Educational Brief Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage of sophisticated and targeted attacks that can go undetected for months, it no wonder that IT security professionals are actively searching for ways to combat these threats. Perpetrators of Advanced Persistent Threats or APTs are patient and determined. If there is a security gap (and every network has one) they will find it. But, there are steps you can take to significantly lower the risk of attack or focus your limited IT security resources to pinpoint suspicious activities. Know Your Network - Complex networks are hard to keep track of and strained budgets mean that too few people have the correct tools to completely understand their network. With Skybox you can model your entire network infrastructure and visualize your security topology. You might find a collection of unapproved devices, a wireless network that isn’t supposed to exist or an access path from the internet to an important asset that shouldn’t be accessible. How do you defend a network if you aren’t sure what it looks like? Additionally, it’s easier to sell upper management on the need for additional resources when they can visually see the complete picture. Automate - If you’re still trying to manage your network security manually, stop. A CISO from a large organization recently reported that their security team was being “nickel and dimed to death”, with tons of time spent reviewing growing sets of firewall rules and sifting through endless vulnerability reports. Many daily security activities start with tasks that can be automated – data collection, correlation, analysis, alerting, reporting. Automate the time-consuming (but necessary) tasks, and precious security expertise can be applied better elsewhere. Be Proactive Addressing Known Security Holes - While an APT using a zero-day vulnerability can be frightening, In ComputerWeekly.com security expert, Ionut Ionescu, noted “they [APT attackers] used not only attack vectors specific to sometimes obscure equipment, but also attack vectors against well-known, publicised and patchable vulnerabilities.” Close the open doors and windows quickly, and you’ll lower the chance and exposure window of a potential attack. Tools such as Skybox Risk Control can find and prioritise ‘exploitable vulnerabilities’ based on a combination of vulnerability scan data, threat information, and a view of the asset information. The tool then provides you with a prioritised, actionable list of the most critical issues to address first. Risk reduction also requires continuous monitoring and determined effort. Whether you are concerned about APTs or just fighting garden-variety malware and cyber criminals, you can put into place the tools and processes that will make it easier to conduct daily, systematic, and measurable risk reduction. 1 www.skyboxsecurity.com Skybox View Platform Suite Skybox Solutions The Skybox View Enterprise Suite is a set of tools that give IT security and operations managers a better view of their network, so they can find and address network security, compliance, and availability risks – within minutes. Each of these tools is built on the Skybox View Platform, providing a common platform for data collection, modeling & simulation, and reporting. Skybox® Firewall Assurance Firewall Assurance allows IT operations or security managers to assess their firewall compliance status in a fraction of the time of manual audits. It automates steps in the compliance process, predicts the impact of planned network changes, and helps the IT team avoid mis-configurations that could result in security or compliance exposures. Skybox® Change Manager Skybox Change Manager adds complete automated change workflow capabilities to Skybox Firewall Assurance. Change Manager allows firewall administrators to continuously monitor and centrally manage all firewall change requests for complete pre and post change functionality. Skybox® Network Assurance Network Assurance creates a model of the network topology and analyzes the interactions between all network devices (routers, firewalls, load balancers, etc.). It enables an accurate balancing between the security and availability requirements of the network, and quickly find root causes of actual or potential network outages. Skybox® Risk Control Risk Control automatically collects and correlates vulnerability scan data with information about network topology, device settings, asset values and known threats. With Risk Control network security teams can avoid manual risk analysis, eliminate unnecessary patching, simulate responses to cyber attacks, and respond quickly to new cyber threats. European Office UK, Central Europe, France & Belgium Skybox Security UK Ltd 55 Old Broad Street London EC2M 1RX Headquarters Office Skybox Security, Inc. 2099 Gateway Place, Suite 450 San Jose, California 95110 USA Copyright © 2011 Skybox Security, Inc. All rights reserved. Skybox and Skybox View are trademarks of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 2 www.skyboxsecurity.com