerability Rating The criticality, ease of exploit and attack vectors associated with the flaw. Research Insights Data science based analysis of over 109,000 vulnerabilities to differentiate between the real and theoretical risks vulnerabilities pose 97% Predictive PrioritizationReducing the Burden- Dramatically Reduction in vulnerabilities to be remediated with the same impact to the attack surface PRIORITIZATION PREDICTIVE

  20. A Data Science Approach:Understanding the Model 150 different aspects in 7 feature groups • Past threat pattern • CVSS • NVD • Past hostility • Vulnerable software • Exploit code • Past threat source • Forecast probability of exploit in near term future • Updated daily

  21. Some of What is in the Model • Distinct days with cyber exploits • Days since last cyber exploit • Total cyber exploit events • Days since first cyber exploit • Days since last cyber attack • CVE Age • No. Words in NVD Description • Days Since NVD Last Modified • Number of References • CVSS v3 Base Score • CVSS v3 Exploitability Score • CVSS v3 Impact Score • Total Affected Software • CWE • Days since last ExploitDB entry • Days since first ExploitDB entry • Days since last Metasploit entry • Total ExploitDB entries • Total Metasploit entries 21

  22. Terminology • Predictive Prioritization: The process of re-prioritizing vulnerabilities based on the probability that they will be leveraged in an attack. • Vulnerability Priority Rating (VPR): The output of the Predictive Prioritization process. VPR is the number that indicates the remediation priority (0 through 10, with 10 being the highest severity) of an individual vulnerability.

  23. Prioritization Is Critical Critical Critical High High Medium Risk-Driven Scoring Medium Low Low CVSSv3 Vulnerability Priority Rating (risk-based)

  24. We Find the Needles 3% Vulnerability Priority Rating

  25. VPR INSIGHT - 70 DAYS PRIOR TO CVSS SCORE VPR CVSS Linux Kernel Flaw

  26. Top Five Vulnerabilities in 2018 Extracted from the Recorded Future Report “Top Ten Vulnerabilities of 2018” 03/19/19

  27. Takeaways for Success!

  28. Thank You

More Related