Building an Advanced Vulnerability Management Program
Summary
TLDRIn the Segbot webcast, Jixy introduces Chandra Shaker, CEO of SecBod, who presents on advanced vulnerability management. Shaker discusses the importance of continuous visibility, assessment, prioritization, and remediation of vulnerabilities in cybersecurity. He highlights the challenges of traditional vulnerability management and introduces SecBod's Senarno platform, which unifies these processes into a single console for real-time vulnerability detection and automated remediation across IT environments, aiming to improve security effectiveness and compliance.
Takeaways
- 😀 The Segbot webcast, hosted by Jixy, focuses on building an advanced vulnerability management program to help prevent cyber attacks for enterprise IT security teams globally.
- 👥 Jixy introduces Chandra Shaker, the founder and CEO of SecBod, who discusses the importance of vulnerability management in the cybersecurity framework.
- 🔒 Vulnerability management (VM) is a key component of the cyber attack prevention layer, emphasizing the need for continuous investment in prevention to reduce the need for reactive measures.
- 🔄 The traditional vulnerability management lifecycle involves identifying, assessing, prioritizing, remediating, and reporting vulnerabilities, which should be a continuous and automated process.
- 📈 Chandra highlights the pitfalls of vulnerability scanning, such as the time-consuming nature of the process and the volume of vulnerabilities that can be overwhelming for IT teams to manage effectively.
- 🛡️ The talk addresses the need to go beyond software vulnerabilities and consider other risks like misconfigurations, asset exposures, and security control deviations that can be exploited by attackers.
- 🤖 The complexity of managing vulnerability management with multiple siloed tools is discussed, emphasizing the need for integration and automation to improve security effectiveness.
- 🔑 Chandra proposes an advanced vulnerability management program with layers of visibility, identification, prioritization, remediation, and reporting, all integrated into a centralized management console.
- 🌐 The importance of continuous visibility into the IT environment and the ability to assess and prioritize risks in real-time is underscored for effective vulnerability management.
- 🛠️ The session discusses the integration of remediation controls within the same console used for vulnerability identification, allowing for immediate response to security risks.
- 📊 The benefits of implementing an advanced vulnerability management program include increased security effectiveness, audit readiness, resource efficiency, and the ability to manage and eliminate the attack surface.
Q & A
What is the main focus of today's segbot webcast session?
-The main focus of the segbot webcast session is on building an advanced vulnerability management program to prevent cyber attacks for enterprise IT security teams globally.
Who is the presenter for the vulnerability management topic in the webcast?
-Chandra Shaker, the founder and CEO of SecBod, is the presenter for the vulnerability management topic.
How can I access the recorded version of the webcast session?
-The recorded version of the webcast will be available on their Bright Talk channel and YouTube channel, and it will also be sent to the participants' email addresses after the session.
What is the typical life cycle of vulnerability management according to the script?
-The typical life cycle of vulnerability management includes identifying vulnerabilities, assessing the risks involved, prioritizing those vulnerabilities, remediating them, and reporting the status after remediation.
What are some of the challenges faced in traditional vulnerability management as mentioned in the script?
-Some challenges include the time-consuming nature of vulnerability scanning, dealing with voluminous reports, the complexity of managing multiple siloed tools, and the lack of automation and continuity in the process.
How does the script suggest improving the effectiveness of vulnerability management?
-The script suggests improving effectiveness by implementing a continuous and automated vulnerability management program that integrates various aspects such as visibility, identification, prioritization, remediation, and reporting into a single console.
What is the significance of integrating multiple security tools into a single console as discussed in the webcast?
-Integrating multiple security tools into a single console allows for better visibility, control, and automation of the vulnerability management process, making it more efficient and effective in preventing cyber attacks.
How does the script address the issue of new vulnerabilities being discovered daily?
-The script emphasizes the need for a continuous and daily vulnerability scanning process to及时发现 and address new vulnerabilities as they emerge.
What are some of the key benefits of implementing an advanced vulnerability management program as outlined in the script?
-Key benefits include increased security effectiveness, audit readiness at all times, resource efficiency, reduced cost of ownership, and the ability to manage and eliminate the attack surface more effectively.
How does the script differentiate between vulnerability management and security information event management (SIEM)?
-The script differentiates by stating that vulnerability management operates in the prevention layer, focusing on managing the attack surface and eliminating potential weaknesses, while SIEM operates in the detection and response layer, focusing on detecting and responding to potential exploits or unwanted activities.
What is the role of threat intelligence in the vulnerability management platform discussed in the script?
-Threat intelligence plays a crucial role in the platform by providing real-time updates on vulnerabilities, helping to prioritize them based on their exploitation in the wild, and supporting the development of a risk mitigation program.
How does the advanced vulnerability management program handle compliance with various regulatory standards?
-The program includes built-in compliance templates for various standards such as PCI, HIPAA, and others, allowing users to generate reports that demonstrate compliance and export them as needed.
What deployment options are available for the advanced vulnerability management platform mentioned in the script?
-The platform is available for both cloud-hosted and on-premise deployments, offering flexibility based on the organization's needs and environment.
Outlines
📺 Introduction to Segbot Webcast on Advanced Vulnerability Management
The session begins with Jixy introducing the Segbot webcast, focusing on advanced vulnerability management for enterprise IT security. Jixy welcomes the audience and introduces Chandra Shaker, CEO of SecBod, who will discuss vulnerability management. The webcast aims to cover the latest in cyber attack prevention and is recorded for later viewing on various platforms. A Q&A session is promised at the end, encouraging audience interaction through the chat.
🔒 The Challenge of Traditional Vulnerability Management
Chandra Shaker delves into the challenges of traditional vulnerability management, noting the time-consuming nature of scanning activities and the overwhelming reports they generate. He highlights the gap between vulnerability discovery and effective remediation, the rapid pace of new vulnerability discoveries, and the complexity of managing multiple tools. Chandra emphasizes the need for a more integrated, automated, and continuous approach to vulnerability management to reduce the attack surface and improve security effectiveness.
🤔 Key Questions in Vulnerability Management
Chandra poses three critical questions regarding vulnerability management: uncovering IT risks beyond software vulnerabilities, identifying the ownership for remediating vulnerabilities, and understanding why vulnerability management is not continuously automated like other IT processes. He stresses the importance of addressing these questions to improve security postures and prevent potential attacks.
🛡️ Proposing an Advanced Vulnerability Management Program
The discussion shifts to an advanced vulnerability management program that Chandra proposes, which includes layers for visibility, identification, prioritization, remediation, and reporting. He emphasizes the need for continuous visibility into the IT environment, the ability to assess and prioritize risks, integrated remediation capabilities, and effective reporting. The goal is to create a unified and automated process for better cybersecurity management.
🔍 Deep Dive into the Visibility and Identification Layers
Chandra elaborates on the importance of continuous visibility and the identification of a wide range of vulnerabilities, including software, misconfigurations, and asset exposures. He discusses the need for daily assessments and the integration of external data feeds, like threat intelligence, to prioritize vulnerabilities effectively. The focus is on understanding the cybersecurity posture and identifying critical vulnerabilities that require immediate action.
🛠️ Remediation Strategies and Automation
The session continues with Chandra discussing remediation strategies that go beyond patching software vulnerabilities to include system hardening and addressing security control deviations. He highlights the significance of automation in vulnerability management, emphasizing the need for daily scans, real-time response to security drifts, and the application of security patches and controls through a centralized console.
📊 Benefits of an Advanced Vulnerability Management Program
Chandra outlines the benefits of implementing an advanced vulnerability management program, including increased security effectiveness, audit readiness, integrated risk visibility, and resource efficiency. He explains how a centralized management console provides a unified view of risks and remediation controls, leading to a more efficient and cost-effective vulnerability management process.
🌐 Introducing SecBod's Senarno Platform for Cyber Hygiene
Chandra introduces SecBod's Senarno platform, a cyber hygiene solution that unifies vulnerability management into a single console. The platform supports various devices and integrates multiple tools for vulnerability detection, configuration management, patch management, asset exposure, and endpoint management. It operates in real-time, providing visibility and control for an effective vulnerability management program.
📩 Q&A Session and Closing Remarks
The session concludes with a Q&A segment where Chandra addresses questions about the differentiation of SecBod's solution from competitors, the availability of presentation materials, on-premise installation options, and the integration with other security solutions. He also discusses the platform's capabilities for OT environments and its use of threat intelligence. The session ends with an invitation for a free trial of the Senarno platform and acknowledgments of the audience's participation.
Mindmap
Keywords
💡Vulnerability Management
💡Cyber Attack Prevention
💡Enterprise IT Security Teams
💡Attack Surface Management
💡CVE Identifier
💡Misconfigurations
💡Security Posture
💡Automation
💡Continuous Visibility
💡Remediation Controls
💡Security Information Event Management (SIEM)
💡Compliance
💡Threat Intelligence
Highlights
Introduction to Segbot Webcast and its focus on preventing cyber attacks through advanced vulnerability management.
Chandra Shaker, founder and CEO of SecBOD, discusses the importance of vulnerability management in cybersecurity.
The session emphasizes building a program that can manage vulnerabilities effectively to prevent cyber attacks.
Availability of the recorded webinar on Bright Talk and YouTube channels for further learning.
The vulnerability management lifecycle explained, including identification, assessment, prioritization, remediation, and reporting.
Challenges in vulnerability scanning, such as time consumption and the volume of vulnerabilities reported.
The need for a more integrated and automated approach to vulnerability management to reduce the attack surface.
Discussion on the limitations of current vulnerability management tools and the need for a unified solution.
Importance of continuous visibility into the IT environment and the integration of various security controls.
The role of machine learning and predictive capabilities in identifying and prioritizing vulnerabilities.
The benefits of an advanced vulnerability management program, including increased security effectiveness and audit readiness.
How Senarno Platform by SecBOD unifies vulnerability management into a single console for comprehensive security.
Explanation of the different modules within the Senarno Platform, including VM, CM, PM, and Asset Exposure.
The platform's ability to work with various types of devices and operating systems for vulnerability detection.
The significance of threat intelligence in prioritizing vulnerabilities and the platform's integration with such feeds.
How the platform supports both cloud and on-premise deployment options for organizations.
The conclusion summarizing the key points of implementing an advanced vulnerability management program.
Transcripts
hello everyone and welcome to today's
session of segbot webcast
i'm jixy your host through segbot
webcast we bring you the latest
happening set report
and exciting stuff we are working on to
prevent cyber attacks for enterprise i.t
security teams globally
today's session is on building an
advanced vulnerability management
program i'd like to introduce the rest
presented
i have with me chandra shaker founder
and ceo of secbod
chandra will talk to you about an
interesting topic on vulnerability
management i'm excited to listen
hope you're all hooked up to
before we begin i'd like to remind uh
all uh that our recorded version of this
webinar will be
available on
our bright talk channel as well as our
youtube channel we will also send it
according to your email address uh after
this session so you can watch it and
share it
share with others in your team
towards the end of the session we will
have a q a q a uh quick q a i would love
to hear from you um whatever questions
you have chandra is here to answer
uh all your questions you can post your
questions in the chat box
just below your bright talk video player
for those of you just joining welcome
over to each other audience is always
all right thank you jax here good
morning everyone good afternoon and good
evening i know we have people joining
from
these geographies
around the world
thank you everyone for taking the time
to be part of this session
if you're already into vulnerability
management or revisiting your
vulnerability management program
or you're not realizing the
the security effectiveness that you set
out to
while implementing your vulnerability
management program
or
trying to manage your attack surface or
reducing the attack surface so i believe
this session is going to be
useful
for you
now
vm or vulnerability management as you
know is a
key component of the cyber attack
prevention
layer
so if you look at the
cyber security framework you have
prevention detection response and
recovery
and vulnerability management or attack
surface management is one of the key
element
as part of the prevention layer
the more you invest
your effort into prevention the less
fire fighting that you'll have to
deal with at the detection and response
layer
as they say prevention is better than
cure
i can slightly modify that and say
prevention is
better than
detection response here obviously you
don't want to get into a recovery stage
if you want to prevent all possible
cyber attacks before before attackers
are able to succeed
and vulnerability management
if implemented properly will help us
get to that scenario
personally i have been in the
vulnerability management industry of
cyber security industry for over two
decades now and i have been
looking at this wheel
for more than 15 years or so
and this is typically what vulnerability
management life cycle is all about
identifying the vulnerabilities
assessing the vulnerabilities to
understand the risks involved
prioritizing those vulnerabilities that
must be
dealt with
and remediate those vulnerabilities
and report those
after remediating even before
remediating you want to understand and
then
after remediating you want to know that
those vulnerabilities are actually
eliminated and this has this is a cycle
cyclic process uh supposed to be a
continuous
process
and this particular field there's
nothing wrong in it simple elegant if
implemented correctly we will be able to
achieve that
cyber security posture that we all uh
want to achieve in order to prevent
attacks
i have been part of the early nessus
development effort in ways and scap and
oval most recently in the security
automation
side of
the the technology
and i have been seeing this particular
deal
it has not changed since then it has
been the same
and as i mentioned earlier it is
if implemented correctly we would be
able to achieve the goal that we all
want to
but the pitfall
is
here
number one is vulnerability scanning
activity itself takes
weeks together to perform
and then when you have the
scanning activity completed you
you are provided with a report that runs
into thousands of pages
and post that as a security
administrator of the it operations team
you are responsible for
understanding this vulnerability
prioritize those vulnerability identify
what is my mitigation to to
overcome that vulnerability and then
apply a security
patch or other remediation controls that
that you may want to in order to
eliminate that vulnerability
and this exercise uh takes anywhere
typically between three to five months
to complete it and that is a
large window of opportunity for
attackers to exploit
and we all know that there are at least
30 to 50 new vulnerabilities being
discovered on a
day-to-day basis
these are known vulnerabilities that
have the cve identifier assigned
by nest
but there are good number of
vulnerabilities that
may never have a cv identifier a sign
but they are still vulnerabilities that
are
attackers are exploiting those so this
is one side on the software
vulnerability but there are risks that
go beyond software vulnerabilities
maybe security controls that are
not
appropriately implemented they can be
misconfigurations they can be unwanted
software assets etc present so
these are never discovered as part of
the attack surface management initiative
that we
implement
and then again even if you want to
implement this
lifecycle vulnerability management
lifecycle process
we may have to invest in at least
five to six different tools or products
in order to achieve that particular goal
and each of them operate in silo
they do not talk to each other
and you need to have the resources
who are skilled to handle these
products understand
from one to another and
and apply the controls that we want to
so the complexity is there and that is
why
the effectiveness that we want to
achieve is not there
because of the manual interventions that
require lack of automation and
continuity
in this entire process it makes it
extremely cumbersome to implement
a continuous and automated vulnerability
management program
but beyond that
as i mentioned multiple siloed products
operating
in silo because of this
we won't be able to apply the the
remediation controls that we want to
because
the vulnerability management product
does not feed its findings into a
remediation product for example the
patch management product
so all of this make it extremely
cumbersome
to achieve that security effectiveness
that we all look to achieve and
either managing or eliminating the
attack surface becomes
a tedious
task and time consuming task and a lot
of effort is involved in implementing
that
now that leaves us with these three
questions
question number one is are we uncovering
all the i.t
risks that are there
beyond vulnerabilities not just the
software vulnerabilities but other kinds
of world merit like this
the second question is that
who takes the ownership for remediating
these vulnerabilities vulnerabilities
are discovered but
who is supposed to
remediate these vulnerabilities that is
the second question and the third
question is
why are these not continuous and
automated and everywhere else there's
continuous integration and continuous
delivery for example and
all of these are becoming
the norm
elsewhere but in the vulnerability
management space the continuous and
automation has not become the norm
so there is no single console where i
can implement a vulnerability management
program
and
successfully achieve
the security effectiveness goal that we
all
aspire to achieve
so
are there security risks beyond the
software vulnerabilities yes so you have
misconfigurations
the operating systems and the
applications and the network devices
properly maybe not configured
appropriately
as per the the security baseline that
you would want to
there can be
asset exposures outdated
assets present for example and unwanted
applications unauthorized services
running
there can be critical
security patches that are not rolled out
which should have been rolled out
and there can be additional security
controls that may not be working as you
would expect
as you want them to
work maybe a firewall is disabled
maybe you've enabled
a
file system level encryption and that is
not appropriately implemented or maybe
the the anti-malware product that you
have
installed is not running properly so all
of these can be the security controls
deviations in the security controls that
you have already implemented
but there can also be other types of
posture related anomalies that can be
present
within the environment so if you look at
the attack surface holistically
across the the it landscape all of these
are equally important equally critical
and an attacker can exploit any of these
with ease if these are
widely open
so it's important that we have that we
deal with each of these
risks beyond the software
vulnerabilities
now the second question that we had was
who takes the ownership for mitigating
these vulnerabilities not just
discovering all the
problems and generating a report that
runs into thousands of pages but
is there a
mitigation available
maybe through deployment of security
update that is available for operating
systems and applications
or it can be some of these
unwanted services and
ports that are open you may have to turn
them off or there are certain services
that you want them to be running but
they are not running so you may want to
run those
as necessary
as in a requirement so
without that
capability to remediate those risks that
are identified uh the again the
effectiveness is
kind of
broken and you're not able to achieve
that goal
and third and the most important one is
why is it not continuous and automated
why wouldn't we be able to
make this
discovery process into a day-to-day
activity and also the remediation
so it is essential that we make it into
a continuous process because newer
vulnerabilities are being discovered
every day
and
it environment is also changing every
day this is not anymore an audit driven
approach where i would run a scan once
in a month or a quarter
and just to meet the
the needs of
the audit that
that is due
but it needs to be a continuous and
automated process it needs to be a daily
routine that we
uncover the risks mitigate the risks
make it into a routine where i'm
achieving that
goal
so all of these three things are really
important to establish
a cyber hygiene posture
that we want to
so the
without that
what we are left with this very low
certainty because we don't know if we
have found or discovered all the
vulnerabilities that are out there
from misconfigurations to security
control deviations to asset exposure etc
second
we don't have that control sense of
control
that we want to have because we have
discovered number of problems but we
have not actually mitigated those
problem and it is a time consuming
process
and we are living with those
vulnerabilities without
mitigation the third is not having that
continuity or an automated
approach to
solving this problem
so what we
propose
in an advanced vulnerability management
program is
these layers visibility identify assets
prioritize remediate and report it's
nothing different
from the wheel that we talked about
but what we do in each of these layers
uh matter the most one is do we have
continuous visibility into the i.t
environment
are we able to identify all sorts of
risks that the nit environment is
subjected to
can we assess those risks understand
those risks and prioritize those risks
and do we have an integrated remediation
capability where i can go ahead and fix
all those risks that are identified and
then finally
reporting these
controls that i have applied in
to fix these deviations that we found
out and have that sense of confidence a
sense of control that we have actually
taken care of
each of those problems that are
discovered
more importantly
if you see the
the interface between them
each of these layers must be
integrated
the the findings from the visibility
goes into identified
identification layer and that goes into
the assessment and prioritization layer
and so on and so forth
and it has to be
integrated as well
having a central uh centralized
management console where i'm having
visibility to all of these
and i'm able to apply the controls that
i want to apply
to mitigate those risks that are
identified
so this is the the framework
that we propose for implementing an
advanced vulnerability management
program but let's look at each of these
layers and see what is really necessary
from
from the
little bit of technical details
that each of these layers
should have
one is visibility
getting visibility over the the itself
when i say visibility it is the
continuous visibility you want to know
what changes are taking place
you want to know which system joined the
network you want to know if there are
shadow id
and unauthorized and
unwanted applications present within the
environment or if some service is
running which is not supposed to be
running or some users have logged in who
are not supposed to be
logging in so
likewise you will have that need to know
what is going on within the environment
in real time and without visibility it
is impossible to achieve
security and that is a primary need
for
for any organization to implement a
cyber security
posture management
now from visibility it's all about
discovering the vulnerabilities and i
say the vulnerability term here
it encompasses all of those from
software vulnerabilities to
misconfigurations to
asset exposure missing security patches
and security controls deviations etc
so it's important that we assess
discover all sorts of vulnerabilities
within the it environment and this has
to happen
daily
and
assessing and prioritizing is also
an important layer once i have
discovered all the vulnerabilities
can run into thousands of
vulnerabilities and in some cases
hundreds of thousands of vulnerabilities
if you were to club all all of those
different types
now it is important to assess understand
what is the risk exposure each of these
vulnerabilities present
and prioritize those vulnerabilities and
in order to prioritize the
vulnerabilities you may have certain
variables coming in from the external
feed as well maybe
a threat intelligence telling us that
this particular vulnerability is widely
exploited
or it can be a asset criticality itself
maybe a
particular server that is running a very
critical or business critical
application and that needs to be
safeguarded fast so any vulnerability in
that environment becomes
extremely important and critical to fix
now
we may be able to
bring in some machine learning and
predictive capability as well to
identify a particular vulnerability that
can go on to become
popular in terms of how widely it is
going to be exploited
and we should also have that attacker's
perspective of understanding what these
vulnerabilities are
or and how do we how an attacker could
exploit these vulnerabilities if we let
them open
so all this can be
[Music]
put into some sort of a scoring
mechanism to to understand the
cyber security posture
that we have within the environment
and when we do that we will exactly know
uh what vulnerabilities are
there which are critical that i must act
upon immediately
what are those vulnerabilities that i
can wait for maybe a couple of days so
that kind of prioritization it will help
us
when when essentially especially when
you have too many vulnerabilities that
you want to deal with and you want to
prioritize and act upon those
vulnerabilities
the next layer is the remediation of
these vulnerabilities so typically
vulnerabilities
software vulnerabilities are
dealt with by applying the security
updates on the operating systems and
third-party application
software that are installed in the
environment
but
having the the software patches rolled
out alone is not enough this there are
misconfigurations where you'll have to
apply the the system hardening measures
both at the operating system level
application levels and even for the
network devices that are present within
the environment
we need to fix those security controls
that are deviating
and posture anomalies that could be
there that need that needs to be
dealt with as well so
some of the examples could be you have
an unauthorized application
installed within the environment you may
have to you may want to uninstall that
particular application maybe the
firewall policy is disabled and you will
not enable that
anti-malware product itself is not
running properly you may have to start
that
or there can be other
settings
like the ip forwarding for example in
our line xbox you may want to disable it
for
security reasons and these are
hundreds of such controls that you that
you may want to apply in order to
eliminate the the risks that are
discovered apart from rolling out the
software batches alone so it's important
to have the
the ability to not just apply the
software patches but also having
additional controls that you want to
roll out to eliminate the
vulnerabilities that are identified
once you have remediated these
vulnerabilities it is about reporting
understanding and get having that
confidence that i've actually fixed all
the vulnerabilities
and some of these
findings you may want to feed into
external system as well
maybe a
same product wants to know what
vulnerabilities are discovered in the
environment
and at times it it's also critical to
have some
sort of an alert mechanism to know if
there are high critical vulnerabilities
that are discovered within the
environment i want to get an instant
alert so i can act upon those
those vulnerabilities
on priority
now
most important of all of these is being
able to automate each of these
bring in the automation that is
necessary at each of these control
each of these layers
being able to run
vulnerability scan automatically every
day being able to roll out the security
controls in case there is a drift every
day
and being able to apply uh security
patches critical security answers at
least on an automated basis to some of
the eit environment
so these are the automations that that
i'm talking about
there are significant number of
activities within the vulnerability
management space that can be automated
into
a routine
so if you were to look at that diagram
once again
so all of these layers coming together
on a single console
talking to each other
being able to make those decision or
help us make those decisions
and being able to automate this entire
process is what we call an advanced
vulnerability management so at the
visibility layer you have continuous
visibility identification there you have
discovered vulnerabilities
misconfiguration missing security
patches and other security risk
exposures
the assessment and prioritization layer
we have
understood the risks
and we have come up with a remediation
strategy by prioritizing what are those
vulnerabilities that you want to act
upon
and we've also fed in additional
external
data feeds to help us prioritize those
vulnerabilities
maybe
a particular vulnerability is being
exploited in the wild there's an exploit
kit that is
making use of a particular vulnerability
and
so and the attacker perspective itself
so all of this information will help us
prioritize this vulnerability in order
to remediate at the remediation layer
it's about application of the the
security patches but also makes
fixing the misconfigurations
and applying security controls that go
beyond
patching alone and finally
being able to report on all of these
vulnerabilities that are discovered and
the mitigations that you have wrote down
and then the
key
part of this is being able to unify them
into a centralized management console
and having one console to manage the
entire program so this is what is
one advanced vulnerability management
so moving on
so what are the benefits that we get out
of
implementing such a program obviously
the the security effectiveness has
increased
because you're able to automate a good
number of these process and you're able
to
know the risks every day and you're
having the controls to
eliminate those risks
essentially managing the attack surface
effectively and
we also have the advantage of being
audit ready at all time because we are
able to achieve that continuous
compliance to either industry security
benchmarks like the pci and hipaa etc
but also technical security controls
from nest and cis and stig and all of
these security controls you you will
have that sense that you are able to
achieve that
continuous compliance to any of these
guidelines so at any point in time we
will be able to demonstrate compliance
to the auditors
and
we have the integrated console where you
have visibility to
vulnerabilities and misconfigurations
and id
security exposures
that go beyond these vulnerabilities so
you have one view where you get to know
all the risks that that the iit
environment is exposed to
and there is an integrated remediation
controls that i can roll out from within
the same console depending on the type
of vulnerability that is discovered if
it is a software over nobody vendor has
released a patch already go ahead and
roll out the patch and i see there is an
unauthorized application installed in
one of the system go ahead and
uninstall that particular application or
blacklist that particular application
maybe there are certain devices that are
connected to the network which
should not be
black
block access to those
devices
so all of these controls are available
within the same console now
to apply and as soon as i apply those
mitigation we will have that
sense of having applied those mitigation
because the vulnerabilities are
eliminated within the same
process within the same console you have
the visibility to know if effectively
that particular vulnerability is fixed
or not
and beyond all this we will be able to
achieve that resource efficiency you
don't have to operate in multiple
consoles and
more number of people required to
operate on each of them
and
reduce the cost of
ownership
of implementing such a program within
the within your environment
so
with
the implementation of advanced
vulnerability management what we get is
certainty
knowing that i have uncovered all
possible risks
control
having implemented the remediation
measures
within the same console and having
eliminated those vulnerabilities that
were discovered
and continuity because you automated
significant number of these process into
a daily routine
majority of these are running
on their own and you still have the
visibility and control that you would
want to within that centralized console
that you're talking
so secbod is pioneering this journey
reinventing the vulnerability management
through our senarno platform cyber
hygiene platform
it makes it into a continuous and
automated process
it brings together multiple tools into
one single console by unifying all the
use cases that you know all the the
layers that we talked about into one
single console
from discovering the vulnerabilities
misconfigurations asset exposures
and other security controls deviations
but also having the tool set to roll out
the security patches and security
controls that go beyond patching
all of these are coming together into
one single console supported by one
single agent
and having real-time communication
with these agents to discover the
problem and also having
opportunity to respond to those
uncovered problems within the same
console in real time
and
saner now platform works
with
multiple
types of devices that are typically
present from windows operating system to
linux and mac os but also on virtual
devices and network
infrastructures that are typically
present within the environment
and we have the
security checks to discover the
vulnerabilities and misconfigurations
and all types of security risks within
the environment supported by our
repository of security checks that we
are building in-house but also having or
enriching this discovery by feeding in
additional threat intelligence to help
prioritize those vulnerabilities and
and
coming up with a risk mitigation program
that can be effectively implemented
and cno now as a platform is available
uh
as a sas deployment
but also as an on-premise
deployment
if
any of our customers are interested in
non-premise deployment
so sena now vm is the vulnerability
management module runs a scan every day
scans typically take about five minutes
to complete
cm is the configuration
management or system hardening module it
identifies the configuration address
drifts with
within the operating systems and the
applications and servers and network
infrastructure but it also has the
ability to mitigate those configuration
drifts within the environment and you
can set it into an automated process
where anything
becomes a deviation you have the
automated control that you can apply to
bring back the device into a compliant
posture
see now pm is the patch management
module
helps
patch operating system from microsoft
windows to linux and mac os but apart
from that large list of third-party
applications can also be
patched
within the same console
asset exposure module discovers
the idea set provides real-time
visibility into the computing
infrastructure
but also identifies risks
from shadow i.t to unauthorized
applications to unwanted
soft presence of unwanted software
etc
then the endpoint management module
provides
further granular visibility into the
endpoint devices knowing who was logged
in what services and ports are
open
is your antivirus or anti-malware
product running effectively and we have
hundreds of such checks that can be
monitored in real time to discover the
security controls deviations
but also has integrated remediation to
fix these deviations
so all these tools are coming together
within the single console
and giving that visibility that we need
and the control that we need in order to
implement
effective
advanced vulnerability management
program
with that i conclude my part
over to you jackson
fantastic that was uh
amazing uh chandra i got to learn uh
something new uh definitely i'm sure
everybody would have found uh some value
from this session
so
uh regarding qna we do have uh
so we'll take five minutes from uh your
uh
of yours uh chandra to answer a few
questions that our audience has and
we're just gonna going to read out them
for you and
can take them from there
sure um
so
first
have you ever had this question how's
your how is your solution different from
qualis
all right it's a good question so
collis is a vulnerability management
product
and uh cnn is also a vulnerability
management product and
as we discussed in in our session what
we're trying to do is bring all of these
use cases
into one single console from
vulnerability detection to
misconfiguration detection to asset
exposure and poster anomaly detection
and security controls deviation
detection
into one single console
but having an integrated mitigation
capability as well not just with the
patch management but additional
security controls that can be applied to
eliminate these vulnerabilities that are
discovered
and we make it into a continuous process
where the scans are running every day
and you have the visibility into the
risks but also having the controls to
deploy to eliminate those risks and that
is the the significant difference
between
vulnerability management vendors that
are out there including callers and say
in a non-cyber hygiene platform
perfect
uh the second
question
uh i would like to know if it is
possible to share the presentation with
us and have a short meeting with the pdf
thanks definitely i will reach out to
you i will set up a separate session um
a product demonstration as well as will
share this presentation also
another question
uh for you chandra would be do you have
an on-prem uh on premise installation
how can i get an installation package
all right yes we do have an on-premise
installation uh depending on the the
environment and the deployment method we
would be able to deliver the
installation packages
so typically we have an
all bundled product that can just be
deployed on a vm
for example or if someone is looking to
host it on a cloud environment from aws
as your gcp would be able to
deliver those as well depending on the
scale that you're looking at
so yes so you can talk to us tell us
what is the deployment method that
you're looking at and
we will understand that and provide
the deployment package or the
installation package accordingly and
we'll work with you to install those as
well
okay amazing
next question we have is what makes this
platform different from a seam solution
okay
it's a good
question again so same typically is for
this
operating in the detection and response
layer and we are operating in the
prevention layer
which is about managing the attack
surface eliminating the
potential weaknesses that could be
exploited by the attacker before an
attacker could exploit them
whereas the same products would want to
detect a potential
exploit itself or an unwanted activity
that is taking place you want to detect
that and respond to that particular
incident
so it is
vm or vulnerability management and
security information event management
are operating in two different layers
but
we can't feed our detection into the the
same product so that that will enrich
the same product to
to detect a potential problem
much better so that is the integration
that can be done between the vm and the
same product
okay perfect hope we answered that for
you
another question for you chandra is
how do you help in identifying
vulnerability on ot environment
yes so ot environment these days i mean
most of these devices are connected to
the
computing environment so
we do have customers who have deployed
within the ot environment as well
so we do discover those vulnerabilities
and we do have medications that can be
applied in those environment as well
and one of the requirement that comes up
quite often
as a deployment method in the ot
environment is can it operate in a
an isolated manner where it doesn't have
connectivity to the internet
so that is one another deployment method
that we have taken
yes it can work in those isolated
environments as
well okay
uh
next question
we have is another vulnerability
management program is tenable
what's new feature uh
in sena now vmp versus sustainable vmp
i'm imagining vmp would yeah we have
vulnerability management limiting
management program yes
all right so tenable um
ss good at discovering the
vulnerabilities and there is no
integrated remediation that we are
talking about there is no
natively
patch management tool
and other security controls deviations
that we just discussed
during the course of our session so
that's a significant difference between
a 10 ml's world liberty management
program versus sac board where you have
the
visibility on a day-to-day basis to the
risks that are there within the
environment but also have that
integrated remediation controls that you
can apply and achieve the
security effectiveness that you're
looking for
okay uh my next question is hi team it's
not i don't think it's a question well
hi team joined in late in discussion can
i have a recorded session of this
discussion please i missed the entire
session yes definitely
we are going to send a recorded version
of this webinar to your email
so you can watch it share with your team
as well as we will have a recorded
version of this
webinar available on our website on our
youtube channel as well as another
bright talk channel
so
we our team will definitely reach out to
you
uh next question uh chandler for you is
how relevant would be threatened
intelligence in a vulnerability
management platform
yeah so
there are multiple parameters that we
consider so the
threat intelligence or the vulnerability
intelligence is something that stackpot
we've been working on for the last
10 plus years building
an scap compliant
vulnerability intelligence database and
this world's largest database
it's also being used by some of the
other vendors in the cyber security
industry as well which is the same
intelligence that we use within our
platform
and
not just vulnerability software
vulnerability discovery but also we have
a
greater coverage as well as detecting
the misconfigurations and other
additional
security risks that
can be present within the environment so
that way it is going beyond the the
detection of the software
vulnerabilities alone but also
having the detection mechanisms
to find additional
types of vulnerabilities
and it is updated every day
this is something that we have around
the clock security research team which
is working identifying the
researching on those vulnerabilities and
adding the modules detect needed to to
detect those vulnerabilities timely
and
the same thing also helps identify
you know mitigation that can be applied
to different kinds of vulnerabilities
and it is continuously updated
okay fantastic
the next question i believe we answered
part of the question
but this question is again on ot can the
system be used in an ot system that is
offline
yes yeah which is the requirement that i
was referring to where it needs to be an
offline environment no connectivity to
the internet
and you still be able to do that yes we
do have such deployment method as well
where it works in such an isolated
environment
okay
is this for free uh to get an
installation package for on-prem just
for trial period how long is the trial
period
we do have the the trial available on
our cloud platforms has hosted solution
typically we don't have we don't provide
the on-premise deployment as a trial
but the capabilities of both these
deployments are
equally
same as well as the features and
capabilities are concerned
so it is pretty easy to onboard on our
cloud hosted platform sign up deployed
on 10 devices any kind of devices
windows linux or mac
and
all of the capabilities are available
for a month period to try out the
product
yeah and you can go to our website
www.seqbot.com and request a trial or go
to xenon.com and request a trial
and the team can help you evaluate the
solution for your use cases
next question for you
is are there any built-in compliance
templates such as for hipaa could i get
a report indicating their assets are
compliant which assets are compliant or
not
yes
yeah so we do have uh
templates especially for the
configuration hardening the system
hardening use cases
from nist templates to mappings to cs
and pc and hipaa et cetera
but if you look at the guidelines from
pcr hipaa cyber security framework
it goes beyond the system hardening use
case alone so we have the reports that
can be generated to
prove compliance to any of these
guidelines
so such reports can be built and we can
export those reports
to demonstrate that compliance
okay
uh another question is how sena now
prioritize
the vulnerabilities is that based on
only cvss core or it's considering any
other parameters
it does use cvss core but it also goes
beyond the cvss
from the threat intelligence feed that
we
ingest into our platform
it will help identify
those vulnerabilities that are being
exploited in the wild are being used by
ransomware and malware
as an entry point so all of those are
highlighted and prioritized so
one would have the ability to roll out
the security batches and security
controls
timely for such vulnerabilities
we also have a security alert
mechanism that our research team sends
out
frequently to all our customers to to
help them
understand the vulnerability understand
the impact of that vulnerability and
then mitigate or roll out the mitigation
within the same console so
multiples of these are being used within
within siena now to prioritize
vulnerabilities
okay
and i think this is a follow-up question
uh curious on how it will communicate or
report on the vulnerability for those
out of band objects
uh i think this this is for
not sure i fully understood the
question yeah i think this is this is
this is a follow-up to
uh uh what is what makes this platform
different from a sim solution
so the question is curious on how it
will communicate or report on the
vulnerability for
those out of band objects
i think we can
probably need a little more information
on this question yeah yeah so we can uh
connect with uh
okay i think we can offline offline and
then yeah yeah
then there's uh how does licensing work
do you integrate with cmdb solutions
licensing is
typically based on the number of devices
that you have within your environment
network discoverable devices and the the
endpoints and
workstations and servers
and
we do have a monthly
subscription module model as well as an
annual subscription model available
and the six tools that we talked about
based on
your need or prioritized need you will
be having the ability to enable those
modules
and not pay for the other modules that
you either
or not
prioritize the prioritizing that or you
may have already invested in another
solution
so we have the flexibility of enabling
the request requisite modules and the
number of devices that our software is
installed on
okay
i just wanted to make sure
i
sorry go ahead
no no please go ahead
yeah so i just want to make sure
i get a uh
an idea of your time we have been
keeping you for long i have a couple of
other questions from the audience uh
would you
take up two other questions and then we
can wrap up and all other yes uh
i think we can we can still do that yeah
okay do you have something
okay
so two questions uh one one of them is
are azure and other cloud ias
assets covered
yes so the workload
whether it's running on azure or aws or
gcp we would be able to
uh
cover those as well
all the capabilities that we talked
about
will be available for those
assets
okay and i think a final question for
today the vmp platform has a dynamic
mitigation remediation for assets in the
cloud
is that right let's say to discover
vulnerabilities with configuration in
the cloud and remediation solution
yes
yes we do have the the mitigations
available for all the assets that are in
the cloud once again i would like to
stress upon this point which is the
workload i said
we will be able to identify
vulnerabilities and misconfigurations in
those
environment and having the remediation
capabilities also available to mitigate
those risks
okay perfect thanks thanks a lot chandra
and we do have a couple of other
questions left but
what we're going to do is reach out to
um
all of our viewers individually and
answer them
um separately
thanks for all your questions it was
really an um interacting
q a session
uh for
those of you uh who had the question
whether you will get a recording yes we
will send a recording do you email and
before i close uh chandra i want to
thank you
for giving us your time and
talking about the subject to our
audience
thank you jackson thank you everyone for
being part of the session it's really
good to
receive all those questions happy to
answer hopefully
to your satisfaction
perfect
uh with that
we are
about to end this session so i just like
to
make sure i convey
sequel cinema cyber hygiene platform is
an advanced vulnerability management
solution id security teams use it to
discover vulnerabilities install patches
comply with regulatory standards you get
asset exposure implement security
controls beyond
catching and a lot more you can get a
free trial going to our website www.com
uh once again we will have a recording
session a recorded session uh available
on brighttalk and youtube channel we'll
also send you an email with exact urls
uh to the recording as well as the
presentation that chandra used today
please keep tuned to segbot webcast
we'll see you on our next session thanks
for your valuable time
we wish you a happy time ahead thank you
you
浏览更多相关视频
Complete Guide to SentinelOne EDR (Endpoint Detection and Response): Exploring the Console in Part 1
CompTIA Security+ SY0-701 Course - 4.3 Activities Associated With Vulnerability Management. - PART B
CompTIA Security+ SY0-701 Course - 4.3 Activities Associated With Vulnerability Management. - PART A
8 XDR Benefits You Need to Know About
CompTIA Security+ SY0-701 Course - 4.4 Explain Security Alerting and Monitoring Concepts and Tools.
Wiz Cloud Security Platform - Full Video Demo
5.0 / 5 (0 votes)