The world is full of first responders. You may not realize it, but you will know someone who is a first responder.
Typically, one would associate a first responder with the three main emergency professions: Ambulance, Police and Fire.
Within the Ambulance profession, that person who is first on the scene to deliver medical assistance to a poorly patient would be seen as a first responder.
Within the Police force, that first responder will be the police unit that will arrive first on scene to deal with whatever they are faced with, whether it’s a burglary that’s in progress or someone’s life that’s in danger. They are there to investigate and ascertain what happened.
And with the Fire brigade, they are there to respond at a moment’s notice to put out the fire, saving lives and people’s property.
There are so many examples of first responders out there in the world, including those who help keep the lights on by responding to power lines that have fallen and those who respond to demand and spikes in the electricity grid. As parents, we would be first to respond to a child who is poorly or needs our assistance or attention.
Within the IT world, there are similarities. There are people out there who respond to systems that are acting poorly. Perhaps the computer has a bug or virus that needs taking care of, similar to the first responders in the Ambulance profession.
When a security breach occurs, there will be a team that will respond and be first on the scene to investigate the incident and to prevent data loss or defacement to a website, similar to the role played by Police first responders.
And when things really go wrong and the fire needs putting out to prevent further breaches, whole teams work together as an incident management team, helping prevent the spread of the breach to other systems, very similar to what the Fire brigades do.
For us to respond to these breaches, we need to identify them first. We need to have visibility of bad changes within the estate that could lead to a compromised or misconfigured system. We can help prevent breaches by hardening the systems to a specific standard or help identify vulnerabilities.S Similar to what crime prevention officers would do in certain neighbourhoods, this effort makes it hard for the attackers to compromise a system or property.
Tripwire’s file integrity monitoring (FIM) and change management solution provides complete visibility over all changes made to the corporate network and who made those modifications. It then compares that change to what was supposed to happen in the IT environment. Personnel can use that insight to confirm that a scheduled change actually occurred and quickly address unexpected changes.
To learn more about Tripwire’s FIM solution, click here.
We are at Infosecurity Europe 2018, come and see us at stand E50 where we have a number of presentations about how Tripwire can help you become a cyber responder.
To attend my session, “Making the Shift from File Integrity Monitoring to Integrity Management” you can stop by the Tripwire booth during the following times:
- Tuesday, June 5th at 11:00am
- Wednesday, June 6th at 10:00am
- Thursday, June 7th at 12:00pm
I look forward to seeing you there!