One of your worst nightmares is probably being on CNN because of a data breach. It seems inevitable that it will happen to us, but intercepting the attacker early during an incident to prevent a breach is the ideal scenario – if you’re being attacked, that is. According to Brian Krebs, that is exactly what happened to Sally Beauty.
At Tripwire, we’ve been called many times when a data breach is suspected. Our expertise in identifying abnormal activity gives us the opportunity to help customers reduce the breach to detection gap and perform early detection of an incident. So how can organizations interrupt an in-progress cyber attack?
Organizations that are proactive in their security efforts are in a much better position to respond quickly during an attack. A risk-based approach to security is essential in your readiness efforts. But that not only involves having the business take security seriously, but also having the right technology in place to continuously monitor their environment.
Host-based intrusion detection capabilities pick up where network-based scanners drop off. Focusing on securing the network perimeter alone just doesn’t work anymore. You need a multi-layer approach to your security strategy, one that protects your crown jewels and gives you the visibility to see when your trusted systems drift. It would provide you with options for you to act appropriately.
Maintain the Integrity of Our Systems
In order to disrupt the progression of a cyber attack, you need deep file integrity monitoring. One that not only looks at hash values or check sums, but goes deeper and looks at full system state. Then assesses those return values against a host of industry standards and provides you intelligence on who is changing what infrastructure, when, where and why. Doing it right is better than a superfluous assessment of your systems.
Continuous Security Monitoring
You can’t protect what you can’t see; it’s important to monitor the configuration of your systems continuously. This is where Tripwire excels, by combining the power of real time detection with continuous security monitoring. It’s also important to monitor for anomalies and disruptions to our trusted systems and have your foundational security controls in place.
Manual processes are not ideal if you would like to scale your efforts in the organization. By automating your processes, organizations benefit by sorting through large volumes of data and can expose inappropriate file changes, poor security configurations, exploitable vulnerabilities and critical log alerts.
Related Articles and Resources:
- Ten Steps for Early Incident Detection
- Restoring Trust After a Data Breach
- How to Perform Early Detection of a Distributed Attack
- Board Dynamics: Do BoDs Understand the Impact of Cyber Attacks?
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].