Measure What You FIx: Asset Risk Management Done Right
0 likes852 views
The document discusses improving how organizations measure and prioritize the vulnerabilities they remediate. It proposes moving beyond simple CVSS scores and counting vulnerabilities to developing a model that estimates the likelihood of a vulnerability being breached based on factors like whether it has been actively breached before, has a Metasploit module, entry in ExploitDB, or targets a popular system. This model would allow organizations to focus remediation on the riskiest vulnerabilities first and provide a risk score for each asset based on its highest risk vulnerability. The document criticizes current remediation metrics and aims to help organizations optimize security based on actual data about risk.
Measure What You FIx: Asset Risk Management Done Right
- 1. Measure What You Fix: ! Asset Management Is Broken
- 2. Michael Roytman Data Scientist, Risk I/O
- 3. It is far better to grasp the universe as it really is than to persist in delusion, however satisfying and reassuring. - Carl Sagan
- 4. Risk = More Can Happen Than Will.
- 5. 2. CVSS Score Reduction Bad Remediation Metrics 1. Vulnerability Density
- 6. Part 1: ! Fix What Matters
- 7. I Love It When You Call Me Big Data 50,000,000 Live Vulnerabilities 1,500,000 Assets 2,000 Organizations
- 8. I Love It When You Call Me Big Data 3,000,000 Breaches
- 9. Probability A Vuln Having Property X Has Observed Breaches RANDOMVULN CVSS 10 CVSS 9 CVSS 8 CVSS 6 CVSS 7 CVSS 5 CVSS 4 Has Patch 0.000 0.010 0.020 0.030 0.040
- 10. Probability A Vuln Having Property X Has Observed Breaches RandomVuln CVSS 10 Exploit DB Metasploit MSP+EDB 0.0 0.1 0.2 0.2 0.3
- 11. Part 2: ! Measure What You Fix
- 13. #DoingItWrong
- 14. Jet Engine x Peanut Butter SHINY!= Current State of Remediation Performance Tracking
- 15. Where We Want To Be
- 17. Data 1.Active Breaches ! 2.Metasploit Module ! 3. ExploitDB Entry ! 4. Popular Target
- 19. Framework Estimate likelihood of breach event for each vulnerability.
- 20. Framework An asset is only as safe as the riskiest vulnerability on that asset.
- 22. Model Actively Breached Meta sploit Exploit DB Popular Target Vuln Breached In The Wild? Metasploit Module Exists? ExploitDB Entry? Popular Target? Less Risky
- 24. Better?
- 29. Where Were Going, We Dont Need Peanut Butter
- 30. Where Were Going, We Dont Need Peanut Butter
- 31. An Engine Not A Camera