The radical evolution of the nature of malware has fueled the rise of targeted attacks, forcing security professionals to recognize that the traditional mass-market threats have now become sophisticated, modern attacks that are customized and relentless.
Because of this, security and advanced threat protection has become a big topic of conversation due to high profile breaches, such as Target, JPMorgan Chase, Home Depot and many more.
It’s critical to be able to detect if you have been breached, identify how long you have been exposed and finally, determine how you can keep it from happening again, but you start to wonder if this is really possible when you see the latest stats.
Many Tripwire Enterprise customers have come to us asking how they can be even more proactive in protecting their organization’s business critical data when cyber attacks are becoming more and more sophisticated each day. This can be really challenging as cyber criminals continually change their tactics. Zero-day malware can slip by your network or can easily enter your environment without your knowledge.
One solution customers have explored is deploying multiple, fragmented security controls. Sadly, this aggravates the challenge by creating even more data. Logs, incidents, advanced threat warnings, alerts; nearly an impossible task to access, correlate, analyze and understand. There is no single source of truth. What is required is more visibility and the best information to make the best and most timely decisions, not more false alerts and disjointed data.
Tripwire is working to solve this problem by partnering with Check Point Software to deliver an integration that offers advanced and zero-day malware detection with threat intelligence to help reduce the time to accurately detect and protect the entire enterprise against these advanced malicious threats.
Tripwire Enterprise customers leverage real-time endpoint monitoring and detection, enabling advanced cyberthreat protection with malware verification and identification through integration with Check Point ThreatCloud Emulation Service. The combined solution provides unprecedented protection against zero-day threats, whether known or unknown.
Customers who have integrated Tripwire Enterprise for Check Point ThreatCloud Emulation Service have:
- Reduced the time to accurately detect and respond to endpoint threats
- Ensured all endpoint systems are protected, against both known and new attacks
- Turned zero-day attacks on critical endpoints into known threats protected by Check Point gateways, within minutes
How does it work? Tripwire Enterprise monitors files on critical systems for changes and the introduction of new files to the system. It can detect deviations from known and trusted, hardened states, and by highlighting the anomalies that indicate threats or breaches.
When a new suspicious file is identified, the file hash is sent to Check Point ThreatCloud Emulation service, a cloud-based virtual environment, for analysis. Tripwire Enterprise then tags the file with the result from ThreatCloud. If it is malicious, the asset is tagged as containing malware.
If the file hash is not identified, Tripwire Enterprise sends the complete file to the ThreatCloud virtual sandbox, which performs analysis of the file and returns a result. Tripwire Enterprise then gets the result back and provides all of the benefits of its workflow to drive remediation based on the properties that have been set.
The Remediation Manager in Tripwire Enterprise provides guidance to security and compliance teams to repair drifted, misaligned security configurations while retaining role-based management, approvals and sign-offs for repairs.
Although the network layer may have never seen the suspicious file, that information about the file and its behavior is now part of Check Point’s services. Finally, that information is now pushed out to the IPS and Firewalls sitting at your site so the file is now blocked at the network level from further infection.
This integration is free for Tripwire Enterprise customers to try for themselves. The datasheet describes the integration and if you would like to see a 30 minute product briefing and overview, please contact us.