Tripwire Unveils Controls-Based Data Protection Strategy
Tripwire, the global leader of IT security and compliance automation solutions,today announced the first two technology releases as part of its controls-based data protection strategy. These releases support Tripwire’s mission to integrate critical controls focused on business relevance, risk and threat intelligence.
Cyber attacks are increasing. Breaches, if discovered, go undetected for months as evidenced by the Verizon Business Data Breach Investigation Report (DBIR). Exploits are increasingly focused at where the actual data resides – at the file, database and web application servers – not at the perimeter where organizations have historically focused their security investment. As organizations are exposed to increasingly complex threats, IT security controls become critical to protecting and monitoring their assets. The difficulty lies in ensuring that these controls provide continuous protection, unifying the data to provide risk intelligence for decision making, and then deriving security benefits from them in a cost-effective way. The Tripwire VIA™ strategy is to unify and automate security controls to ensure data protection is continuous in order to provide the best possible defense against today’s threats.
Security organizations tend to focus on investments on the perimeter with the intent of creating a hard, impenetrable shell around the network. Tripwire advocates organizations take a multi-layered approach with an emphasis on where the sensitive data actually resides, and on protecting this valuable data first. Tripwire offers several critical controls today including security configuration management, file integrity monitoring, and log management – three of the top 20 SANS Critical Controlsfor effective cyber defense.
“Tripwire is uniquely positioned to deliver a powerful data protection solution specifically aimed at data and systems, with our best-of-breed configuration, integrity and state-centric security solutions,” said Jim Johnson, CEO of Tripwire. “Protecting sensitive data is the basis for our integrated controls-based data protection strategy.”
Two new technology solutions released today support Tripwire’s controls-based data protection mission – the Tripwire VIA Event Integration Framework and VIA HyperLogging solution.
SIEM solutions typically detect anomalies in the network but have no context of strong or weak system states. Security professionals then spend hours sifting through reams of insignificant events in the hopes of finding truly malicious activity. The Verizon Data Breach Investigation Report details a surprising fact. While 80% of breaches were captured within the logs, none of them were detected by the SIEM – a result not of the effectiveness of the tool, but the truly manual nature of sifting through millions of correlated events with no context of good or bad state. Furthermore, 86% of breaches in the Verizon DBIR were detected by 3rd parties, not by the organizations being breached. The Tripwire VIA Event Integration Framework dramatically improves the correlation processes of Tripwire Log Center®as well as other SIEM solutions, by supplying the critical context needed to identify malicious activity – Tripwire Enterprise’s best-of-breed configuration state and file change information. While standalone logging tools are blind to both change details and configuration compliance, the VIA Event Integration Framework can provide this critical security intelligence to SIEM’s in an accessible, consumable way that can be rapidly implemented without the need for costly customization.
“The recent flurry of data breaches in the news proves that the traditional approach to security isn't getting the job done,” said Dwayne Melançon, Vice President of Products for Tripwire. “Old school security often focuses too narrowly, and looks at 'lagging indicators' which are only apparent after a compromise has occurred. The real opportunity is for enterprises to get ahead by implementing controls more effectively in the first place, then using automation to detect and resolve security weaknesses before they are exploited.” Melançon continued, “By leveraging strong controls and continuous, automated evaluation of those controls, enterprises can detect and resolve security weaknesses before they lead to a damaging or embarrassing incident. Tripwire's controls-based approach integrates foundational security controls to keep IT security teams from being overwhelmed so they can focus on what's important to prevent breaches.”
Designed with security directors in mind, the Tripwire VIA HyperLogging solution ensures the appropriate level of logging is always available and enabled on any SIEM solution, including Tripwire Log Center. Attempting to disable logging capabilities is a routine first-pass attack among hackers, but detecting disabled and reduced logging states and re-enabling settings presents a difficult, time consuming challenge for many IT environments. The Tripwire VIA HyperLogging solution is a logging assurance solution that immediately determines when logging has been disabled – either by accident or as a precursor to an attack – and automatically re-enable logging to assure gapless logging integrity. Continuous monitoring is assured and reports offer a proof of violations and corrections for compliance.
Both the Tripwire VIA Event Integration Framework and VIA HyperLogging solution are available now and are currently in use by some of Tripwire’s largest integration customers. For more information, please visit http://www.tripwire.com/services/.