Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well...

10
EXCELLENCE IN THE ESSENTIALS IT”S NOT WHETHER YOU IMPLEMENT FOUNDATIONAL CONTROLS, IT’S HOW WELL YOU DO! Maurice Uenuma | Strategic Account Manager Co-Chair, NICE (NIST) Workforce Management panel February 14-15, 2017

Transcript of Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well...

Page 1: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

EXCELLENCE IN THE ESSENTIALSIT”S NOT WHETHER YOU IMPLEMENT FOUNDATIONAL CONTROLS, IT’S HOW WELL YOU DO!Maurice Uenuma | Strategic Account Manager Co-Chair, NICE (NIST) Workforce Management panelFebruary 14-15, 2017

Page 2: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

2

An Embarrassing Problem…

The same issues over and over Common vulnerabilities

Inability to address vulnerabilities in an effective & timely manner

Poorly configured systems

Lack of visibility into the environment

Inability to detect malicious/suspicious changes

Inability to filter out noise

Are your cyber assets are in a trusted state??

Page 3: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

3

Plenty of Good Options… and DistractionsFoundational controls

CIS Critical Security Controls» Knowing what’s connected & running

» Minimizing vulnerabilities

» Strengthening systems through secure configurations

» Detecting suspicious/malicious changes

Essential to all security & compliance frameworks

Doing the basics? “Of course!” But how well??

Distractions: the latest & greatest shiny objects Many good tools, but addressing lower priority controls

Page 4: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

4

Excellence in the EssentialsFrom doing them, to doing them well

Vulnerability management: asset profiling for targeted scans

Remediation: integration for automated workflows

Vulnerability management: granular scoring & prioritization

Secure configurations: robust compliance reporting

Change detection: real-time monitoring & alerting

Page 5: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

5

Best practice: vulnerability management

Granular scoring

5

Risk-based prioritization

Page 6: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

6

Best practice: security-operations integration

Page 7: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

7

Common ThemesFoundational controls: a shared responsibility

Across security, compliance and IT operations

System intelligence is the starting point Collect rich system state information

Detect and alert to system changes

Collect, normalize and smart-filter robust event data

Integration is necessary No platform “islands”

From data -> information -> relevant, timely information with business context

Page 8: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

8

Excellence in the EssentialsTripwire alignment with CIS Critical Security Controls

Mapped to other security and compliance frameworks including NIST, CoBIT, PCI, ISO 27000, FISMA

Page 9: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

9

Tripwire for Three Aspects of your BusinessProtecting your organization

Foundational security controlsAutomated workflows

Extensive integrations

Proving compliance Extensive regulatory coverageContinuous monitoringAudit evidence and reports

Performing as expectedStandard configurations

Change audit and validationImproved uptime and MTTR

Security

IT Operations Compliance

Page 10: Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well You Do!

tripwire.com | @TripwireInc