Cybersecurity experts are urging government agencies to protect their data with up-to-date, foundational security controls, and agencies are listening. But how can they determine where exactly to focus their efforts to maximize efficiency and ensure a strong security stance? A new whitepaper from Tripwire details the four key components federal agencies need in order to establish and maintain a robust security posture; policy compliance, file integrity monitoring, log management and vulnerability management.
Policy compliance could mean meeting either regulatory requirements or internal agency standards. Not only do agencies need to implement the controls defined in a policy, but they must also be able to demonstrate (to an auditor, most of the time) that those controls are in place and working. Policy compliance tools should be evaluated on their ability to provide, validate and support policy controls. Such tools should reduce the time it takes to prepare for an audit. If an agency’s regulatory framework includes fines or other punitive measures, budget for such policy tools can be justified since policy compliance tools reduce the risk of a failed audit. Tripwire Enterprise’s File Integrity Manager, Policy Manager and Remediation Manager together continually assess system changes and report on your agency’s compliance status with out-of-the-box compliance testing for FISMA, NERC CIP, SOX and others.
Each and every security breach correlates to a change within a system. As such, agency environments require preventative and detective controls that identify change. While file integrity monitoring is nothing new, its core capabilities have evolved dramatically in recent years. It now encompasses a wide range of tools and tactics that fall under the umbrella term “integrity management.” This includes ensuring that your systems are secured, establishing a secure baseline, monitoring for change from that baseline and acting on important changes. Integrity management is a core capability called out in NIST 800-53. Tripwire File Integrity Manager, a core component of Tripwire Enterprise, enables you to implement a strong integrity management program.
Security logging and analysis can help IT teams determine the location of attackers, identify malicious software and track activities on victim machines. Log management is also a fundamental control required by FISMA and defined in NIST 800-53. Collecting log data and correlating it with other data sources has driven significant demand in federal agencies for user behavior and big data analytics solutions. However, from a cost perspective, customers can find themselves paying for data that doesn’t need to be in the SIEM or paying for log storage instead of analytics. Tripwire Log Center collects logs, analyzes and correlates log event and responds to events of interest using a logical flow of one or more events. It also can be an effective tool to reduce noise by pre-processing log data prior to passing to a SIEM.
Executive Order 13800 delineates that “Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies.” Vulnerability management seeks to reduce this risk by identifying vulnerabilities present within a system environment. In addition, vulnerability management and compliance should work hand in hand. For example, a vulnerability assessment tool is a key component in preparation for a Command Cyber Readiness Inspection (CCRI) audit. At its core, there are three steps in the vulnerability management workflow: first, discover what’s in your environment and their vulnerabilities; second, report vulnerabilities, effectively prioritized, to system owners and other stakeholders; and third, remediate the vulnerabilities, reducing the system’s cybersecurity risk. Tripwire IP360 serves as a complete vulnerability management toolkit for federal agencies. It discovers and produces a comprehensive asset inventory and scores vulnerabilities so an agency can focus on remediating the vulnerabilities that expose the agency to the most amount of risk.
Many federal agencies find themselves in need of a substantial security overhaul. They need advanced tools and techniques to keep up with both the rapid proliferation of digital threats and the requirements of regulatory frameworks meant to stop them. File integrity monitoring, log management, policy compliance and vulnerability management are the four security fundamentals your agency must address, and Tripwire products offer the out-of-the-box coverage federal agencies require.
To read the entire whitepaper, go here.