DBsec 80 Lesson 08 Risk Evaluation Management and Mitigation-r12

1、Lesson 1: Server and Service DiscoveryLesson 2: Database AuditingLesson 3: Agents and External SourcesLesson 4: Data Discovery & ClassificationLesson 5: Audit PoliciesLesson 6: Managing Audit DataLesson 7: Vulnerability AssessmentLesson 8: Risk Evaluation Management & Mitigation8.0 DB Security & Com

2、pliance AdministrationLesson 9: Database ProfilingLesson 10: Database SecurityLesson 11: Agents Monitoring RulesLesson 12: EnrichmentLesson 13:TuningLesson 14:User Rights ManagementLesson 15:Universal User TrackingLesson 8: Risk Evaluation, Management & MitigationLesson 8: ObjectivesGauge risk posed

3、 by vulnerabilities to your system using Risk ExplorerSchedule or run “Risk Score Update”After assessments have been run and vulnerabilities have been detected, use action buttons to manage them in the Vulnerability Management workbenchOnce you have an understanding of what the vulnerability entails

4、, assign an owner, mitigate the vulnerability by blocking it or conduct manual mitigationBulk mitigate a vulnerability on specific or multiple assetsApply a filter to view all mitigation policiesCVECommon Vulnerabilities and ExposuresInternational organizationMaintains up-to-date dictionary of publi

5、cly known information about security vulnerabilities and exposures.Industry StandardVulnerability:A mistake in software that can be directly used by a hacker to gain access to a system or network.Exposure:A system configuration issue or a mistake in software that allows access to information or capa

6、bilities that can be used as a stepping-stone into a system or network.CVE Web SiteWhat is Risk?Risk = (probability of event occurring) x (impact of event occurring) Risk ExplorerDAS and RiskDAS is a Risk Evaluation ToolMathematicalEmotionlessSchedulableRepeatableChartableComponentsExistence of sens

7、itive dataVulnerability scoreRisk = (Vulnerability Score) x (Sensitive Data Discovered)PII DataPII DataCC DataVulnerableCC DataServer 1Server 24 Steps for Risk AnalysisStep 1: Sensitive Data = Risk FactorStep 2: Vulnerabilities = Risk FactorStep 3: Schedule or Run “Risk Score Update”The risk score i

8、s calculated by default every nightUsing CVSS formulaRisk Explorer Data and Network ViewsRisk Explorer Drill DownQuick SearchItem infoData TypesRisk Explorer Drill DownGraphic ViewRisk TrendRisk Explorer Drill DownTable ViewVulnerability detailsVulnerability ManagementVulnerabilities: WorkbenchWorkb

9、ench: Column DescriptionsCVEID number as determined by the CVE Standard. Public hyperlink.TypeName of the vulnerability type associated with the CVE ID.Service Type of service on which the vulnerability is located.StatusStatus of the vulnerability. Open, Closed, or Excluded.PriorityManually assigned

10、 as Low, Medium, or High. Default: Medium.SeverityAutomatically assigned by CVE score as Low, Medium, or High.TrackingManual label as New, Assigned, Accepted, or Rejected.CreationFirst date vulnerability was detected.UpdatedDate some aspect of the vulnerability was last changed.Due DateDate set by m

11、anagement for completion of mitigation.#Number of observed events for this vulnerability Aggregated.AssetThe server on which the vulnerability was discovered.OwnerSecureSphere user who is responsible for this Vulnerability.Workbench: Action ButtonsWorkbench: Send ToVulnerability TabsSimplify with Fi

12、lteringFilteringDo not forget your toolsFiltering makes the unmanageable manageableFocus on your prioritiesUse the Risk ExplorerLocation maintained as filter in Vulnerability Management ScopeGraphs and Analysis ViewsVulnerability Management ViewsRisk ConsoleScope SelectionWorkbenchSummary ViewSelect

13、ion ViewsVulnerability Management: Summary ViewType Distribution ViewVulnerability Management: Selection ViewsRisk Mitigation: Time to Take ActionMitigation and Vulnerability ManagementTypes of available action:Remove rogue servers from environmentAdd discovered IPs and Ports to the Enforced IP conf

14、igurationAuditingSecurity PoliciesCorrect vulnerable misconfigurations discovered by AssessmentsAdd official patches discovered missing by AssessmentsUse Virtual Patching as a stop-gapVulnerabilities: Bulk Mitigation ExampleMitigateVulnerability mitigation frequently asked questions:Can I mitigate e

15、very vulnerability directly with SecureSphere?No, determine if mitigating action can be taken from the vulnerability description or recommended fixExample: Apply a patchExample: Remove DB users permissionsWhat does “Mitigate” do?Creates a Security Policy Type Mitigation PolicyBlock Adds a special policy with immed