Are we vulnerable? How long will it take to find out? How long will it take to mitigate these risks?
There’s not enough time in the day to investigate every system change and remediate every vulnerability, so how do security organizations answer these questions quickly, and then answer them again 12 hours later? With the ever-evolving capabilities of cyber adversaries and the dynamic nature of corporate networks, the job of security prioritization is becoming increasingly difficult.
To combat enterprise cyberthreats, organizations need instant access to the right information to quickly make informed decisions. But limited visibility into configuration changes and the risk posture of network assets can slow reaction times. While capturing deep, rich system configuration information from assets improves visibility, it also produces a flood of additional data that can complicate prioritization. And that problem only multiplies as asset coverage expands with the ever-increasing number of connected devices and endpoints.
In short, we don’t need more data to improve threat detection and response—we need timely and actionable information.
Security Data Silos
In the past, a comprehensive set of data has been collected across different data silos, pieced together manually, often by different teams. For example, the security team scans the environment, finds some assets and vulnerabilities. They create a report, do some prioritization in Excel and toss a PDF over the IT Ops team to deal with.
However, IT Ops may have a different view of the network, perhaps in a security configuration management or CMBD solution. These tools often contain important business context, such as the business purpose of devices, who owns them, or where they’re located.
Now, IT Ops has to manually correlate vulnerabilities in the report to assets in their tool, consuming resources and slowing down their ability to respond. These disjointed silos of data typically result in technological duplication, meaning wasted money and resources.
Convergence Enables Adaptive Threat Protection
The solution to security data silos is the convergence of security controls to leverage existing investments in security and IT technology. The convergence of security controls depends on two important capabilities—the ability to integrate and the ability to automate. Integration allows sharing of important data between controls, and automation acts upon that shared data.
When both integration and automation are combined, the benefit of adaptive threat protection is realized: the ability to automatically adjust security controls based on system changes and potential business impact to significantly reduce overall enterprise cyberthreat risk.
Integration is essential for enabling adaptive threat protection, since it allows the rich security data and business context stored in different solutions to be shared, correlated and filtered. Without integration, data sharing is a manual and sometimes impossible task that results in errors and out of date information.
Examples of integration include:
- Combining vulnerability scan and suspicious configuration changes to quickly identify unauthorized changes on high-risk assets
- Reconciling asset inventory between solutions for improved attack surface visibility
- Isolating machines vulnerable to specific threats and vulnerabilities, like ShellShock or Heartbleed, while remediation efforts take place
- Sharing application inventory to closely monitor devices with applications prohibited by policy through cloud-sharing services, like Dropbox and Google Drive.
Automation leverages the integrations to continuously transform data into actionable information, reducing manual effort. Examples of automation include:
- Continuously analyzing the enterprise attack surface in an automated way
- Automatically adjusting security controls in response to the availability of exploit kits
- Prioritizing and filtering system configuration changes with vulnerability risks
- Automatically adjust monitoring and policy application within user-specified parameters
Adaptive threat protection makes it possible to pinpoint the biggest security issues as they are happening and focus security response on your most valuable assets. Integrating and automating security controls makes it possible for security teams to provide rapid, definitive answers to the most critical questions businesses are asking about security.
Lean more about Tripwire’s integrated and automated approach to adaptive threat protection by downloading the Vulnerability Intelligence Solution Brief.
- Convergence: Adding Context to Information Security Controls
- Identifying and Preventing Insider Threats
- Dynamic Monitoring: Products Influencing Products
- Continuous Security Monitoring: An Introduction
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Image courtesy of ShutterStock.com.