Post on 11-Jan-2017
THE POTENTIAL FOR RISK IS HUGE
2
Sources: 1) AV Test2) National Vulnerability Database3) PwC, The Global State of Information Security® Survey 2015
Instances of malware have
almost doubled every year
since 2006 (1
On average 19 new
vulnerabilities emerge daily (2
In 2014, cyber attacks reached
117,339 per day 3)
YOUR COMPANY IS A TARGET
3
Sources: 1) Gartner2) HP 2015 Cyber Risk Report3) SANS Institute4) National Vulnerability Database
75% of attacks occur at the application
layer (1
86% of web applications have serious
security issues (2
52% of the issues are
long-known
Patch deployment is not immediate
(3
Third party applications amount to
80% ofvulnerabilities
(4
WHERE’S THE RISK?
4
1. Out-dated software
2. Misconfigured systems
3. Insecure web applications
Continuous vulnerability scanning
Strict vulnerability management processes
Cover all your assets: servers, desktops, printers, routers, etc.
HOW TO TACKLE IT?
© F-Secure Confidential5
MEET F-SECURE RADARA VULNERABILITY MANAGEMENT SOLUTION THAT GIVES YOU
THE TOOLS AND CONTROL TO MANAGE THE RISK
COMPLETE CONTROL OVER VULNERABILITY
MANAGEMENT
6
From automated scan scheduling to verification scans
Unlimited scans with one single license
Flexible API for integration with your ticketing systems
7
THIS IS F-SECURE
RADARDISCOVERY map network
assets
SCANsystems &
applications
MANAGEpriorities and assign system
owners
REPORTcustomizable
for technicians and executives
VERIFYrescan and
spot changes
8
GET SMARTER ANALYSIS Intuitive, browser based
graphical interface Instant information Sophisticated tools for
deeper analysis
STREAMLINE WORKFLOWS
Schedule automated vulnerability scans
Monitor vulnerabilities efficiently
GET THE BIG PICTURE
Map all your system assets
Get a total overview of the current security level
GET IN CONTROL
Assign, follow and manage security issues with your system administrators, software developers, testers, auditors and security team
BETTER EVERY TIME Continuously developed and
improved
Automatically updated
High quality vulnerability checks and scanning engines
GET REPORTS THE WAY YOU WANT THEM Customizable reports with
reliable benchmarking
In the format you need
9
Map your true attack surface, before someone else does
Measure yourself against PCI compliance
Improve your security measures with easy management
Get customized reports that fit your company’s needs
Scale and adapt F-Secure Radar to your needs
Use seamless API integration with 3rd party solutions
KEY BENEFITS TO YOU
F-SECURE RADAR SECURITY CENTER
12
Centralized reporting with uniform look and feel
Vulnerability management and ticketing system
API interface
Add vulnerabilities manually
Portal in English
F-Secure Radar
Security Center
F-SECURE RADAR DISCOVERY SCAN
13
Discovery Scan
A scanning process that maps your whole network and all its assets
A fast and reliable port scanner
Based on an asynchronous port scanning techniques
Fast host discovery mode (to be used on internal networks)
Supports service and operating system detection
Scan speed can be easily adjusted to suit your network capacity
F-SECURE RADAR SYSTEM SCAN
14
System Scan
Identifies vulnerabilities associated with configuration errors, improper patch
management, implementation oversights etc. A platform scanner - able to identify known vulnerabilities systems and software
Capable of scanning any network device that talks IP
Support authenticated scanning on Windows and Linux
Low number of false positive and false negative (high accuracy)
Constantly kept up-to-date based on Public vulnerability databases such as National
Vulnerability Database and others Vulnerabilities discovered by our security consultants
Certified as a PCI ASV scanning tool
A web application scanner - able to identify vulnerabilities in custom applications
Supports simple form-based authentication
Supports assisted crawling (aka. recordings)
Scalable to cover expanding needs
Certified PCI ASV scanning tool
F-SECURE RADARWEB SCAN
15
Web Scan
Tests for numerous web application vulnerabilities
Run scans from the cloud as a true SaaS with scan nodes within
the service
17
Run as an on-site solutionwhere everything is behind your
corporate firewall
F-SECURE RADAR CLOUD
F-SECURE RADAR PRIVATE
F-SECURE RADAR CLOUD
18
PUBLICLY AVAILABLE NETWORK
FIREWALL
F-SECURE RADAR SCAN NODE
WEB INTERFACE
LOCAL NETWORK
F-SECURE RADAR SCAN NODE
F-SECURE RADAR SECURITY CENTER
No limitations!
Accessible from anywhere
Always up-to-date
Unlimited scan nodes included
Tie our managed cyber security services together with your F-Secure Radar solution
F-SECURE RADAR PRIVATE
19
FIREWALL
F-SECURE RADAR SCAN NODE
LOCAl NETWORK
Store your data in-house
Deploy F-Secure Radar in isolated environments
Installed by F-Secure experts
Scan nodes support two-way communication
Initiated by scan node
Initiated by F-Secure Radar Security Centre
LOCAL ONSITE SOLUTIONS
WEB INTERFACE
Let experts run F-Secure Radar for you to get the best out of the solution
21
F-SECURE RADAR AS A SERVICE
22
Lacking the time or resources to manage your vulnerability management solution?
No time to review results?
No time to delegate vulnerabilities to be corrected?
No time to follow up, re-scan and verify corrections?
Missing the big overview?
What action plan / recommendations should be delivered to the management?
What do we need the most right now?
Lacking the internal knowledge how to drive a vulnerability scanning solution?
Not enough knowledge about the vulnerabilities?
Troubles configuring the scans in an optimal way?
Overwhelmed by all the findings?
Lacking the time or resources
No time to review results?
No time to delegate vulnerabilities to be corrected?
No time to follow up, re-scan and verify corrections?
Lacking the internal knowledge
Not enough knowledge about the vulnerabilities?
Troubles configuring the scans in an optimal way?
Overwhelmed by all the findings?
Missing the big overview
What action plan / recommendations should be delivered to the management?
What do we need the most right now?
COMMON CUSTOMER CHALLENGES
HOW IT WORKS?
23
F-Secure Radar license required
You define the scope and frequency
Experts will regularly (monthly)
Configure scans
Review scan results
Follow up on existing tickets
Assign new tickets to system owners
Deliver executive summary reports
Attend quarterly status meeting
25
Security & Risk Assessment
Security Advisory
Compliance & Security Improvement
Vulnerability Management
Training & Security Culture
End-Point Protection
E-Mail & Web Traffic Scanning
Central Security Management
Forensics
Incident Response
Security Monitoring & Alerting
PREDICT PREVENT
DETECTRESPOND
AN ELEMENT OF HOLISTIC CYBER SECURITY
F-Se
cure
R
adar
HIGHLY CUSTOMISABLE REPORTING CENTRE
26
Select and analyze subsets of scans
Create, save and edit custom reports
Flexible and editable report formats to suit your needs
Word and Excel reports
Traditional CSV or XML reports
Or access data using the F-Secure Radar API
Add notes to vulnerabilities
Change vulnerability state (Confirmed, Accepted risk, False positive..)
Add your own vulnerabilities
AN INTEGRAL PART OF YOUR PCI COMPLIANCE
PROGRAM
27
An approved PCI ASV scanning solution
Validate your compliance
Complement your Qualified Security Assessor (QSA)
Vulnerability scans performed according to the PCI requirements
Available for regular testing and for identifying newly discovered vulnerabilities
Reporting tools to deliver the associated scanning reports
DEVELOPED BY nSense
28
IN A ROW – BEST ENDPOINT PROTECTION
4 YEARS
NOW PART OF F-SECURE
A recognized European vendor in penetration testing, vulnerability
assessment, security consulting and training.A leading European cyber security specialist.
Developed by experts, based on years of experience in the field.
Flexible development together with customers.
29
Lacking the time or resources to manage your vulnerability management solution?
No time to review results?
No time to delegate vulnerabilities to be corrected?
No time to follow up, re-scan and verify corrections?
Missing the big overview?
What action plan / recommendations should be delivered to the management?
What do we need the most right now?
Lacking the internal knowledge how to drive a vulnerability scanning solution?
Not enough knowledge about the vulnerabilities?
Troubles configuring the scans in an optimal way?
Overwhelmed by all the findings?
SIMPLEPRICING MODEL
Benefits
Unlimited number of scan nodes
Unlimited number of scans against your licensed systems
Unlimited number of user accounts
No scanning restrictions
Benefits
No feature limitations
Access to all scanning engines
Access to Karhu API
No hidden costs
Pricing
Based on the number of hosts/IPs scanned for vulnerabilities
License starts at min. 100 IPs
Choose monthly or yearly billing
Volume discounts