Best Practices to Cybersecurity Vulnerability Management by NetCom Learning

ABOUT NETCOM LEARNING NetComLearning isanaward-winning global leader in managedlearning services,training andtalentdevelopment. Founded Headquarters DeliveryCapability : 1998 : NewYorkCity : Worldwide CEO : Russel Sarder 100K+ Professionals trained 14K+ Corporate clients 3500 IT,Business& SoftSkilscourses 96% Ofcustomers recommendustoothers 8.6/9 Instructor evaluations 20+ Leadingvendors recognitions Microsoft’s Worldwidetraining partner of the year 80% Trainedofthe Fortune100 Top20 ITTraining Company Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | comptia@netcomlearning.com© 1998-2022 NetCom Learning

Access the Recorded Session here!

CLICK HERE TO WATCH

Importance of threat data and intelligence

Introduction to vulnerability management activities

Common vulnerability assessment tools

Implementation of security measures

Q&A

WHY VULNERABILITY ASSESSMENT?

• A vulnerability assessment is designed to identify unpatched and exploitable vulnerabilities, giving the organization the opportunity to remediate these deficiencies before they are discovered by a bad actor.

• The evolving tools, tactics and procedures used by cybercriminals to breach networks means that it's important to regularly test your organization's cyber security.

• Vulnerability assessment helps to protect your organization by providing visibility of security weaknesses and guidance to address them.

• It helps with greater security insights, ongoing risk management, and the ability to meet regulatory obligations.

VULNERABILITY ASSESSMENT VS. VULNERABILITY MGMT.

• Vulnerability management is different from vulnerability assessment.

• Vulnerability management is an ongoing process, while a vulnerability assessment is a one-time evaluation of a host or network.

• Vulnerability assessment is part of the vulnerability management process, but not vice versa.

CYBER THREAT INTELLIGENCE

• Collection and analysis of information about threats and adversaries- drawing patterns- provide an ability to make decisions – for preparedness, prevention, response- against various cyber attacks.

• Identify and mitigate various business risks- Implementing various advanced and proactive defense strategies.

• CTI is Collecting information about presumed attacks to understand their motive behind attacks- the approach they must follow- analyze this information for securing IT infrastructure of an organization in advance.

Data

Raw, huge, no context, un processed (Structured/ Unstructured)

Information

Meaningful

Intelligence

Analyzed, interpreted, In depth knowledge Supports Decision making & Response Actions

IMPORTANCE OF THREAT DATA AND INTELLIGENCE

• Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors.

• Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors.

• Threat intelligence is evidence-based about existing or emerging menaces or hazards to assets.

• Threat intelligence benefits organizations of all shapes and sizes by helping process threat data to better understand their attackers, respond faster to incidents, and proactively get ahead of a threat actor’s next move.

• Ensure you stay up to date with the often-overwhelming volume of threats, including methods, vulnerabilities, targets and bad actors.

• Reducing risk

• Preventing financial loss

BENEFITS OF

THREAT INTELLIGENCE • Providing greater insights into cyber threats • Preventing data loss- by identifying cause of data leakage • Guiding in incident response • Conducting data analysis- to identify exploitable data • Helps in conducting threat analysis- detecting advanced threats • Helps in sharing threat information- spread awareness • Identifying IOCs • Discovering tactics, techniques and procedures (TTPs) for possible attacks

© 1998-2022 NetCom Learning Interested in training? Contact us! www.netcomlearning.com (888) 563-8266 comptia@netcomlearning.com| | | VULNERABILITY RESEARCH VS. VULNERABILITY ASSESSMENT Vulnerability Research • Discovering vulnerabilities and design flaws • Vulnerabilities are classified based on • Severity Level- Low, medium, high • Exploit Range- Local or Remote • An administrator needs vulnerability research • Gather information about security trends, threats, attacks • Gather information that helps to prevent security problems • Find weakness and alert concerned person before a network attack • To know how to recover from a network attack Vulnerability Assessment • Examination of the ability of a system or application to withstand assault • Vulnerability assessment may be used to • Identify weakness that could be exploited • Predict effectiveness of additional security measures in protecting information from attacks

VULNERABILITY SCORING SYSTEMS AND DATABASES

• Common Vulnerability Scoring System (CVSS)

CVSS provides an open framework for communicating

characteristics and impacts of

vulnerabilities

Its quantitative model ensures repeatable accurate measurement, while enabling users to view

vulnerability characteristics

• Common Vulnerabilities and Exposures (CVE)

• A publicly available and free-to-use list or dictionary of standardized identifiers for common software vulnerabilities and exposures

• National Vulnerability Database (NVD)

• A U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP)

• These data enable the automation of vulnerability management, security measurement, and compliance

• The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics

• Common Weakness Enumeration (CWE)

• A category system for software vulnerabilities and weaknesses

• It is sponsored by the National Cybersecurity FFRDC, which is owned by The MITRE Corporation, with support from US-CERT and the National Cyber Security Division of the U.S. Department of Homeland Security

• It has over 600 categories of weaknesses, which enable CWE to be effectively employed by the community as a baseline for weakness identification, mitigation, and prevention efforts.

•

the

•

the underlying

used to generate the scores.

VULNERABILITY

CLASSIFICATION • Misconfigurations • Default Installations • Buffer overflows • Unpatched Servers • Design Flaws • Operating system flaws • Application Flaws • Open services • Default passwords

TYPES OF VULNERABILITY ASSESSMENT

Active Assessment

Passive Assessment

Assesses

Internal Assessment

Scans the internal

Host-based Assessment

Conducts a configuration-level

Network-based Assessment

Determines

Application Assessment

Tests and analyzes

network security

elements

Database Assessment

Focuses on testing

systems,

content,

•

• Uses a network scanner to find hosts, services, and vulnerabilities •

• Used to sniff the network traffic to discover present active systems, network services, applications, and vulnerabilities present • External Assessment •

the network from a hacker's perspective to discover exploits and vulnerabilities that are accessible to the outside world •

•

infrastructure to discover exploits and vulnerabilities •

•

check to identify system configurations, user directories, file

registry settings, etc., to evaluate the possibility of compromise •

•

possible

attacks that may occur on the organization’s system •

•

all

of the web infrastructure for any misconfiguration, outdated

or known vulnerabilities •

•

databases, such as MYSQL, MSSQL, ORACLE, POSTGRESQL,etc., for the presence of data exposure or injection type vulnerabilities

TYPES OF VULNERABILITY ASSESSMENT

• Wireless Network Assessment

• Determines the vulnerabilities in

• Distributed Assessment

• Assesses the distributed organization assets,

and server applications, simultaneously through

• Credentialed Assessment

• Assesses the network by obtaining

• Non-Credentialed Assessment

machines

in the network

• Assesses the network without acquiring any credentials of the assets present in the enterprise network

• Manual Assessment

• In this type of assessment, the ethical hacker manually assesses the vulnerabilities, vulnerability ranking, vulnerability score, etc.

• Automated Assessment

• In this type of assessment, the ethical hacker employs various vulnerability assessment tools, such as Nessus, Qualys, GFI LanGuard, etc.

the organization’s wireless networks

such as client

appropriate synchronization techniques

the credentials of all

present

VULNERABILITY

TOOLS

ASSESSMENT

• Qualys Vulnerability Management • A cloud-based service that offers immediate global visibility into IT system areas that might be vulnerable to the latest Internet threats and how to protect them • Aids in the continuous identification of threats and monitoring of unexpected changes in a network before they become breaches • Nessus Professional • An assessment solution for identifying the vulnerabilities, configuration issues, and malware. • GFI LanGuard • Scans, detects, assesses, and rectifies security vulnerabilities in a network and connected devices • OpenVAS • A framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution • Nikto • A web server assessment tool that examines a web server to discover potential problems and security vulnerabilities

VULNERABILITY

TOOLS

ASSESSMENT

• Qualys FreeScan https://freescan.qualys.com • Acunetix Web Vulnerability Scanner https://www.acunetix.com • Microsoft Baseline Security Analyzer (MBSA) https://www.microsoft.com • beSECURE (AVDS) https://www.beyondsecurity.com • Nexpose https://www.rapid7.com • Core Impact Pro https://www.coresecurity.com • N-Stalker Web Application Security Scanner https://www.nstalker.com • SAINT https://www.saintcorporation.com • ManageEngine Vulnerability Manager Plus https://www.manageengine.com

CHOOSING A VULNERABILITY ASSESSMENT TOOL

Vulnerability assessment tools are used to test a host or application for vulnerabilities Choose the tools that best satisfy the following requirements: • Can test from dozens to 30,000 different vulnerabilities, depending on the product • Contains several hundred different attack signatures • Matches your environment and expertise • Has accurate network, application mapping, and penetration tests • Has several regularly updated vulnerability scripts for the platforms that you are scanning • Generates reports • Checks different levels of penetration in order to prevent lockups • Ensure that it does not damage your network or system while running tools • Understand the functionality, and decide on the information that needs to be collected before beginning • Decide the source location of the scan, taking into consideration the information that needs to be collected • Enable logging every time a computer is scanned • Users should scan their systems frequently for vulnerabilities

IMPLEMENTATION OF SECURITY MEASURES

• Develop a cybersecurity strategy for your organization, A cybersecurity strategy is a high-level plan for how your organization will secure its assets during the next three to five years.

• Create a detailed cybersecurity policy, A cybersecurity policy sets the standards of behavior for activities such as the encryption of email attachments and restrictions on the use of social media.

• Backup and encrypt your data.

• Use multi-factor authentication.

• Create secure passwords and keep them safe.

• Use the principle of least privilege.

• Know who is accessing your data.

• Educate and train your employees.

• Keep all software and apps up to date.

• Don’t underestimate hackers.

RECOMMENDED COURSES NetCom Learning offers a comprehensive portfolio for Security » EC-COUNCIL CHFI: COMPUTER HACKING FORENSIC INVESTIGATOR V10 – Class Scheduled on Oct 17 » COMPTIA PENTEST+ CERTIFICATION PREP (EXAM PT0-002) - Class Scheduled on Dec 12 » COMPTIA SECURITY+ CERTIFICATION PREP (EXAM SY0-601) - Class Scheduled on Oct 24 You can also access the below Marketing Assets » Free 1hr Training - Getting started with 5 fundamental domains of cybersecurity governance » Free On-Demand Training - Learn to Defend Against Multi-Stage Network Breaches in 40 Minutes » Blog - What’s New in EC-Council CEH v12: Features & Updates Interested in training? Contact us! | www.netcomlearning.com |© 1998-2022 NetCom Learning (888) 563-8266 | comptia@netcomlearning.com

OTHER MARKETING ASSETS COURSES& CERTIFICATIONS Interested in training? Contact us! | www.netcomlearning.com |© 1998-2022 NetCom Learning OUR FREEVIRTUALEVENTS BLOGS SAVINGS PROGRAMS & PROMOS (888) 563-8266 | comptia@netcomlearning.com

Stay Digital Safe - Assess and Upskill your team against cyber threats now ! NetCom Learning's end-user Cybersecurity Awareness Training & Phishing Simulation Solution offers phishing simulations on email, voice, and text to organizations, and is bundled with 90+ interactive security awareness video courses for the end-users. Interested in training? Contact us! | www.netcomlearning.com |© 1998-2022 NetCom Learning (888) 563-8266 | comptia@netcomlearning.com Request a Demo

The number of cyberattacks across the globe is increasing with time. Can you afford to compromise your organization’s security? Equip your workforce with advanced ethical hacking skills with all new EC-Council C|EH® v12 and improve your organizational security! Upskill Now Interested in training? Contact us! | www.netcomlearning.com |© 1998-2022 NetCom Learning (888) 563-8266 | comptia@netcomlearning.com

Learning Passport Flexible Team Training Package Specifically designed to be customized for the number of learners you plan to train on top-notch technology providers – including Microsoft, AWS, Cisco, CompTIA, Adobe, Autodesk, PMI, EC-Council, and more. Redeemable over 4,000+ official courses Flexible fund validity of 12 months Contact Us Now To Schedule your appointment with our learning consultants. Toll-free Phone: 1-888-563-8266 | Email: info@netcomlearning.com Learn More Interested in training? Contact us! | www.netcomlearning.com |© 1998-2022 NetCom Learning (888) 563-8266 | comptia@netcomlearning.com

NetCom Individual Learner Subscription Get 24/7 access to unlimited virtual instructor-led and self-paced IT and business training for 12 months. NetCom+ includes over 250 e-Learning and 140 virtual instructor led courses across various domains. $2,999 per learner per year * Additional discounts available for enterprises + Learn More Interested in training? Contact us! | www.netcomlearning.com |© 1998-2022 NetCom Learning (888) 563-8266 | comptia@netcomlearning.com

A BOOK FROM RUSSELL SARDER CEO - NETCOM LEARNING Aframework to build asmarter workforce, adapt to change and drive growth. Download Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | comptia@netcomlearning.com© 1998-2022 NetCom Learning