RSA Vulnerability Risk Management - PowerPoint Presentation

1. RSA Vulnerability Risk Management“VRM will free up many cycles for our six person team dedicated to vulnerability management.” - Security Director, Telecom Company“We developed our own solution which cost us north of a million dollars…we can replace it with VRM.”- Security Manager, Financial Services Company

2. Disclaimer-Safe Harbor StatementThis presentation is for informational purposes only. This document contains certain statements that may be deemed “forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on assumptions and assessments made by us in light of our experience and perception of historical trends, current conditions and expected future developments. Actual results and timing of events may differ materially from those contemplated by the forward-looking statements due to a number of factors, including regional, national or global political, economic, business, competitive, market and regulatory conditions.Any reproduction, retransmission, or republication of all or part of this document is expressly prohibited without the permission of RSA.

3. FoundationIT Security Risk ManagementScan ResultsIndicators and MetricsAssetsIT Context RegulatoryBiz Context Data CatalogsCVE/CVSS CWECPE CCEThreat Intel UCFIdentityLogin/LogoutRepositoriesIntegrationsWorkflowTicketing ReportsExceptions NotificationsRemediation WorkflowGold Build ImagesModeling/What-IfIncidents & InvestigationsBreach ManagementCrisis ManagementSOC ManagementFocused UIsPersona Based UIInteractive ChartsSearching & FilteringRSA VRMRSA SecOpsPreventativeResponsiveRSA Archer eGRCIT Security Risk SolutionsResponsivePreventativeMeasure OutcomesFoundational

4. DeviceIssueVulnerabilityPatch1235VulnerabilityScanner4Brian, IT Security Analyst, runs his vulnerability scanner.The Vulnerability Scanner finds number of issues on IT systems.Pages of results are delivered to Alice, IT Administrator, to fix.Patches are pushed out or configurations are updated to fix the vulnerabilities.Some patches are missed, don’t fix the problem, or there isn’t enough time to get to them. The vulnerability will sit unaddressed, possibly forever…Vulnerability ManagementWhat does this mean for business risk? What about my most valuable assets?Are we improving? Do we have the right coverage?What happens if the threats change? Can I get more protection quickly?Carlos, CISO, is left wondering:The vulnerability PIT

5. Need For Proactive Data Driven SecurityLarge amounts of vulnerability scan dataThousands of unknown IP addresses each monthMultiple asset repositories – CMDBs, CSVs, etc.Too Much DataHow many assets do we really have?What is the business risk from this vulnerability? What does CVE-2013-0241 on 10.1.2.3 mean?Not Enough InformationIT Security AnalystCISOWhat is the impact of unaddressed vulnerabilities?Are metrics tied to monthly IT operational goals?Is security posture improving? Security Risk

6. VRM In A NutshellScan all networksIdentify all types of vulnerabilitiesScan without affecting IT SLAsIdentify real issuesAssign reliable severity ratingsPrioritize issues based on real riskIdentify the right actionFix/except issuesManage through workflowsTrack the real status of issuesGenerate trend reports, etc.Create dashboardsCreate an accurate asset repositoryTrack technical and business contextUpdate with easeREQUIRED CAPABILITIESCHALLENGESDiscover VulnerabilitiesClassify IssuesAddress IssuesTrack and ReportCatalog AssetsSTEPSNo Relation Between Technical And Business DataLack Of Context And Reliable PrioritizationLack Of Flexible Workflows And AutomationIneffective And Time Consuming ReportingRSA VRM[solution]Scan ResultsBusiness ContextThreat Intel++=Prioritized IssuesWorkflowKPIsReportsScalabilitySpeedAccuracyAddressed by Qualys, McAfee and othersInaccurate and incompleteLack of a single system of records

7. RSA Vulnerability Risk ManagementRSA VRM DATA WAREHOUSEINDEXINGRAW DATA STORAGENORMALIZATIONVULNERABILITY ANALYTICSANALYTICS ENGINEDATA COLLECTORARCHER VULNERABILITY MANAGEMENTWORKFLOWSREPORTSRISK MANAGEMENTCONNECTION WITH GRCIT Security AnalystCISODevicesTicketsExceptionsKPIsRSA VRMVuln. Scan Results(Qualys, McAfee)Vuln. Data Pubs(NVD CVE)Threat Intelligence(US-CERT)Asset Taxonomies(NVD CPE)Other Asset Data(CSV, CMDB, Etc.)AdministratorMarketecture

8. RSA VRM – Vulnerability Analytics Brian’s, IT Security Analyst, dashboardAre all my devices scanned?Is remediation time as per SLA?Are issues handled on time?Track IssuesFacebook style timeline to check overall operational healthBrian focuses on what is important

9. Devices, Vulnerabilities & Issues Single system of record11Assets have business context from Archer, CMDBs, etc.How many devices do I have? Which ones are business critical?How do I discover new devices?Brian, now has the full information.22Brian easily lists high severity active issues3Investigates vulnerability, impacted device & related issues334Assigns Ticket4

10. RSA VRM – Issue Workflow 1Manage Tickets2Assign Workflows3Grant Exception1234Get Approval4

11. RSA VRM – Management Dashboard1Assess Security Risk2Check KPIs3Compare operational efficiency123

12. Key Performance Indicators (KPIs)Assess operational efficiency1Does this group have more staff or better tools?12What changes can be applied to improve this group’s performance?2

13. Key BenefitsAccurate Identification & Prioritization Of Vulnerability IssuesIT Security AnalystCISOAutomation Of The Vulnerability Process To Address IssuesAssign, Measure And Report On Vulnerability Program KPIs More Secure OrganizationManage IT Security Risks ProactivelyIT AdministratorDo More With LessGain Operational EfficiencyGain VisibilityActionable ReportsReliable Asset Catalog With Good Context

14.