Embed Size (px)
DESCRIPTION
* Why many organizations don’t successfully detect security breaches * How to best use existing security information and event management and log management tools * Other sources, including external ones, that can provide early indicators of a security breach * How to maximize the security resources you already have Watch the webcast here: http://www.tripwire.com/register/10-steps-to-better-security-incident-detection/
Citation preview
10 Steps to Better Security Incident Detection
10 Steps to Better Security Incident Detection
10 Steps to Better Security Incident DetectionBrian Honan, BH ConsultingCindy Valladares, Tripwire, Inc.
IT SECURITY & COMPLIANCE AUTOMATION
Today’s Speakers
Brian Honan
BH Consulting
Cindy Valladares
Tripwire, Inc.
IT SECURITY & COMPLIANCE AUTOMATION
Tripwire, Inc.
Headquartered in Portland, Oregon Founded in 1997 | Open source legacy since ‘80s Over 315 employees worldwide
Over 5,500 customers in 87 countries 43% of Fortune 500 rely on Tripwire
Award-winning, patented technology
5
Helping You Piece IT Together
http://www.bhconsulting.ie [email protected]
10 Steps to Better Security Incident Detection
Infosec Certainties
Systems Under Constant Threat
Threats Are Evolving
Resurgence of Hacktivism
WE DO NOT FORGIVE. WE DO NOT FORGET. EXPECT US
Traditional IT Security
Breach Detection
92%
8%
Detected by 3rd PartyDetected by Org
Source: Verizon DBIR 2012
Time To Discover Breach
85%
15%
More than 1 WeekLess than 1 Week
Source: Verizon DBIR 2012
Avoidable?
97%
3%
Avoidable Using Simple ControlsNot avoidable
Source: Verizon DBIR 2012
Difficulty
96%
4%
Not DifficultDifficult
Source: Verizon DBIR 2012
Examples of Bad IR
Why Are We Bad in Detecting Incidents?
Are Tools Fit For Purpose?
Volume of Information
Drowning In Data
The Rumsfeld Effect
Results in You In Line Of Fire
So …
Improving Incident Response
Detect Incidents Early
(1) Understand Your Business
(2) Analyze Network Patterns
(3) Segment Your Information
(4) Harden Systems
(5) Monitor Logs
(6) Use Security Tools
(7) Train Staff & Partners
(8) Use Open Source Data
(9) Set Traps
(10) Share with Peers
More Information
White Paper:
“10 Steps for Early Incident Detection”
Available Online In the Resources Section on Tripwire Inc.’s website.
http://www.tripwire.com/data-security/
IT SECURITY & COMPLIANCE AUTOMATION
Tripwire Secures Today’s Enterprise
Prevent attacks by implementing secure configurations and enforcing security policies
Reducethe AttackSurface
Find Vulnerabilities & Attacks Faster
MakeSecurity Data
Useful
Continuously monitor systems to identify, evaluate,and prioritize evidence of compromise
Make risk and incidentsvisible, measurable and actionable
37
IT SECURITY & COMPLIANCE AUTOMATION
Tripwire Security Solutions
IT SECURITY & COMPLIANCE AUTOMATION
Tripwire Solutions
Content Context Analytics Workflow
System Hardening
Incident Detection
Continuous Monitoring
39
Questions ?
