Building a Business Case for Credentialed Vulnerability

Scanning

2

OutlineWhy are we here?

What is Deep Reflex Testing (DRT) How do we configure DRT DRT Benefits

3

What is DRT?Authenticated, Credentialed, DRT?

Tripwire IP360 DRT – Deep Reflex Testing Alternate Terms: Credentialed, Authenticated, Local Credential Types:

Windows

SSH Key

SSH

SNMPv1/v2

Web – Form

Web - HTTP

4

DRT SpecificsWhat can you access?

SSH-DRT Full CLI

Windows DRT Registry

File System

Partial WMI

SNMP Cisco IOS

Versions

sysDescr

Web - Form Basic HTML Forms

Forms Require one text and one password input

Web - HTTP HTTP Based

Authentication

» Basic, Digest, & NTLM

5

VERT Insider Tip #1Additional Credential Capabilities

Added by VERT for Testing Not officially supported Configured and stored in plaintext Redis and IPMI supported Configuration

Discover

Networks

Configuration

<network>

Virtual Hosts

6

Configuration OptionsHow do you configure DRT?

Credential Configuration Individual Credential Configurations

7

Credential ConfigurationAdding Credentials

8

Windows Authentication

9

SSH-DRT Key-Based Authentication

10

SSH-DRT Password Authentication

11

SNMP Authentication

12

Web – Form Authentication

13

Web – HTTP Authentication

14

VERT Insider Tip #2Missing Required Field Indicator

15

Network BindingDiscovery -> Credentials Management

16

Scan Profile OptionsWhat control do you have?

Special Note Scan Profile -> Basic Scan Profile -> Advanced

17

Special NoteTo Authenticate or Not

You can run unauthenticated scans. These provide a remote view of the host. You cannot run authenticated scans only. The unauthenticated portion of the scan

always run.

18

Scan Profile – Basic TabEnabling Credentials

19

Scan Profile – Advanced TabCommon Mistake

20

Benefits of DRTWhy enable credentials?

DRT by the Numbers DRT Accuracy DRT Automation

21

DRT By the NumbersFinding Value in the Numbers

CVEs Covered Remotely: 4176 Windows DRT CVEs: 9712 SSH-DRT CVEs: 17,121 SNMP CVEs: 432

Total CVE Coverage (Remote Only): 4176 Total CVE Coverage (with Credentials): 24,288

Coverage Gain: ~20,000 CVEs

22

DRT AccuracyIs DRT Better?

DRT Rules have direct access to the system. File version comparison

Direct Package Manager queries

Remote Rules require service interrogation Non-Invasive Remote detection can be difficult

Often the remote service looks like an older version due to source patching

» This can lead to Remote scanning false positive issues

23

DRT AutomationTime to Delivery

Development time for DRT detection is greatly reduced. Linux Coverage is Delivered Weekly

Coverage is generated for: RHEL, Fedora, CentOS, SUSE, OEL, Debian, and Ubuntu

24 Hour Patch Tuesday SLA Full DRT Windows Coverage within 24 hours of Bulletin Release

Many other local platforms are automated for rapid delivery OS X

Java

Mozilla Firefox / Thunderbird

Google Chrome

Adobe Flash

24

Wrap UpPutting it all Together

Tripwire IP360 makes credential configuration easy. 500% coverage increase when using DRT across your environment.

tripwire.com | @TripwireInc

Thank you!