May 22, 2013

Integrating Network Topology Software with
Vulnerability and Exploit Data

In today's Whiteboard Wednesday, Ethan Goldstein will talk about how you can make your security programs more efficient and increase the ROI of security software purchases by integrating network topology software with vulnerability and exploit data.

If you currently use companies like Firemon, RedSeal, Solarwinds, and Skybox for network topology, you can integrate with Nexpose and Metasploit to see exactly how somebody can secure your private data without any false positives. This allows you to take care of the vulnerabilities that affect the most important systems on your network.

Read Video Transcript

Buenas tardes out there in TV land. Welcome to another fantastic edition of Whiteboard Wednesday. I'll be your host for today. My name is Ethan Goldstein, Security Engineer at Rapid7. I want to talk to you about network topology tools and how layering vulnerability and exploit data on top of them can increase the value to your security organization. There are a number of different network topology tools available in the space, including Red Seal, FireMon, and Skybox, just to name a few. Now, what network topologies do is they consume layer three data. This includes routers, switches, firewalls, and load balancers. And what they do is they consume the configuration files from these products, and they produce a nice graphical map, as we have so elegantly whiteboarded here. What this allows you to do is more graphically and proactively manage your firewall rules and the configurations of those layer three devices so now we're getting a deeper understanding of where there may be overlap, where there may be conflict, and overall see what your routing tables and your firewalls are actually allowing that you may or may not be aware of, and make changes more effectively.

But why would I layer vulnerability and exploit data on top of these tools? Well, the first thing is now we can understand what we call attack vectoring. So I can understand, first of all, as you can see here, where's my critical data? This may be a database if I'm an e-commerce company. This may be where I've stored some intellectual property or other financial information, depending on what type of organization I am. Now also, depending on where my security controls are layered, I may or may not be able to access this data from a particular subnet that might be out there.

So using this technology allows me to, first of all, understand the route and the path that might be able to be taken by an attacker. When we layer vulnerability data on top of that, now I can see that from Subnet A to Subnet B there is not only a valid path, but I understand the vulnerabilities on those systems.

Where it really comes alive is now adding exploit data to the equation. Now I have a validated attack path. Not only can I route, and there are vulnerabilities from Subnet A to Subnet B, but I validated that those can be exploited by some piece of code that I've tested using some piece of exploit code or other products that might be out there in the space.

Thirdly, I can now understand leapfrogging. Not only can I access data from Network A to Network B, but I may be able to hop around to other networks. And now you can understand much more clearly your zoning issues that you may have, meaning, well, I'm protected from Zone A to Zone B, but if someone were to go around and take a different path, they might be able to access that data and those systems in a way that I didn't anticipate.

So ultimately, what's the value that using this data brings, from an executive standpoint, or somebody who's actually cutting the check? Well, again, it shows the validated attack path. I know beyond the shadow of a doubt, false positive free, that there is a valid attack path to critical data, and I can be much more focused and prioritized when it comes to remediation. I understand the value of that remediation. I know that by fixing this issue or this set of issues, I'm maximizing that return on investment that I would get, rather than patching or making other configuration changes more arbitrarily, just based on limited amounts of data.

That's probably the most important takeaway here is that we're increasing the return on security investment, because we're really bringing more value to your investment in network topology tools. We're bringing more efficiency to your remediation and mitigation strategies, and overall, we're increasing the value that you're getting out of your security program.

I hope this was valuable. More than happy to answer any questions that you may have by reaching out to your local Rapid7 representative. And I hope you enjoyed it. See you next time.

Free Nexpose Download

Integrate vulnerability data from Nexpose with your topology software

Download Now