CyberGuard Analytics Vulnerability Assessment Debrief

CyberGuard Analytics Vulnerability Assessment Debrief.

Agenda. Executive Summary Overall Compliance Status Vulnerabilities by Severity Level Recommendations High Vulnerabilities Moderate Vulnerabilities Low Vulnerabilities Observations/Conclusion Questions.

[Audio] TRex evaluated its Azure environment and found vulnerabilities in access controls, vulnerability management, and monitoring that put sensitive data at risk. Our team detected these issues using NIST, DISA STIGs, and tools such as Nessus over a period of time. Otherwise, TRex is at risk of breaches and non-compliance. Our suggestions will enhance security and minimize the risk in general..

[Audio] This dashboard displays the general DISA STIG compliance status of TRex. Although the organization partially complies, some controls are in place. Multiple unsuccessful and unfinished controls indicate a lack of security enforcement, which puts the chances of vulnerabilities exploitation at a higher risk. It is essential to address these gaps and enhance the overall security posture of the organization..

Vulnerabilities by Severity Levels. Total Number of Findings: 20 Critical Severity Vulnerabilities 1 High Severity Vulnerabilities 5 Moderate Severity Vulnerabilities 9 Low Severity Vulnerabilities 5.

[Audio] The High findings mostly concern weak authentication, and exposed administrative access. These present a high risk of exploitation and attack. Our recommendations include making sure strong authentication and administrative access controls are in place, and MFA is enabled. These can be done rapidly and will significantly decrease risk...

Recommendations: High Cont.. 2. Weak or Default Administrative Credentials Default or weak credentials pose a significant risk of gaining access to privilege accounts. Recommendation: Implement and enforce strong credential policies, remove default credentials, enable MFA and monitor for privileged account activity. Cisco Switches There were no High Findings..

[Audio] Issues rated medium point to misconfigurations that increase the attack surface and risk in the long run. These issues are not immediately critical, but should be resolved within 30-60 days to minimize risk and improve the security of the system..

Recommendations: Medium Cont.. Cisco Switches (2 Findings) 1. Insufficient Network Segmentation Failing to segment networks raises the risk of network and system spread in the event of a compromised system. Recommendation: Create security zones and control access to the zones. This will take planning and take up to 60 days. 2. Large Attack Surface in Discovered Hosts Having a large number of services and hosts exposed leads to a greater risk of outage and compromise. Recommendation: Minimize exposure by removing redundant services, using firewalls and constantly monitoring access. This should be resolved in 30-60 days..

[Audio] Low scores are associated with the information disclosure and small gaps in configuration. Although these problems do not create an urgent threat, the resolution will help to improve the general security stance and minimize the vulnerability to web-based and reconnaissance attacks...

Recommendations: Low Cont.. Cisco Access Point (1 Finding) 1. Lack of HTTP Security Headers. Web applications do not have standard security headers, which make it more vulnerable to attacks via the browser. Recommendation: Use best practices in HTTP security headers (e.g., HSTS, X-Frame-Options, Content Security Policy). This is an easy upgrade that can be accomplished in the regular update process. Cisco Switches Low Findings were none..

[Audio] Such priorities minimize business risk, enhance operational efficiency, and enhance the overall system security..

[Audio] Any questions?. OF estions? O&AL. q.