One of your worst nightmares is probably being on CNN because of a data breach. It seems inevitable that it will happen to us, but intercepting the attacker early during an incident to prevent a breach is the ideal scenario – if you’re being attacked, that is. According to Brian Krebs, that is exactly what happened to Sally Beauty.
At Tripwire, we’ve been called many times when a data breach is suspected. Our expertise in identifying abnormal activity gives us the opportunity to help customers reduce the breach to detection gap and perform early detection of an incident. So how can organizations interrupt an in-progress cyber attack?
Organizations that are proactive in their security efforts are in a much better position to respond quickly during an attack. A risk-based approach to security is essential in your readiness efforts. But that not only involves having the business take security seriously, but also having the right technology in place to continuously monitor their environment.
Host-based intrusion detection capabilities pick up where network-based scanners drop off. Focusing on securing the network perimeter alone just doesn’t work anymore. You need a multi-layer approach to your security strategy, one that protects your crown jewels and gives you the visibility to see when your trusted systems drift. It would provide you with options for you to act appropriately.
Maintain the Integrity of Our Systems
In order to disrupt the progression of a cyber attack, you need deep file integrity monitoring. One that not only looks at hash values or check sums, but goes deeper and looks at full system state. Then assesses those return values against a host of industry standards and provides you intelligence on who is changing what infrastructure, when, where and why. Doing it right is better than a superfluous assessment of your systems.
Continuous Security Monitoring
You can’t protect what you can’t see; it’s important to monitor the configuration of your systems continuously. This is where Tripwire excels, by combining the power of real time detection with continuous security monitoring. It’s also important to monitor for anomalies and disruptions to our trusted systems and have your foundational security controls in place.
Manual processes are not ideal if you would like to scale your efforts in the organization. By automating your processes, organizations benefit by sorting through large volumes of data and can expose inappropriate file changes, poor security configurations, exploitable vulnerabilities and critical log alerts.
Related Articles and Resources:
- Ten Steps for Early Incident Detection
- Restoring Trust After a Data Breach
- How to Perform Early Detection of a Distributed Attack
- Board Dynamics: Do BoDs Understand the Impact of Cyber Attacks?
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management – a widely recognized security best practice among large corporations – easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock