survival of the fittest: how to build a cyber resilient organization
TRANSCRIPT
Survival of the FittestHow to Build a Cyber Resilient Organization
Guest Speaker, Jeff PollardForrester, Principal Analyst
David MeltzerTripwire, Chief Technology Officer
© 2016 Forrester Research, Inc. Reproduction Prohibited 2
Agenda
›Cutting Bloat In Security Operations›Challenged By Moving To The Cloud›Eliminating Our Operational Blind Spots›Developing New Strategic Plans For Resilience
© 2016 Forrester Research, Inc. Reproduction Prohibited 3
Cutting Bloat In Security Operations
© 2016 Forrester Research, Inc. Reproduction Prohibited 4
Interesting, but uncontrollable
© 2016 Forrester Research, Inc. Reproduction Prohibited 5
Internal focus matters more than external focus
Source: Forrester Research “Hunting Insider Threats” report
© 2016 Forrester Research, Inc. Reproduction Prohibited 6
Challenged By Moving To The Cloud
© 2016 Forrester Research, Inc. Reproduction Prohibited 7
X-aaS vs. On-Premise Introduces Variables
Source: Forrester Research “Cloud Service Provider Categories Are Shifting: Here's Your Guide” report
© 2016 Forrester Research, Inc. Reproduction Prohibited 8
Eliminating Our Operational Blind Spots
© 2016 Forrester Research, Inc. Reproduction Prohibited 9
Figure out if its real
Alert
TrueNetwork
Endpoint
False Close
© 2016 Forrester Research, Inc. Reproduction Prohibited 10
Ask questions based on source
Alert
TrueNetwork
Endpoint
False Close
© 2016 Forrester Research, Inc. Reproduction Prohibited 11
Record artifacts
Alert
True
NetworkIP
URL
Endpoint
Hash
DeliveryFalse Close
© 2016 Forrester Research, Inc. Reproduction Prohibited 12
Enrich contextually
Alert
True
Network
IP
External Intel
Internal Intel
URLReputation
Other Visits
Endpoint
HashVT, etc
Other Cases?
Delivery
Other Visitors?
Other Targets?
False Close
© 2016 Forrester Research, Inc. Reproduction Prohibited 13
Content management and Workflow problem
Alert
True
Network
IP
External Intel
Internal Intel
URLReputation
Other Visits
Endpoint
HashVT, etc
Other Cases?
Delivery
Other Visitors?
Other Targets?
False Close
Tool 1
Tool 2
Tool 3
Tool 4
Tool 5
Tool 6
© 2016 Forrester Research, Inc. Reproduction Prohibited 14
16GB of RAM is plenty for all these Tabs
Each item discovered leads to:A different technologyA different skillset
Team’s forced to drive technology:Not drive an investigationNot analyze and cross-reference
© 2016 Forrester Research, Inc. Reproduction Prohibited 15
Developing New Strategic Plans For Resilience
© 2016 Forrester Research, Inc. Reproduction Prohibited 16
Good things happening
“Real” REST API’s for security tech (with actual documentation)
Security NEEDS Detect, Protect, and Respond – not pick one of three
Increased demand leading to more opportunities, more training, more skills
How do you manage today’s technology landscape?
• Myriad devices and applications, on premise and in the cloud• Growing number of assets to protect across the organization• Systems are constantly changing
Firewalls
Network Devices
Workstations
Cloud
ApplicationsDatabases
VirtualSystems
FileSystems
• Foundational controls for security, compliance and IT operations
• Stable, growing public company in a chaotic industry
• Trusted by over half the Fortune 500 since 1997
Tripwire the leader in Policy & Compliance Security
1000s of successfulcustomerdeployments
20M Criticalassetscovered globally
20
Tripwire – Leader in Policy & Compliance Security
SecuritySecurity• Detect unauthorized changes• Assess configurations against security baselines• Identify risks in environment
Compliance• Demonstrate compliance with regulatory standards• Automate manual compliance efforts• Produce data for audits and for forensics
ComplianceIT Operations
IT Operations• Validate changes for a strong change control process• Identify unauthorized changes that circumvent process• Discover and inventory what is on network
21
Extensive library of security configuration best-practices to establish and monitor configurations
Detection and alerts on all changes to established baseline – what, who and business context
Discover assets, vulnerabilities, and malicious changes on systems and help manage the workflow and process of remediation
Automate manual processes associated with dealing with change - Isolate and escalate changes and events of interest
How we help Security
Assess configurations against security policies
Detect unauthorized changes
Identify risks on assets
Deal with securitydata overload
22
Security Configuration Management
Integrity Monitoring
System Configuration Monitoring
Log Monitoring
File Integrity Monitoring
Broadest Library of Best Practices
Policy Management
Configuration Management
Vulnerability Management
Asset Inventory & Profiling
Vulnerability Assessment
Risk Scoring & Prioritization
Network Security
IT ServiceManagement
Threat Intelligence
SIEM & Analytics
Tripwire capabilities
Monitoring for Peer and Community Sourced IoCs
!
THREATDETECTED!
4
IndicatorsFeed
2
Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes.
3
EnterpriseTAXII Server
PeerTAXII Server
Open Source IntelligenceTAXII Server
ISAC CommunityTAXII Server
Drive workflow to investigateand remediate system
5
Indicators Feed1Local File Sources
(Flat, CSV, etc)
24
Tripwire Technology Alliance Partners ANALYTICS & SIEM IT SERVICE MANAGEMENT NERC ALLIANCE NETWORK
NETWORK SECURITY
PLATFORM PARTNERS
IDENTITY MANAGEMENT
THREAT INTELLIGENCE
25
Why Tripwire?
Foundational
Solutions for Security, Compliance and IT Operations
People PartnersProducts
tripwire.com | @TripwireInc
Q & A
Jeff [email protected]@jeff_pollard2
David [email protected]@davidjmeltzer
tripwire.com | @TripwireInc
Thank you for attending!