5 Steps to Defend from Targeted Attacks with Security Integration

© 2015 Forrester Research, Inc. Reproduction Prohibited 4

Familiar?

@rickhholland | @terlin | @TripwireInc


Targeted-Attack Hierarchy Of Needs

Source: January 7, 2015, “Introducing Forrester's Targeted-Attack Hierarchy Of Needs, Forrester report



Step #1

Have an actual strategy



Expense in depth




Return on expense in depth?




Before you

invest:

• Assess your

current state

• Conduct a

gap analysis



Components of a sound strategy

› Adopt a Zero Trust model.

• Trust but verify

• Networks are designed from the

inside out

• Inspect and log all traffic



Components of a sound strategy

› Adopt a Zero Trust model.

• Trust but verify

• Networks are designed from the

inside out

• Inspect and log all traffic

› Data-driven security, not alert-driven

security

› Know your data

• What generates revenue?

• What assets align to this revenue?



Step #2

Focus on fundamentals

@rickhholland



Focus on the fundamentals



Reduce attack surface with Vulnerability Management

› VM has always been fundamental, yet it

has been overlooked.

› The recent open source vulnerabilities

brought VM back into the spotlight.

› VM has a renewed focus within

organizations.



Step #3

An integrated portfolio that enables orchestration



Friction

› “Create friction for the attacker. Slow

them down, and make their job more

difficult.”

› What about all the friction we create for

ourselves?

› Reduce your internal friction and

become more agile.



Reduce operational friction

› Evaluate your technology stack;

automate any manual tasks.

› Add developers to your team (recent

college graduates)

› Prioritize vendors who integrate within

their own portfolio as well as others.



Integration use case examples

› Endpoint + Automated malware

analysis

• Use endpoint visibility to confirm whether

or not malware executed.

› Vulnerability remediation validation

• Integrate vulnerability management with

ticketing to automate remediation

validation.

› Vulnerability management +

Governance Risk Compliance

• Provide asset states directly into GRC

solutions.



Step 4

Prevention



Prevention is dead, long live prevention!

› Prevention isn’t dead, imagine a world

without prevention.

› Prevention is shifting.

› Actionable threat intelligence can be used

for proactive defense.



Step 5

Detection and response



The threat landscape is overwhelming; threat models are dynamic



Adversary tiers



Fall back to detection and response

› Detection is the only option when dealing

with higher tier adversaries.

› No single control is your breach detection

system.

› Your aggregate controls and your people

are your breach detection system.


Your enterprise



Network controls aren’t enough



Endpoint’s role in detection and response

› Hunting with threat intelligence

• Search for threat indicators/indicators of

compromise.

• Behavioral hunting as well, not just signatures.

› Incident response

• What other hosts have been compromised?

• How are legitimate windows tools being used

by the adversary?



Final thought: Breach Detection Solution

› There is no single “breach detection”

solution.

› Your security tools ran by skilled staff who

are enabled by process are your breach

detection platform.

› Reduce internal friction to enable your

analysts.



Free research plug

› Not a Forrester client, interested in free

research?

› If you participate in a confidential research

interview, I will provide a complementary

copy of the research


Adaptive

Threat

ProtectionEndpoint Intelligence

Vulnerability Intelligence

Threat Intelligence

Threat Analytics

Forensics

Zero-Day Detection

Threat Response

Log & Event Intelligence


DETECTION

GAP

RESPONSE

GAP

PREVENTION

GAP

DETECTION

GAP

RESPONSE

GAP

PREVENTION

GAPDETECTION

GAP

RESPONSE

GAP

PREVENTION

GAP


Trusted: by over half of Fortune500 and over 9,000 customers worldwide

Open: Architected for a choice of multiple threat intelligence and security

integrations

Accurate: Hi-fidelity real-time detection and prioritization - focus on what really

matters

Resilient: Proven, reliable platform for security vulnerability management and threat

protection


tripwire.com | @TripwireInc

5 Steps to Defend from Targeted Attacks with Security Integration

Technology

Transcript of 5 Steps to Defend from Targeted Attacks with Security Integration