Despite the many security solutions on which we daily rely, the tools of our craft are rarely set up to complement one another. Whether these are SQL based dashboards or big data, most information security tools have traditionally been deployed separately in order to fulfill discrete functions. And this arrangement has worked moderately well in the past.
But things have changed. The IT landscape has become more complex, placing us in dire need of more detailed information that will help us make informed decisions with regards to what needs protecting and how we should go about it. The common solution is fully integrated suites. Unfortunately, all too often these do not produce particularly actionable information that we can use.
Today, we are forced to ask ourselves some questions. What are our controls doing? At what system attributes are they looking? And how can we possibly hope to bring the data they yield together?
Joel Barnes, CISSP and Tripwire Senior Systems Engineers, explores these questions and more in a recent webinar titled,“Convergence: Configurations, Vulnerabilities and Unexpected Changes.”
Convergence is all about getting more out of what security controls we already have. In an information society, technological convergence is everywhere. We can use any number of devices to send email, listen to music, or check up on friends. But this often leads to technological duplication, meaning wasted money and resources.
Therefore, Barnes urges us to recognize that the power of convergence lies in blending technology with evolutionary convergence, or the development of the same biological traits in unrelated organisms that have fundamentally different jobs in an environment. In terms of information security, this means using seemingly segregated controls and leveraging certain commonalities to enhance the functions of each.
In the webinar, Barnes compares vulnerability management (VM), security configuration management (SCM), and file integrity monitoring (FIM) as an example. These functions cannot replace each other because they all perform various tasks that are unique according to their depth of analysis, frequency of implementation and detail of information yielded.
VM, for instance, runs relatively shallow scans of many IT devices regardless of their level of criticality on a weekly or monthly basis, yielding a small amount of information about each device. By contrast, FIM is a deep, agent-based process that is information-intensive. This process is real-time and is best deployed with critical assets only. SCM lies between the other two, as shown in the following image:
We can see by now that what we’re essentially talking about is Defense in Depth. VM, SCM and FIM all share certain commonalities, such as an emphasis on risk, priority, dependency, business value and the “language” for risk.
They also have similar policy expectations, all drawing upon common frameworks of when, how often, and to what level we might use them in our systems. These are all sticking points that we can use as sources of context to make more informed security decisions.
Clearly, the convergence of VM, SCM and FIM is a killer combination, emphasized by the energy and financial sectors, as well as industry analysts. Tripwire has integrated convergence into its solutions, IP360 and Tripwire Enterprise.
IP360, which gives assets a risk ranking, allows for direct configuration insofar as one can tag assets in Enterprise to apply different levels of control. Using IP360’s Risk Matrix, one can visually see the overview of one’s assets, including which are low risks and which are in need of greater protection. You can then easily make adjustments to accommodate those assets that are high risk, eventually reaching a point where you can automate the entire process. For a more detailed look into how these solutions converge together, please click here.
Convergence is not about adding more features. It’s about figuring out which controls are independent and whether these can be deployed in a cooperative arrangement. Convergence helps us get more out of our data. Therefore, it is a crucial source of context when it comes to making any and all security decisions.
- Dynamic Monitoring: Products Influencing Products
- Continuous Security Monitoring: An Introduction
- The Role of Security in Creating a Standard of Due Care
- Interesting but not Actionable Security Data – Should I Even Look?
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed and Shellshock vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Header image courtesy of Shutterstock.