MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES THE INTRO

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES

THE INTRO

WHAT’S THE PROBLEM? Managing vulnerabilities proactively is more important than ever The volume of compromises is increasing 54% more investigations conducted in 2013 (vs. 2012) Breaches are costly $5. 85 million on average in 2013 (US) Attackers are diversifying their targets 33% increase in theft of non-payment card data Attackers are more sophisticated 71% of victims don’t detect a breach on their own; self-detection takes 3 months Apps in particular are highly vulnerable 96% of applications harbor at least one serious vulnerability Data sources: Trustwave Global Security Report 2014; Ponemon Institute 2014 Cost of Data Breach Study

QUESTIONS OUR CUSTOMERS ASK About managing vulnerabilities and risk… What’s on my network? Where am I weak or vulnerable? How do I know if I’m being targeted? How do I prioritize? What can wait? How can I get the most out of my program?

WHAT WE OFFER TA B DA MANAGED SCANNING S RK DISCOVER POTENTIAL WEAKNESSES ACROSS ALL ASSETS PENETRATION TESTING WO ASSESS BUSINESS RISK ON MISSION CRITICAL ASSETS NET AS ES A programmatic approach to vulnerability management SELF-SERVICE SCANNING APPLICATIONS

THE POWER OF TESTING 1 DIRECTORY TRAVERSAL Directory Traversal (CVE-2013 -0629) CVSS score=4. 3 (medium) Many businesses might ignore due to its relatively low score ATTACKER INTERNET View Arbitrary Files Finds Admin Password for Cold Fusion COMPANY WEBSITE Built on Adobe Cold Fusion 4 DATA EXFILTRATION 2 3 DATABASE Access to Internal Network As Domain Admin ESCALATE & GRAB STORED CREDENTIALS LEVERAGE STOLEN CREDENTIALS FOR VPN ACCESS Yields Domain Admin Credentials CORPORATE SSL VPN

OUR SCANNING & TESTING PORTFOLIO Flexible options based on your needs Self-Service Scanning Managed Scanning Penetration Testing • Cloud-based • Scans managed by Trustwave experts • Validated results and reports • Augment your team and minimize false positives 4 Tiers of Testing based on your requirements • Schedule and manage scans on demand • Work from a full list of results generated by our tools • Basic: Attacks most commonly exploitable vulnerabilities • Opportunistic: Includes attack chaining; limited to a list of targets. • Targeted: Targets systems w/ critical data, unrestricted scope • Advanced: Full attack simulation: custom exploits and social engineering

WHY CHOOSE TRUSTWAVE? One vendor. One platform. All your assets. 1 Broadest Coverage – Networks – Applications – Databases 2 3 – Choose from full suite of services – Add technologies to address gaps – Proactive breach detection and IR Budget Friendly Most Flexibility – Cloud, managed, licensed options – Centralized dashboard view of status – “Flex Spending Account” model Maximum Control 4 – Maximize budget with a single vendor – Easy to adjust allocations – Simplifies planning and management

THE BIG PICTURE

THE BIG PICTURE Some assets Deeper analysis Identify unknown gaps DISCOVER & SCORE • • • All assets Proactive discovery Automated/scalable Security Solutions Penetration Testing S • • • TA TEST & VALIDATE DA Where necessary Fix flaws Fill gaps RK WO • • • NET MITIGATE & PROTECT BA SES Scanning and testing are the beginning, not the end. Scanning (Cloud and Managed) APPLICATIONS

REAL-WORLD EXAMPLE 1 DIRECTORY TRAVERSAL Web Application Firewall can DLP can stop critical or ATTACKER unauthorized data from leaving your environment 4 provide persistent protection, and is View informed by Arbitrary Files scan results INTERNET COMPANY WEBSITE Finds Admin Password for Cold Fusion Built on Adobe Cold Fusion DATA EXFILTRATION IDS/IPS can detect and stop escalation 2 ESCALATE & GRAB STORED CREDENTIALS DB Security DATABASE can eliminate unauthorized access & monitoring or blocking of inappropriate requests Access to Internal Network As Domain Admin 3 2 -Factor AUTH adds stronger access control at the VPN Yields Domain Admin Credentials LEVERAGE STOLEN CREDENTIALS FOR VPN ACCESS CORPORATE SSL VPN

THANK YOU QUESTIONS PLEASE