Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well...
-
Upload
tripwire -
Category
Technology
-
view
23 -
download
2
Transcript of Excellence in the Essentials: It's Not Whether You Implement Foundational Controls, It's How Well...
EXCELLENCE IN THE ESSENTIALSIT”S NOT WHETHER YOU IMPLEMENT FOUNDATIONAL CONTROLS, IT’S HOW WELL YOU DO!Maurice Uenuma | Strategic Account Manager Co-Chair, NICE (NIST) Workforce Management panelFebruary 14-15, 2017
2
An Embarrassing Problem…
The same issues over and over Common vulnerabilities
Inability to address vulnerabilities in an effective & timely manner
Poorly configured systems
Lack of visibility into the environment
Inability to detect malicious/suspicious changes
Inability to filter out noise
Are your cyber assets are in a trusted state??
3
Plenty of Good Options… and DistractionsFoundational controls
CIS Critical Security Controls» Knowing what’s connected & running
» Minimizing vulnerabilities
» Strengthening systems through secure configurations
» Detecting suspicious/malicious changes
Essential to all security & compliance frameworks
Doing the basics? “Of course!” But how well??
Distractions: the latest & greatest shiny objects Many good tools, but addressing lower priority controls
4
Excellence in the EssentialsFrom doing them, to doing them well
Vulnerability management: asset profiling for targeted scans
Remediation: integration for automated workflows
Vulnerability management: granular scoring & prioritization
Secure configurations: robust compliance reporting
Change detection: real-time monitoring & alerting
5
Best practice: vulnerability management
Granular scoring
5
Risk-based prioritization
6
Best practice: security-operations integration
7
Common ThemesFoundational controls: a shared responsibility
Across security, compliance and IT operations
System intelligence is the starting point Collect rich system state information
Detect and alert to system changes
Collect, normalize and smart-filter robust event data
Integration is necessary No platform “islands”
From data -> information -> relevant, timely information with business context
8
Excellence in the EssentialsTripwire alignment with CIS Critical Security Controls
Mapped to other security and compliance frameworks including NIST, CoBIT, PCI, ISO 27000, FISMA
9
Tripwire for Three Aspects of your BusinessProtecting your organization
Foundational security controlsAutomated workflows
Extensive integrations
Proving compliance Extensive regulatory coverageContinuous monitoringAudit evidence and reports
Performing as expectedStandard configurations
Change audit and validationImproved uptime and MTTR
Security
IT Operations Compliance
tripwire.com | @TripwireInc