achieving continuous monitoring with security automation
DESCRIPTION
This presentation provides: An overview of continuous monitoring Discusses federal requirements for continuing monitoring Explains why it is critical for risk mitigation Describes an effective continuous monitoring strategy that brings together data from different security controls in one place Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/TRANSCRIPT
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationSteve Johnston, Federal, DOD and Civilian AgenciesErich Dobroth, Federal Lead Systems Engineer
IT SECURITY & COMPLIANCE AUTOMATION
Continuous Monitoring is about…..
Risk Management
Empowering
Strengthen
Reducing
Decision Making
Leadership to make educated decisions
The Control Environment
Resources spent on annual IT Audits
Actionable Alerts to focus resources and respond
IT SECURITY & COMPLIANCE AUTOMATION5
Continuous Monitoring & Risk Management Framework
Categorize Information
SystemMonitor Security State
Authorize Information
System
NISTRisk Management
FrameworkSP800-37
Select Security Controls
Implement Security Controls
Assess Security Controls
Start
• Aligned with RMF (800-37) and CM requirements (800-137)
• Cyberscope Management Reporting• DoD adopting RMF for Continuous Monitoring
SP800-137
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Sharing knowledge of threats and attacks across different networks
Situational Awareness
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Sharing knowledge of threats and attacks across different networks
Situational Awareness
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Defining CM Processes
Creating yet another process can be daunting, time consuming and flows against the culture
Sharing knowledge of threats and attacks across different networks
Situational Awareness
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Defining CM Processes
Creating yet another process can be daunting, time consuming and flows against the culture
ConfigurationVisibility
Knowing what to monitor and the frequency can be very challenging
Sharing knowledge of threats and attacks across different networks
Situational Awareness
IT SECURITY & COMPLIANCE AUTOMATION
Challenges with Implementing Continuous Monitoring
Identifying Tools
When so many product claim to do continuous monitoring how do we know which to choose
Defining CM Processes
Creating yet another process can be daunting, time consuming and flows against the culture
ConfigurationVisibility
Knowing what to monitor and the frequency can be very challenging
Applying CM
With so many controls to monitor its challenging to apply CM to all controls
Sharing knowledge of threats and attacks across different networks
Situational Awareness
IT SECURITY & COMPLIANCE AUTOMATION
Breach - Compromise-to-Containment
Source: 2012 Data Breach Investigations ReportVerizon RISK Team in cooperation with the United States Secret Service
IT SECURITY & COMPLIANCE AUTOMATION
Server Configuration Controls is still he “Holy Grail”
Source: 2012 Data Breach Investigations ReportVerizon RISK Team in cooperation with the United States Secret Service
IT SECURITY & COMPLIANCE AUTOMATION13
Continuous Monitoring is more than just watching data….
…its System State Intelligence
IT SECURITY & COMPLIANCE AUTOMATION
14
Challenge of Achieving & Maintaining Secure Configurations
Time
Trusted State
Com
plia
nce
RISK change never stops
Change is occurring
• Compliance and Security is often driven by audits
IT SECURITY & COMPLIANCE AUTOMATION
15
Make the Climb Once - Continuous Monitoring/Compliance
TRIPWIRE CONFIGURATIONASSESSMENT AND CONTROL
Time
Trusted State
Com
plia
nce
Continuous Compliance
Assess & Achievedesired state
Maintainthat state
IT SECURITY & COMPLIANCE AUTOMATION
Tripwire Security Solutions
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
3 Determine Risk Threshold and Frequency of Monitoring (real-time, daily, weekly, periodic)
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
3 Determine Risk Threshold and Frequency of Monitoring (real-time, daily, weekly, periodic)
4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
IT SECURITY & COMPLIANCE AUTOMATION22
IT SECURITY & COMPLIANCE AUTOMATION23
IT SECURITY & COMPLIANCE AUTOMATION24
IT SECURITY & COMPLIANCE AUTOMATION25
IT SECURITY & COMPLIANCE AUTOMATION26
IT SECURITY & COMPLIANCE AUTOMATION27
IT SECURITY & COMPLIANCE AUTOMATION28
IT SECURITY & COMPLIANCE AUTOMATION29
IT SECURITY & COMPLIANCE AUTOMATION30
IT SECURITY & COMPLIANCE AUTOMATION31
IT SECURITY & COMPLIANCE AUTOMATION32
IT SECURITY & COMPLIANCE AUTOMATION33
IT SECURITY & COMPLIANCE AUTOMATION34
IT SECURITY & COMPLIANCE AUTOMATION35
IT SECURITY & COMPLIANCE AUTOMATION36
IT SECURITY & COMPLIANCE AUTOMATION37
IT SECURITY & COMPLIANCE AUTOMATION38
IT SECURITY & COMPLIANCE AUTOMATION39
IT SECURITY & COMPLIANCE AUTOMATION40
IT SECURITY & COMPLIANCE AUTOMATION41
IT SECURITY & COMPLIANCE AUTOMATION42
IT SECURITY & COMPLIANCE AUTOMATION43
IT SECURITY & COMPLIANCE AUTOMATION44
IT SECURITY & COMPLIANCE AUTOMATION45
IT SECURITY & COMPLIANCE AUTOMATION46
IT SECURITY & COMPLIANCE AUTOMATION47
IT SECURITY & COMPLIANCE AUTOMATION48
IT SECURITY & COMPLIANCE AUTOMATION49
IT SECURITY & COMPLIANCE AUTOMATION50
IT SECURITY & COMPLIANCE AUTOMATION51
IT SECURITY & COMPLIANCE AUTOMATION52
IT SECURITY & COMPLIANCE AUTOMATION53
IT SECURITY & COMPLIANCE AUTOMATION54
IT SECURITY & COMPLIANCE AUTOMATION55
IT SECURITY & COMPLIANCE AUTOMATION56
IT SECURITY & COMPLIANCE AUTOMATION57
IT SECURITY & COMPLIANCE AUTOMATION58
IT SECURITY & COMPLIANCE AUTOMATION59
IT SECURITY & COMPLIANCE AUTOMATION60
IT SECURITY & COMPLIANCE AUTOMATION61
IT SECURITY & COMPLIANCE AUTOMATION62
IT SECURITY & COMPLIANCE AUTOMATION63
IT SECURITY & COMPLIANCE AUTOMATION64
IT SECURITY & COMPLIANCE AUTOMATION65
IT SECURITY & COMPLIANCE AUTOMATION66
IT SECURITY & COMPLIANCE AUTOMATION
Get Fast Tracked to Continuous Monitoring
Continuous Monitoring with Tripwire
1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
2Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
3 Determine Risk Threshold and Frequency of Monitoring (real-time, daily, weekly, periodic)
4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
IT SECURITY & COMPLIANCE AUTOMATION
More about Continuous Monitoring with Tripwire Solutions
Achieving FISMA Compliance: Continuous Monitoring Using Configuration Control and Log Management http://bit.ly/fismacompliance
Automation: The Game Changer for Continuous Monitoringhttp://bit.ly/cmautomation
Continuous Monitoring: Responding to New Threats in More Complex IT Environmentshttp://bit.ly/newthreats
68
www.tripwire.comTripwire Americas: 1.800.TRIPWIRETripwire EMEA: +44 (0) 20 7382 5440Tripwire Japan: +812.53206.8610Tripwire Singapore: +65 6733 5051Tripwire Australia-New Zealand: +61 (0) 402 138 980
THANK YOU!
Erich [email protected]
503.276.7617
Steve [email protected]
817.313.7622