SlideShare una empresa de Scribd logo

Threat Exposure Management - Reduce your Risk of a Breach

Descargar como PPTX, PDF
Rahul Neel Mani
Rahul Neel Mani

Yogesh Kulkarni, Pre-Sales India & SAARC, Rapid7

Tecnología
1 de 24
ENGINEERING BETTER SECURITY SECURITY DATA & ANALYTICS Presenter:- Yogesh Kulkarni Sales Engineer, SAARC OSCP, Rapid7 Nexpose & Metasploit Pro certified, GCIH, CEH, CHFI & ECSA
Confidential and Proprietary 2 Delivering Security Data & Analytics that revolutionize the practice of cyber security 37% Fortune 1000 5,100+ Customers 800+ Employees 99 Countries NASDAQ: RPD
By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 20% in 2015. - Gartner: “Shift Cybersecurity Investment to Detection,” dated 7 January 2016 Massive Shift to Risk-Based Approach to Security Prevention-Based Security “Block and Protect” OLD MODEL: Risk-Based Security NEW MODEL: Prevention Detection Correction Correction Detection Data & Analytics Prevention Confidential and Proprietary 3
TECHNOLOGY PLATFORM & PRODUCTS
Effective Vulnerability Management for Today’s Threats NEXPOSE
Industry recognition Confidential and Proprietary 6 Rapid7 Selected by SANS Community as Best Vulnerability Assessment Solution https://www.sans.org/press/announcement/2015/03/30/1
Nexpose Vulnerability Management Confidential and Proprietary 7 Know Your Network • Security assessment for the modern network • Identify what’s important to your business • Use attacker mindset to find weaknesses Manage Risk Effectively • Use critical threat awareness from Metasploit • Prioritize business risks that matter • Create concise actionable remediation plans Simplify Your Compliance • Perform fast, unified security & compliance assessment • Automate workflows • Leverage built-in Audit & PCI report templates
Flexible and Scalable Architecture Multiple deployment options Agentless scanning Scale with scan engines OpenAPI™ for integrations Enterprise Architecture
Why Nexpose? 9 Confidential and Proprietary • Advanced remediation reports, Built-in actionable report templates, dynamic asset group/ vulnerability filtering, and customizable report templates • Scan logs available beyond scan reports • largest vulnerability and best exploitation knowledge (having 200000 community members) • Unlimited and free scan engines • Flexible deployment, Deploy as standalone solution as software, virtual appliance, or cloud • Risk rating available between 0-1000 (risk score Patented by Rapid7) • Single modules & interfaces for Infra vulnerability, compliance scanning, Data base scanning & basic web app security testing • Multiple pre-built user roles and granular permission customization • Two-tier support model allows first engineer to resolve case without escalation • Vulnerability correlation & validation out of the box
Test Your Defenses More Efficiently METASPLOIT PRO
Test Your Defenses More Efficiently 11 Phishing Simulation • Manage phishing awareness to reduce user risk • Use for user education or as part of a penetration test Vulnerability Validation • Validate vulnerabilities to demonstrate risk • Close-loop integration with Nexpose for remediation Penetration Testing • Simulate a real-world attack to test your defenses • Conduct penetration tests 45% faster Confidential and Proprietary
Why Metasploit Pro Conduct penetration tests 45% faster Validate vulnerabilites to prioritize remediation Manage phishing awareness to reduce user risk Metasploit Pro is an efficient, scalable way to test your defenses.
Effective WEB APPLICATION Vulnerability Management APPSPIDER
AppSpider Industry Recognition Confidential and Proprietary 14
AppSpider Pro AppSpider Enterprise AppSpider Enterprise OnDemand AppSpider Editions
Why AppSpider? Confidential and Proprietary 17 • AppSpider assess all of the advanced formats including: • Rich Internet Applications (RIA): – AJAX-JSON (JQuery), AJAX-REST, AJAX-GWT • Web Services (includes mobile interfaces): – Web Services (REST, SOAP with or without WSDL, XML, RPC), Flash Remoting – AMF, Mobile JSON, Mobile REST • Complex workflows: – CSRF/XSRF, Workflow/sequences (eg. Shopping carts) • AppSPider provides Compliance testing Certifications: • PCI, SOX, HIPAA, OWASP, DISA-STIG, GLBA, FISMA, CWESANS  Accuracy  Vulnerability validation  non-destructive scans
Effectively Detect and Investigate User-Based Attacks
Confidential and Proprietary 19 From Compromise to Containment — Fast! Speed Investigations Contextual Investigations Endpoint Forensics Enterprise Search Cut Through the Noise Behavioral Analytics Detection Traps Alerting End Data Drudgery Log, Machine and User Data Attribution Compliance Reporting
Detect and Investigate User-Based Attacks 20 DETECT Effective Detection of Attacks • Detect attacker’s entry and lateral movement in the network • Detection with no overhead: automatic detection without the need to build and maintain rules INVESTIGATE Fast Incident Investigation • Rapid investigation of impacted users • Quickly define “who else is impacted” • Easily triage significant events DISCOVER Simple Discovery of User Risk • Discover user behavior across on premise, cloud and mobile environments • Discover policy violations • Track all administrator activity • Discover user behavior in provisioned cloud services
21Confidential and Proprietary New to InsightUBA
Why Insight? Confidential and Proprietary 22 • User activities behavioral base monitoring:- FIND THE ATTACKS YOU'RE MISSING • Detect Attacks & Known malwares (irrespective of your antivirus) Automatically • Investigate Quickly • Detect compromised credentials across your entire ecosystem • Spot lateral movement, a common attacker method • Get endpoint visibility without "yet another agent“ • Stop wasting time writing rules
THANK YOU Yogesh Kulkarni Sales Engineer Yogesh_Kulkarni@rapid7.com
Rapid7 Solutions at Glance Confidential and Proprietary 24 THREAT EXPOSURE MANAGEMENT User Risk Management > Assess risk based on vulnerabilities, configurations > Asset discovery > Vulnerability Validation > Prioritized remediation > Compliance reporting > Operationalize offensive security > Automate penetration testing > Verify controls effectiveness > Test exposure to phishing > Audit web applications > Visibility into user risk across on premise, mobile & cloud > Detect compromised users > Monitor risky behavior > Fast incident response > Mobile risk management > Vulnerability detection accuracy > Breadth of coverage > Integration and Correlation > Ability to test apps at scale > Compliance reporting

Recomendados

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC) Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC)
BGA Cyber Security
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 

Recomendados

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC) Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC)
BGA Cyber Security
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdrive
accenture
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
How to Sell Security to Your CIO
How to Sell Security to Your CIOHow to Sell Security to Your CIO
How to Sell Security to Your CIO
Rapid7
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 

Más contenido relacionado

La actualidad más candente

Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 

La actualidad más candente (20)

Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Application Security
Application SecurityApplication Security
Application Security
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Incident response
Incident responseIncident response
Incident response
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdrive
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 

Destacado

LicensingScopeAndBoundaries
LicensingScopeAndBoundariesLicensingScopeAndBoundaries
LicensingScopeAndBoundaries
William Francis
 
Education webinar april 2012
Education webinar april 2012Education webinar april 2012
Education webinar april 2012
Infoblox
 
Wp ipam infoblox
Wp ipam infobloxWp ipam infoblox
Wp ipam infoblox
islamet
 
Network automation seminar
Network automation seminarNetwork automation seminar
Network automation seminar
patmisasi
 
Uberflip and Infer –  Predictive analytics: A Content Marketers Secret Weapon
Uberflip and Infer –  Predictive analytics: A Content Marketers Secret WeaponUberflip and Infer –  Predictive analytics: A Content Marketers Secret Weapon
Uberflip and Infer –  Predictive analytics: A Content Marketers Secret Weapon
Infer
 

Destacado (20)

How to Sell Security to Your CIO
How to Sell Security to Your CIOHow to Sell Security to Your CIO
How to Sell Security to Your CIO
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
MassTLC summit_amacleod_predictiveanalytics
MassTLC summit_amacleod_predictiveanalyticsMassTLC summit_amacleod_predictiveanalytics
MassTLC summit_amacleod_predictiveanalytics
 
Maceo Wattley Contributor Infosec
Maceo Wattley Contributor InfosecMaceo Wattley Contributor Infosec
Maceo Wattley Contributor Infosec
 
Bmit meet theexperts_2013
Bmit meet theexperts_2013Bmit meet theexperts_2013
Bmit meet theexperts_2013
 
Workgroup Issues
Workgroup IssuesWorkgroup Issues
Workgroup Issues
 
LicensingScopeAndBoundaries
LicensingScopeAndBoundariesLicensingScopeAndBoundaries
LicensingScopeAndBoundaries
 
Education webinar april 2012
Education webinar april 2012Education webinar april 2012
Education webinar april 2012
 
Wp ipam infoblox
Wp ipam infobloxWp ipam infoblox
Wp ipam infoblox
 
Network automation seminar
Network automation seminarNetwork automation seminar
Network automation seminar
 
Long Infoblox
Long InfobloxLong Infoblox
Long Infoblox
 
Ipadd mngt
Ipadd mngtIpadd mngt
Ipadd mngt
 
Cyber crime v3
Cyber crime v3Cyber crime v3
Cyber crime v3
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
 
DNS, DHCP & IPAM with IPv6
DNS, DHCP & IPAM with IPv6DNS, DHCP & IPAM with IPv6
DNS, DHCP & IPAM with IPv6
 
Uberflip and Infer –  Predictive analytics: A Content Marketers Secret Weapon
Uberflip and Infer –  Predictive analytics: A Content Marketers Secret WeaponUberflip and Infer –  Predictive analytics: A Content Marketers Secret Weapon
Uberflip and Infer –  Predictive analytics: A Content Marketers Secret Weapon
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 

Similar a Threat Exposure Management - Reduce your Risk of a Breach

Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 

Similar a Threat Exposure Management - Reduce your Risk of a Breach (20)

Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
FRSecure 2018 CISSP Mentor Program Session 10
FRSecure 2018 CISSP Mentor Program Session 10FRSecure 2018 CISSP Mentor Program Session 10
FRSecure 2018 CISSP Mentor Program Session 10
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 

Más de Rahul Neel Mani

Más de Rahul Neel Mani (20)

7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
 
TweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeTweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital Initiative
 
Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017
 
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
 
CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 CIO Productivity Conclave 2017
CIO Productivity Conclave 2017
 
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
 
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
 
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 
Cyber Crime Management
Cyber Crime ManagementCyber Crime Management
Cyber Crime Management
 
ABC of Infosec
ABC of InfosecABC of Infosec
ABC of Infosec
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security Fabric
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
CIO Productivity Conclave 2016
CIO Productivity Conclave 2016CIO Productivity Conclave 2016
CIO Productivity Conclave 2016
 
Take Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarTake Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva Kumar
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Threat Exposure Management - Reduce your Risk of a Breach

  • 1. ENGINEERING BETTER SECURITY SECURITY DATA & ANALYTICS Presenter:- Yogesh Kulkarni Sales Engineer, SAARC OSCP, Rapid7 Nexpose & Metasploit Pro certified, GCIH, CEH, CHFI & ECSA
  • 2. Confidential and Proprietary 2 Delivering Security Data & Analytics that revolutionize the practice of cyber security 37% Fortune 1000 5,100+ Customers 800+ Employees 99 Countries NASDAQ: RPD
  • 3. By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 20% in 2015. - Gartner: “Shift Cybersecurity Investment to Detection,” dated 7 January 2016 Massive Shift to Risk-Based Approach to Security Prevention-Based Security “Block and Protect” OLD MODEL: Risk-Based Security NEW MODEL: Prevention Detection Correction Correction Detection Data & Analytics Prevention Confidential and Proprietary 3
  • 5. Effective Vulnerability Management for Today’s Threats NEXPOSE
  • 6. Industry recognition Confidential and Proprietary 6 Rapid7 Selected by SANS Community as Best Vulnerability Assessment Solution https://www.sans.org/press/announcement/2015/03/30/1
  • 7. Nexpose Vulnerability Management Confidential and Proprietary 7 Know Your Network • Security assessment for the modern network • Identify what’s important to your business • Use attacker mindset to find weaknesses Manage Risk Effectively • Use critical threat awareness from Metasploit • Prioritize business risks that matter • Create concise actionable remediation plans Simplify Your Compliance • Perform fast, unified security & compliance assessment • Automate workflows • Leverage built-in Audit & PCI report templates
  • 8. Flexible and Scalable Architecture Multiple deployment options Agentless scanning Scale with scan engines OpenAPI™ for integrations Enterprise Architecture
  • 9. Why Nexpose? 9 Confidential and Proprietary • Advanced remediation reports, Built-in actionable report templates, dynamic asset group/ vulnerability filtering, and customizable report templates • Scan logs available beyond scan reports • largest vulnerability and best exploitation knowledge (having 200000 community members) • Unlimited and free scan engines • Flexible deployment, Deploy as standalone solution as software, virtual appliance, or cloud • Risk rating available between 0-1000 (risk score Patented by Rapid7) • Single modules & interfaces for Infra vulnerability, compliance scanning, Data base scanning & basic web app security testing • Multiple pre-built user roles and granular permission customization • Two-tier support model allows first engineer to resolve case without escalation • Vulnerability correlation & validation out of the box
  • 10. Test Your Defenses More Efficiently METASPLOIT PRO
  • 11. Test Your Defenses More Efficiently 11 Phishing Simulation • Manage phishing awareness to reduce user risk • Use for user education or as part of a penetration test Vulnerability Validation • Validate vulnerabilities to demonstrate risk • Close-loop integration with Nexpose for remediation Penetration Testing • Simulate a real-world attack to test your defenses • Conduct penetration tests 45% faster Confidential and Proprietary
  • 12. Why Metasploit Pro Conduct penetration tests 45% faster Validate vulnerabilites to prioritize remediation Manage phishing awareness to reduce user risk Metasploit Pro is an efficient, scalable way to test your defenses.
  • 13. Effective WEB APPLICATION Vulnerability Management APPSPIDER
  • 15.
  • 17. Why AppSpider? Confidential and Proprietary 17 • AppSpider assess all of the advanced formats including: • Rich Internet Applications (RIA): – AJAX-JSON (JQuery), AJAX-REST, AJAX-GWT • Web Services (includes mobile interfaces): – Web Services (REST, SOAP with or without WSDL, XML, RPC), Flash Remoting – AMF, Mobile JSON, Mobile REST • Complex workflows: – CSRF/XSRF, Workflow/sequences (eg. Shopping carts) • AppSPider provides Compliance testing Certifications: • PCI, SOX, HIPAA, OWASP, DISA-STIG, GLBA, FISMA, CWESANS  Accuracy  Vulnerability validation  non-destructive scans
  • 18. Effectively Detect and Investigate User-Based Attacks
  • 19. Confidential and Proprietary 19 From Compromise to Containment — Fast! Speed Investigations Contextual Investigations Endpoint Forensics Enterprise Search Cut Through the Noise Behavioral Analytics Detection Traps Alerting End Data Drudgery Log, Machine and User Data Attribution Compliance Reporting
  • 20. Detect and Investigate User-Based Attacks 20 DETECT Effective Detection of Attacks • Detect attacker’s entry and lateral movement in the network • Detection with no overhead: automatic detection without the need to build and maintain rules INVESTIGATE Fast Incident Investigation • Rapid investigation of impacted users • Quickly define “who else is impacted” • Easily triage significant events DISCOVER Simple Discovery of User Risk • Discover user behavior across on premise, cloud and mobile environments • Discover policy violations • Track all administrator activity • Discover user behavior in provisioned cloud services
  • 22. Why Insight? Confidential and Proprietary 22 • User activities behavioral base monitoring:- FIND THE ATTACKS YOU'RE MISSING • Detect Attacks & Known malwares (irrespective of your antivirus) Automatically • Investigate Quickly • Detect compromised credentials across your entire ecosystem • Spot lateral movement, a common attacker method • Get endpoint visibility without "yet another agent“ • Stop wasting time writing rules
  • 23. THANK YOU Yogesh Kulkarni Sales Engineer Yogesh_Kulkarni@rapid7.com
  • 24. Rapid7 Solutions at Glance Confidential and Proprietary 24 THREAT EXPOSURE MANAGEMENT User Risk Management > Assess risk based on vulnerabilities, configurations > Asset discovery > Vulnerability Validation > Prioritized remediation > Compliance reporting > Operationalize offensive security > Automate penetration testing > Verify controls effectiveness > Test exposure to phishing > Audit web applications > Visibility into user risk across on premise, mobile & cloud > Detect compromised users > Monitor risky behavior > Fast incident response > Mobile risk management > Vulnerability detection accuracy > Breadth of coverage > Integration and Correlation > Ability to test apps at scale > Compliance reporting