Over the past week or so, my colleague Michael and I have been sharing with you the benefits of our recently launched solutions. We’ve talked about how we can help you connect security to the business, and how we can help protect your systems with security configuration management. In this last post of this installment, we’re going to talk about how we can help you detect any anomalies in your secure environment.
In our detection capabilities, we’ve added significant enhancements to our System State Intelligence, which provides visibility into the configuration status of systems and detects suspicious events to enable security context and prioritization. More integration of our Tripwire solutions allow for better business and user context:
Business Context – We gather business knowledge of your highest valued assets, identify high severity changes and detect any suspicious asset activity around them to filter false positives.
User Context – We integrate with Active Directory to leverage user entitlement, groups, roles & attributes and detect suspicious user behavior.
These added benefits allow our users to create security dashboards like the one below to obtain leading indicators of breach activity that could lead to compromised systems and data breaches.
For our existing Tripwire Enterprise users, we’ve implemented a new Dynamic Software Reconciliation capability that can automatically reconcile changes resulting from software updates. In addition, we’ve included more breach detection rules in our Cyber Crime Content to provide organizations a foundational level of security and integrity. This content is available for free from the Tripwire Customer Center for existing users.
Why are all of these new detect capabilities so important? Because as an industry we’re not very good at detecting incidents. As you can see from the graphs below, it only takes seconds to get compromised, and months to discover a compromise. And quoting from the 2012 Verizon’s Data Breach Investigations Report , “One area in risk management that needs some serious attention is incident detection.”
So in summary, these added benefits allow you to:
- Detect incidents early to manage and contain security problems by providing you more in-depth system state intelligence
- Prioritize security threats and filter what’s most important to the business by gaining business and user context
- Allow you to be proactive about security by automating certain routine tasks so that you can focus your time on more interesting and strategic projects
You can learn more about our connect, protect and connect capabilities in the What’s New in Tripwire page.