Building an Advanced Vulnerability Management Program

00:05

hello everyone and welcome to today's

00:06

session of segbot webcast

00:09

i'm jixy your host through segbot

00:11

webcast we bring you the latest

00:13

happening set report

00:15

and exciting stuff we are working on to

00:18

prevent cyber attacks for enterprise i.t

00:21

security teams globally

00:23

today's session is on building an

00:26

advanced vulnerability management

00:27

program i'd like to introduce the rest

00:29

presented

00:30

i have with me chandra shaker founder

00:33

and ceo of secbod

00:35

chandra will talk to you about an

00:37

interesting topic on vulnerability

00:38

management i'm excited to listen

00:41

hope you're all hooked up to

00:44

before we begin i'd like to remind uh

00:46

all uh that our recorded version of this

00:49

webinar will be

00:50

available on

00:52

our bright talk channel as well as our

00:54

youtube channel we will also send it

00:56

according to your email address uh after

00:59

this session so you can watch it and

01:01

share it

01:02

share with others in your team

01:04

towards the end of the session we will

01:06

have a q a q a uh quick q a i would love

01:10

to hear from you um whatever questions

01:12

you have chandra is here to answer

01:15

uh all your questions you can post your

01:17

questions in the chat box

01:19

just below your bright talk video player

01:24

for those of you just joining welcome

01:26

over to each other audience is always

01:30

all right thank you jax here good

01:32

morning everyone good afternoon and good

01:34

evening i know we have people joining

01:36

from

01:37

these geographies

01:39

around the world

01:40

thank you everyone for taking the time

01:42

to be part of this session

01:44

if you're already into vulnerability

01:46

management or revisiting your

01:48

vulnerability management program

01:52

or you're not realizing the

01:55

the security effectiveness that you set

01:58

out to

01:59

while implementing your vulnerability

02:01

management program

02:04

or

02:06

trying to manage your attack surface or

02:09

reducing the attack surface so i believe

02:11

this session is going to be

02:14

useful

02:16

for you

02:20

now

02:21

vm or vulnerability management as you

02:23

know is a

02:26

key component of the cyber attack

02:29

prevention

02:30

layer

02:31

so if you look at the

02:33

cyber security framework you have

02:35

prevention detection response and

02:38

recovery

02:39

and vulnerability management or attack

02:41

surface management is one of the key

02:47

element

02:48

as part of the prevention layer

02:50

the more you invest

02:52

your effort into prevention the less

02:55

fire fighting that you'll have to

02:57

deal with at the detection and response

03:00

layer

03:01

as they say prevention is better than

03:03

cure

03:04

i can slightly modify that and say

03:06

prevention is

03:08

better than

03:09

detection response here obviously you

03:12

don't want to get into a recovery stage

03:15

if you want to prevent all possible

03:17

cyber attacks before before attackers

03:20

are able to succeed

03:22

and vulnerability management

03:27

if implemented properly will help us

03:30

get to that scenario

03:34

personally i have been in the

03:36

vulnerability management industry of

03:37

cyber security industry for over two

03:40

decades now and i have been

03:42

looking at this wheel

03:45

for more than 15 years or so

03:49

and this is typically what vulnerability

03:52

management life cycle is all about

03:54

identifying the vulnerabilities

03:56

assessing the vulnerabilities to

03:58

understand the risks involved

04:00

prioritizing those vulnerabilities that

04:03

must be

04:04

dealt with

04:05

and remediate those vulnerabilities

04:09

and report those

04:12

after remediating even before

04:14

remediating you want to understand and

04:16

then

04:16

after remediating you want to know that

04:19

those vulnerabilities are actually

04:21

eliminated and this has this is a cycle

04:25

cyclic process uh supposed to be a

04:28

continuous

04:29

process

04:31

and this particular field there's

04:33

nothing wrong in it simple elegant if

04:36

implemented correctly we will be able to

04:39

achieve that

04:40

cyber security posture that we all uh

04:43

want to achieve in order to prevent

04:47

attacks

04:50

i have been part of the early nessus

04:52

development effort in ways and scap and

04:57

oval most recently in the security

04:59

automation

05:01

side of

05:03

the the technology

05:04

and i have been seeing this particular

05:06

deal

05:07

it has not changed since then it has

05:09

been the same

05:11

and as i mentioned earlier it is

05:14

if implemented correctly we would be

05:16

able to achieve the goal that we all

05:18

want to

05:21

but the pitfall

05:22

is

05:24

here

05:26

number one is vulnerability scanning

05:28

activity itself takes

05:31

weeks together to perform

05:34

and then when you have the

05:36

scanning activity completed you

05:39

you are provided with a report that runs

05:42

into thousands of pages

05:44

and post that as a security

05:46

administrator of the it operations team

05:49

you are responsible for

05:51

understanding this vulnerability

05:54

prioritize those vulnerability identify

05:56

what is my mitigation to to

05:59

overcome that vulnerability and then

06:02

apply a security

06:04

patch or other remediation controls that

06:06

that you may want to in order to

06:08

eliminate that vulnerability

06:10

and this exercise uh takes anywhere

06:13

typically between three to five months

06:15

to complete it and that is a

06:17

large window of opportunity for

06:19

attackers to exploit

06:21

and we all know that there are at least

06:23

30 to 50 new vulnerabilities being

06:25

discovered on a

06:27

day-to-day basis

06:29

these are known vulnerabilities that

06:31

have the cve identifier assigned

06:34

by nest

06:36

but there are good number of

06:37

vulnerabilities that

06:39

may never have a cv identifier a sign

06:42

but they are still vulnerabilities that

06:44

are

06:45

attackers are exploiting those so this

06:48

is one side on the software

06:50

vulnerability but there are risks that

06:52

go beyond software vulnerabilities

06:55

maybe security controls that are

06:58

not

06:59

appropriately implemented they can be

07:01

misconfigurations they can be unwanted

07:03

software assets etc present so

07:06

these are never discovered as part of

07:08

the attack surface management initiative

07:10

that we

07:11

implement

07:13

and then again even if you want to

07:15

implement this

07:17

lifecycle vulnerability management

07:19

lifecycle process

07:21

we may have to invest in at least

07:23

five to six different tools or products

07:27

in order to achieve that particular goal

07:29

and each of them operate in silo

07:31

they do not talk to each other

07:34

and you need to have the resources

07:36

who are skilled to handle these

07:39

products understand

07:42

from one to another and

07:46

and apply the controls that we want to

07:49

so the complexity is there and that is

07:50

why

07:52

the effectiveness that we want to

07:54

achieve is not there

07:55

because of the manual interventions that

07:57

require lack of automation and

07:59

continuity

08:01

in this entire process it makes it

08:03

extremely cumbersome to implement

08:06

a continuous and automated vulnerability

08:09

management program

08:10

but beyond that

08:12

as i mentioned multiple siloed products

08:15

operating

08:18

in silo because of this

08:21

we won't be able to apply the the

08:22

remediation controls that we want to

08:26

because

08:28

the vulnerability management product

08:29

does not feed its findings into a

08:32

remediation product for example the

08:34

patch management product

08:36

so all of this make it extremely

08:38

cumbersome

08:40

to achieve that security effectiveness

08:42

that we all look to achieve and

08:45

either managing or eliminating the

08:47

attack surface becomes

08:50

a tedious

08:52

task and time consuming task and a lot

08:55

of effort is involved in implementing

08:58

that

09:01

now that leaves us with these three

09:05

questions

09:07

question number one is are we uncovering

09:09

all the i.t

09:11

risks that are there

09:14

beyond vulnerabilities not just the

09:16

software vulnerabilities but other kinds

09:18

of world merit like this

09:20

the second question is that

09:24

who takes the ownership for remediating

09:27

these vulnerabilities vulnerabilities

09:29

are discovered but

09:31

who is supposed to

09:33

remediate these vulnerabilities that is

09:35

the second question and the third

09:37

question is

09:39

why are these not continuous and

09:41

automated and everywhere else there's

09:46

continuous integration and continuous

09:48

delivery for example and

09:50

all of these are becoming

09:53

the norm

09:55

elsewhere but in the vulnerability

09:56

management space the continuous and

09:59

automation has not become the norm

10:01

so there is no single console where i

10:04

can implement a vulnerability management

10:06

program

10:07

and

10:08

successfully achieve

10:10

the security effectiveness goal that we

10:12

all

10:12

aspire to achieve

10:16

so

10:18

are there security risks beyond the

10:20

software vulnerabilities yes so you have

10:23

misconfigurations

10:25

the operating systems and the

10:26

applications and the network devices

10:29

properly maybe not configured

10:31

appropriately

10:32

as per the the security baseline that

10:35

you would want to

10:36

there can be

10:38

asset exposures outdated

10:40

assets present for example and unwanted

10:43

applications unauthorized services

10:46

running

10:47

there can be critical

10:48

security patches that are not rolled out

10:50

which should have been rolled out

10:53

and there can be additional security

10:55

controls that may not be working as you

10:57

would expect

11:00

as you want them to

11:01

work maybe a firewall is disabled

11:04

maybe you've enabled

11:06

a

11:07

file system level encryption and that is

11:09

not appropriately implemented or maybe

11:13

the the anti-malware product that you

11:15

have

11:16

installed is not running properly so all

11:19

of these can be the security controls

11:22

deviations in the security controls that

11:24

you have already implemented

11:26

but there can also be other types of

11:29

posture related anomalies that can be

11:31

present

11:32

within the environment so if you look at

11:34

the attack surface holistically

11:37

across the the it landscape all of these

11:40

are equally important equally critical

11:42

and an attacker can exploit any of these

11:47

with ease if these are

11:50

widely open

11:52

so it's important that we have that we

11:54

deal with each of these

11:56

risks beyond the software

11:58

vulnerabilities

12:02

now the second question that we had was

12:05

who takes the ownership for mitigating

12:08

these vulnerabilities not just

12:09

discovering all the

12:11

problems and generating a report that

12:13

runs into thousands of pages but

12:15

is there a

12:17

mitigation available

12:19

maybe through deployment of security

12:21

update that is available for operating

12:23

systems and applications

12:26

or it can be some of these

12:29

unwanted services and

12:31

ports that are open you may have to turn

12:34

them off or there are certain services

12:37

that you want them to be running but

12:38

they are not running so you may want to

12:41

run those

12:42

as necessary

12:46

as in a requirement so

12:48

without that

12:50

capability to remediate those risks that

12:53

are identified uh the again the

12:56

effectiveness is

12:57

kind of

12:58

broken and you're not able to achieve

13:00

that goal

13:02

and third and the most important one is

13:06

why is it not continuous and automated

13:08

why wouldn't we be able to

13:11

make this

13:13

discovery process into a day-to-day

13:16

activity and also the remediation

13:22

so it is essential that we make it into

13:24

a continuous process because newer

13:27

vulnerabilities are being discovered

13:28

every day

13:30

and

13:31

it environment is also changing every

13:33

day this is not anymore an audit driven

13:36

approach where i would run a scan once

13:38

in a month or a quarter

13:40

and just to meet the

13:42

the needs of

13:44

the audit that

13:46

that is due

13:47

but it needs to be a continuous and

13:49

automated process it needs to be a daily

13:52

routine that we

13:55

uncover the risks mitigate the risks

13:58

make it into a routine where i'm

14:00

achieving that

14:02

goal

14:03

so all of these three things are really

14:06

important to establish

14:08

a cyber hygiene posture

14:14

that we want to

14:16

so the

14:19

without that

14:21

what we are left with this very low

14:24

certainty because we don't know if we

14:26

have found or discovered all the

14:28

vulnerabilities that are out there

14:31

from misconfigurations to security

14:33

control deviations to asset exposure etc

14:36

second

14:39

we don't have that control sense of

14:41

control

14:42

that we want to have because we have

14:45

discovered number of problems but we

14:47

have not actually mitigated those

14:49

problem and it is a time consuming

14:51

process

14:52

and we are living with those

14:54

vulnerabilities without

14:56

mitigation the third is not having that

15:00

continuity or an automated

15:03

approach to

15:04

solving this problem

15:08

so what we

15:09

propose

15:11

in an advanced vulnerability management

15:13

program is

15:15

these layers visibility identify assets

15:19

prioritize remediate and report it's

15:22

nothing different

15:24

from the wheel that we talked about

15:26

but what we do in each of these layers

15:29

uh matter the most one is do we have

15:32

continuous visibility into the i.t

15:34

environment

15:35

are we able to identify all sorts of

15:37

risks that the nit environment is

15:39

subjected to

15:41

can we assess those risks understand

15:43

those risks and prioritize those risks

15:46

and do we have an integrated remediation

15:48

capability where i can go ahead and fix

15:50

all those risks that are identified and

15:53

then finally

15:54

reporting these

15:57

controls that i have applied in

16:00

to fix these deviations that we found

16:03

out and have that sense of confidence a

16:05

sense of control that we have actually

16:07

taken care of

16:08

each of those problems that are

16:10

discovered

16:11

more importantly

16:13

if you see the

16:15

the interface between them

16:17

each of these layers must be

16:20

integrated

16:22

the the findings from the visibility

16:24

goes into identified

16:26

identification layer and that goes into

16:28

the assessment and prioritization layer

16:31

and so on and so forth

16:33

and it has to be

16:35

integrated as well

16:37

having a central uh centralized

16:40

management console where i'm having

16:42

visibility to all of these

16:44

and i'm able to apply the controls that

16:47

i want to apply

16:49

to mitigate those risks that are

16:51

identified

16:52

so this is the the framework

16:55

that we propose for implementing an

16:58

advanced vulnerability management

17:02

program but let's look at each of these

17:05

layers and see what is really necessary

17:09

from

17:10

from the

17:11

little bit of technical details

17:15

that each of these layers

17:18

should have

17:19

one is visibility

17:21

getting visibility over the the itself

17:24

when i say visibility it is the

17:26

continuous visibility you want to know

17:27

what changes are taking place

17:29

you want to know which system joined the

17:32

network you want to know if there are

17:34

shadow id

17:36

and unauthorized and

17:39

unwanted applications present within the

17:41

environment or if some service is

17:44

running which is not supposed to be

17:45

running or some users have logged in who

17:47

are not supposed to be

17:49

logging in so

17:51

likewise you will have that need to know

17:54

what is going on within the environment

17:56

in real time and without visibility it

17:58

is impossible to achieve

18:00

security and that is a primary need

18:03

for

18:04

for any organization to implement a

18:07

cyber security

18:08

posture management

18:12

now from visibility it's all about

18:14

discovering the vulnerabilities and i

18:16

say the vulnerability term here

18:19

it encompasses all of those from

18:21

software vulnerabilities to

18:22

misconfigurations to

18:24

asset exposure missing security patches

18:27

and security controls deviations etc

18:31

so it's important that we assess

18:34

discover all sorts of vulnerabilities

18:37

within the it environment and this has

18:39

to happen

18:41

daily

18:45

and

18:45

assessing and prioritizing is also

18:48

an important layer once i have

18:51

discovered all the vulnerabilities

18:54

can run into thousands of

18:56

vulnerabilities and in some cases

18:58

hundreds of thousands of vulnerabilities

19:00

if you were to club all all of those

19:02

different types

19:04

now it is important to assess understand

19:07

what is the risk exposure each of these

19:09

vulnerabilities present

19:11

and prioritize those vulnerabilities and

19:14

in order to prioritize the

19:15

vulnerabilities you may have certain

19:18

variables coming in from the external

19:21

feed as well maybe

19:23

a threat intelligence telling us that

19:26

this particular vulnerability is widely

19:28

exploited

19:29

or it can be a asset criticality itself

19:32

maybe a

19:33

particular server that is running a very

19:36

critical or business critical

19:37

application and that needs to be

19:39

safeguarded fast so any vulnerability in

19:42

that environment becomes

19:44

extremely important and critical to fix

19:48

now

19:49

we may be able to

19:50

bring in some machine learning and

19:53

predictive capability as well to

19:54

identify a particular vulnerability that

19:57

can go on to become

19:59

popular in terms of how widely it is

20:02

going to be exploited

20:04

and we should also have that attacker's

20:06

perspective of understanding what these

20:08

vulnerabilities are

20:10

or and how do we how an attacker could

20:13

exploit these vulnerabilities if we let

20:15

them open

20:17

so all this can be

20:18

[Music]

20:21

put into some sort of a scoring

20:24

mechanism to to understand the

20:27

cyber security posture

20:30

that we have within the environment

20:32

and when we do that we will exactly know

20:34

uh what vulnerabilities are

20:38

there which are critical that i must act

20:41

upon immediately

20:42

what are those vulnerabilities that i

20:44

can wait for maybe a couple of days so

20:47

that kind of prioritization it will help

20:49

us

20:51

when when essentially especially when

20:53

you have too many vulnerabilities that

20:55

you want to deal with and you want to

20:57

prioritize and act upon those

20:58

vulnerabilities

21:04

the next layer is the remediation of

21:06

these vulnerabilities so typically

21:08

vulnerabilities

21:10

software vulnerabilities are

21:12

dealt with by applying the security

21:14

updates on the operating systems and

21:16

third-party application

21:19

software that are installed in the

21:20

environment

21:22

but

21:23

having the the software patches rolled

21:25

out alone is not enough this there are

21:28

misconfigurations where you'll have to

21:30

apply the the system hardening measures

21:33

both at the operating system level

21:35

application levels and even for the

21:37

network devices that are present within

21:39

the environment

21:40

we need to fix those security controls

21:43

that are deviating

21:44

and posture anomalies that could be

21:47

there that need that needs to be

21:49

dealt with as well so

21:51

some of the examples could be you have

21:53

an unauthorized application

21:56

installed within the environment you may

21:58

have to you may want to uninstall that

22:00

particular application maybe the

22:03

firewall policy is disabled and you will

22:05

not enable that

22:06

anti-malware product itself is not

22:08

running properly you may have to start

22:10

that

22:11

or there can be other

22:13

settings

22:14

like the ip forwarding for example in

22:16

our line xbox you may want to disable it

22:19

for

22:20

security reasons and these are

22:22

hundreds of such controls that you that

22:25

you may want to apply in order to

22:28

eliminate the the risks that are

22:30

discovered apart from rolling out the

22:32

software batches alone so it's important

22:34

to have the

22:36

the ability to not just apply the

22:39

software patches but also having

22:41

additional controls that you want to

22:42

roll out to eliminate the

22:45

vulnerabilities that are identified

22:48

once you have remediated these

22:50

vulnerabilities it is about reporting

22:53

understanding and get having that

22:55

confidence that i've actually fixed all

22:57

the vulnerabilities

22:58

and some of these

23:00

findings you may want to feed into

23:03

external system as well

23:05

maybe a

23:06

same product wants to know what

23:08

vulnerabilities are discovered in the

23:10

environment

23:11

and at times it it's also critical to

23:14

have some

23:15

sort of an alert mechanism to know if

23:18

there are high critical vulnerabilities

23:19

that are discovered within the

23:21

environment i want to get an instant

23:24

alert so i can act upon those

23:27

those vulnerabilities

23:29

on priority

23:34

now

23:34

most important of all of these is being

23:37

able to automate each of these

23:41

bring in the automation that is

23:43

necessary at each of these control

23:45

each of these layers

23:48

being able to run

23:49

vulnerability scan automatically every

23:52

day being able to roll out the security

23:54

controls in case there is a drift every

23:57

day

23:58

and being able to apply uh security

24:01

patches critical security answers at

24:03

least on an automated basis to some of

24:06

the eit environment

24:08

so these are the automations that that

24:10

i'm talking about

24:12

there are significant number of

24:14

activities within the vulnerability

24:16

management space that can be automated

24:18

into

24:19

a routine

24:21

so if you were to look at that diagram

24:23

once again

24:27

so all of these layers coming together

24:30

on a single console

24:32

talking to each other

24:34

being able to make those decision or

24:36

help us make those decisions

24:39

and being able to automate this entire

24:41

process is what we call an advanced

24:44

vulnerability management so at the

24:46

visibility layer you have continuous

24:48

visibility identification there you have

24:52

discovered vulnerabilities

24:53

misconfiguration missing security

24:55

patches and other security risk

24:57

exposures

24:58

the assessment and prioritization layer

25:02

we have

25:03

understood the risks

25:05

and we have come up with a remediation

25:08

strategy by prioritizing what are those

25:10

vulnerabilities that you want to act

25:12

upon

25:13

and we've also fed in additional

25:15

external

25:16

data feeds to help us prioritize those

25:19

vulnerabilities

25:20

maybe

25:21

a particular vulnerability is being

25:23

exploited in the wild there's an exploit

25:25

kit that is

25:27

making use of a particular vulnerability

25:30

and

25:31

so and the attacker perspective itself

25:33

so all of this information will help us

25:35

prioritize this vulnerability in order

25:38

to remediate at the remediation layer

25:40

it's about application of the the

25:42

security patches but also makes

25:45

fixing the misconfigurations

25:47

and applying security controls that go

25:49

beyond

25:51

patching alone and finally

25:53

being able to report on all of these

25:56

vulnerabilities that are discovered and

25:58

the mitigations that you have wrote down

26:01

and then the

26:03

key

26:04

part of this is being able to unify them

26:08

into a centralized management console

26:10

and having one console to manage the

26:12

entire program so this is what is

26:15

one advanced vulnerability management

26:20

so moving on

26:26

so what are the benefits that we get out

26:28

of

26:29

implementing such a program obviously

26:31

the the security effectiveness has

26:34

increased

26:35

because you're able to automate a good

26:37

number of these process and you're able

26:39

to

26:40

know the risks every day and you're

26:42

having the controls to

26:45

eliminate those risks

26:47

essentially managing the attack surface

26:50

effectively and

26:53

we also have the advantage of being

26:55

audit ready at all time because we are

26:57

able to achieve that continuous

26:58

compliance to either industry security

27:01

benchmarks like the pci and hipaa etc

27:04

but also technical security controls

27:07

from nest and cis and stig and all of

27:10

these security controls you you will

27:12

have that sense that you are able to

27:14

achieve that

27:15

continuous compliance to any of these

27:18

guidelines so at any point in time we

27:20

will be able to demonstrate compliance

27:23

to the auditors

27:25

and

27:26

we have the integrated console where you

27:30

have visibility to

27:32

vulnerabilities and misconfigurations

27:34

and id

27:35

security exposures

27:37

that go beyond these vulnerabilities so

27:39

you have one view where you get to know

27:42

all the risks that that the iit

27:44

environment is exposed to

27:47

and there is an integrated remediation

27:49

controls that i can roll out from within

27:51

the same console depending on the type

27:54

of vulnerability that is discovered if

27:56

it is a software over nobody vendor has

27:58

released a patch already go ahead and

28:00

roll out the patch and i see there is an

28:03

unauthorized application installed in

28:05

one of the system go ahead and

28:08

uninstall that particular application or

28:10

blacklist that particular application

28:12

maybe there are certain devices that are

28:14

connected to the network which

28:16

should not be

28:18

black

28:19

block access to those

28:21

devices

28:22

so all of these controls are available

28:25

within the same console now

28:28

to apply and as soon as i apply those

28:32

mitigation we will have that

28:37

sense of having applied those mitigation

28:39

because the vulnerabilities are

28:41

eliminated within the same

28:45

process within the same console you have

28:47

the visibility to know if effectively

28:50

that particular vulnerability is fixed

28:51

or not

28:53

and beyond all this we will be able to

28:55

achieve that resource efficiency you

28:58

don't have to operate in multiple

29:01

consoles and

29:04

more number of people required to

29:06

operate on each of them

29:08

and

29:09

reduce the cost of

29:11

ownership

29:12

of implementing such a program within

29:14

the within your environment

29:23

so

29:24

with

29:25

the implementation of advanced

29:27

vulnerability management what we get is

29:29

certainty

29:30

knowing that i have uncovered all

29:32

possible risks

29:34

control

29:36

having implemented the remediation

29:38

measures

29:40

within the same console and having

29:42

eliminated those vulnerabilities that

29:44

were discovered

29:45

and continuity because you automated

29:48

significant number of these process into

29:50

a daily routine

29:53

majority of these are running

29:56

on their own and you still have the

29:58

visibility and control that you would

30:00

want to within that centralized console

30:02

that you're talking

30:08

so secbod is pioneering this journey

30:12

reinventing the vulnerability management

30:15

through our senarno platform cyber

30:17

hygiene platform

30:19

it makes it into a continuous and

30:21

automated process

30:25

it brings together multiple tools into

30:28

one single console by unifying all the

30:31

use cases that you know all the the

30:34

layers that we talked about into one

30:36

single console

30:38

from discovering the vulnerabilities

30:40

misconfigurations asset exposures

30:43

and other security controls deviations

30:46

but also having the tool set to roll out

30:49

the security patches and security

30:51

controls that go beyond patching

30:54

all of these are coming together into

30:56

one single console supported by one

30:59

single agent

31:01

and having real-time communication

31:04

with these agents to discover the

31:07

problem and also having

31:09

opportunity to respond to those

31:12

uncovered problems within the same

31:14

console in real time

31:16

and

31:19

saner now platform works

31:21

with

31:23

multiple

31:24

types of devices that are typically

31:26

present from windows operating system to

31:29

linux and mac os but also on virtual

31:32

devices and network

31:33

infrastructures that are typically

31:37

present within the environment

31:39

and we have the

31:43

security checks to discover the

31:46

vulnerabilities and misconfigurations

31:48

and all types of security risks within

31:50

the environment supported by our

31:53

repository of security checks that we

31:55

are building in-house but also having or

31:59

enriching this discovery by feeding in

32:01

additional threat intelligence to help

32:03

prioritize those vulnerabilities and

32:05

and

32:09

coming up with a risk mitigation program

32:12

that can be effectively implemented

32:15

and cno now as a platform is available

32:18

uh

32:19

as a sas deployment

32:21

but also as an on-premise

32:24

deployment

32:25

if

32:26

any of our customers are interested in

32:28

non-premise deployment

32:30

so sena now vm is the vulnerability

32:33

management module runs a scan every day

32:35

scans typically take about five minutes

32:37

to complete

32:39

cm is the configuration

32:42

management or system hardening module it

32:44

identifies the configuration address

32:47

drifts with

32:49

within the operating systems and the

32:51

applications and servers and network

32:53

infrastructure but it also has the

32:55

ability to mitigate those configuration

32:59

drifts within the environment and you

33:02

can set it into an automated process

33:04

where anything

33:06

becomes a deviation you have the

33:08

automated control that you can apply to

33:10

bring back the device into a compliant

33:12

posture

33:13

see now pm is the patch management

33:15

module

33:16

helps

33:17

patch operating system from microsoft

33:20

windows to linux and mac os but apart

33:23

from that large list of third-party

33:25

applications can also be

33:27

patched

33:28

within the same console

33:30

asset exposure module discovers

33:33

the idea set provides real-time

33:35

visibility into the computing

33:37

infrastructure

33:39

but also identifies risks

33:42

from shadow i.t to unauthorized

33:44

applications to unwanted

33:46

soft presence of unwanted software

33:49

etc

33:50

then the endpoint management module

33:52

provides

33:53

further granular visibility into the

33:55

endpoint devices knowing who was logged

33:58

in what services and ports are

34:01

open

34:03

is your antivirus or anti-malware

34:05

product running effectively and we have

34:08

hundreds of such checks that can be

34:09

monitored in real time to discover the

34:12

security controls deviations

34:15

but also has integrated remediation to

34:17

fix these deviations

34:19

so all these tools are coming together

34:22

within the single console

34:25

and giving that visibility that we need

34:27

and the control that we need in order to

34:29

implement

34:31

effective

34:32

advanced vulnerability management

34:34

program

34:39

with that i conclude my part

34:42

over to you jackson

34:47

fantastic that was uh

34:49

amazing uh chandra i got to learn uh

34:51

something new uh definitely i'm sure

34:54

everybody would have found uh some value

34:57

from this session

34:58

so

34:59

uh regarding qna we do have uh

35:03

so we'll take five minutes from uh your

35:06

uh

35:07

of yours uh chandra to answer a few

35:09

questions that our audience has and

35:11

we're just gonna going to read out them

35:13

for you and

35:15

can take them from there

35:17

sure um

35:18

so

35:19

first

35:21

have you ever had this question how's

35:22

your how is your solution different from

35:25

qualis

35:28

all right it's a good question so

35:31

collis is a vulnerability management

35:33

product

35:34

and uh cnn is also a vulnerability

35:38

management product and

35:40

as we discussed in in our session what

35:43

we're trying to do is bring all of these

35:46

use cases

35:48

into one single console from

35:49

vulnerability detection to

35:51

misconfiguration detection to asset

35:53

exposure and poster anomaly detection

35:56

and security controls deviation

35:58

detection

35:59

into one single console

36:01

but having an integrated mitigation

36:03

capability as well not just with the

36:05

patch management but additional

36:08

security controls that can be applied to

36:11

eliminate these vulnerabilities that are