Survival of the FittestHow to Build a Cyber Resilient Organization

Guest Speaker, Jeff PollardForrester, Principal Analyst

David MeltzerTripwire, Chief Technology Officer

© 2016 Forrester Research, Inc. Reproduction Prohibited 2

Agenda

›Cutting Bloat In Security Operations›Challenged By Moving To The Cloud›Eliminating Our Operational Blind Spots›Developing New Strategic Plans For Resilience

© 2016 Forrester Research, Inc. Reproduction Prohibited 3

Cutting Bloat In Security Operations

© 2016 Forrester Research, Inc. Reproduction Prohibited 4

Interesting, but uncontrollable

© 2016 Forrester Research, Inc. Reproduction Prohibited 5

Internal focus matters more than external focus

Source: Forrester Research “Hunting Insider Threats” report

© 2016 Forrester Research, Inc. Reproduction Prohibited 6

Challenged By Moving To The Cloud

© 2016 Forrester Research, Inc. Reproduction Prohibited 7

X-aaS vs. On-Premise Introduces Variables

Source: Forrester Research “Cloud Service Provider Categories Are Shifting: Here's Your Guide” report

© 2016 Forrester Research, Inc. Reproduction Prohibited 8

Eliminating Our Operational Blind Spots

© 2016 Forrester Research, Inc. Reproduction Prohibited 9

Figure out if its real

Alert

TrueNetwork

Endpoint

False Close

© 2016 Forrester Research, Inc. Reproduction Prohibited 10

Ask questions based on source

Alert

TrueNetwork

Endpoint

False Close

© 2016 Forrester Research, Inc. Reproduction Prohibited 11

Record artifacts

Alert

True

NetworkIP

URL

Endpoint

Hash

DeliveryFalse Close

© 2016 Forrester Research, Inc. Reproduction Prohibited 12

Enrich contextually

Alert

True

Network

IP

External Intel

Internal Intel

URLReputation

Other Visits

Endpoint

HashVT, etc

Other Cases?

Delivery

Other Visitors?

Other Targets?

False Close

© 2016 Forrester Research, Inc. Reproduction Prohibited 13

Content management and Workflow problem

Alert

True

Network

IP

External Intel

Internal Intel

URLReputation

Other Visits

Endpoint

HashVT, etc

Other Cases?

Delivery

Other Visitors?

Other Targets?

False Close

Tool 1

Tool 2

Tool 3

Tool 4

Tool 5

Tool 6

© 2016 Forrester Research, Inc. Reproduction Prohibited 14

16GB of RAM is plenty for all these Tabs

Each item discovered leads to:A different technologyA different skillset

Team’s forced to drive technology:Not drive an investigationNot analyze and cross-reference

© 2016 Forrester Research, Inc. Reproduction Prohibited 15

Developing New Strategic Plans For Resilience

© 2016 Forrester Research, Inc. Reproduction Prohibited 16

Good things happening

“Real” REST API’s for security tech (with actual documentation)

Security NEEDS Detect, Protect, and Respond – not pick one of three

Increased demand leading to more opportunities, more training, more skills

Thank you

forrester.com

Jeff Pollardjpollard@forrester.com@jeff_pollard2

How do you manage today’s technology landscape?

• Myriad devices and applications, on premise and in the cloud• Growing number of assets to protect across the organization• Systems are constantly changing

Firewalls

Network Devices

Workstations

Cloud

ApplicationsDatabases

VirtualSystems

FileSystems

• Foundational controls for security, compliance and IT operations

• Stable, growing public company in a chaotic industry

• Trusted by over half the Fortune 500 since 1997

Tripwire the leader in Policy & Compliance Security

1000s of successfulcustomerdeployments

20M Criticalassetscovered globally

20

Tripwire – Leader in Policy & Compliance Security

SecuritySecurity• Detect unauthorized changes• Assess configurations against security baselines• Identify risks in environment

Compliance• Demonstrate compliance with regulatory standards• Automate manual compliance efforts• Produce data for audits and for forensics

ComplianceIT Operations

IT Operations• Validate changes for a strong change control process• Identify unauthorized changes that circumvent process• Discover and inventory what is on network

21

Extensive library of security configuration best-practices to establish and monitor configurations

Detection and alerts on all changes to established baseline – what, who and business context

Discover assets, vulnerabilities, and malicious changes on systems and help manage the workflow and process of remediation

Automate manual processes associated with dealing with change - Isolate and escalate changes and events of interest

How we help Security

Assess configurations against security policies

Detect unauthorized changes

Identify risks on assets

Deal with securitydata overload

22

Security Configuration Management

Integrity Monitoring

System Configuration Monitoring

Log Monitoring

File Integrity Monitoring

Broadest Library of Best Practices

Policy Management

Configuration Management

Vulnerability Management

Asset Inventory & Profiling

Vulnerability Assessment

Risk Scoring & Prioritization

Network Security

IT ServiceManagement

Threat Intelligence

SIEM & Analytics

Tripwire capabilities

Monitoring for Peer and Community Sourced IoCs

!

THREATDETECTED!

4

IndicatorsFeed

2

Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes.

3

EnterpriseTAXII Server

PeerTAXII Server

Open Source IntelligenceTAXII Server

ISAC CommunityTAXII Server

Drive workflow to investigateand remediate system

5

Indicators Feed1Local File Sources

(Flat, CSV, etc)

24

Tripwire Technology Alliance Partners ANALYTICS & SIEM IT SERVICE MANAGEMENT NERC ALLIANCE NETWORK

NETWORK SECURITY

PLATFORM PARTNERS

IDENTITY MANAGEMENT

THREAT INTELLIGENCE

25

Why Tripwire?

Foundational

Solutions for Security, Compliance and IT Operations

People PartnersProducts

tripwire.com | @TripwireInc

Q & A

Jeff Pollardjpollard@forrester.com@jeff_pollard2

David Meltzerdmeltzer@tripwire.com@davidjmeltzer

tripwire.com | @TripwireInc

Thank you for attending!