Security breaches appear to happen with alarming regularity these days and it continues to demonstrate the cost of not protecting business-critical systems, data and applications. Over the past year, breaches have left no industry untouched with companies like Adobe, Target, eBay and Neiman Marcus being a few of the most notable victims.
Sadly, in many instances, the victim of the breach doesn’t discover it themselves, which is a pattern that has also been identified in the Verizon Data Breach Report. Organizations connected to the Internet are coming to accept that it’s not a matter of if you will be breached, but a matter of when. And, the security risk is not at the department or group level but at the enterprise business level now.
Consequently, management executives and board members are taking an increased interest in their organization’s security posture. They want to see that the security team is monitoring for early indicators of risk and breach activity, as well as how quickly it would be detected. Their job is on the line.
For security teams, this means digging through huge volumes of security event and alert data that is being generated every day. Logs, incidents, advanced threat warnings and alerts. That is a lot of data. Making it nearly an impossible task to access, analyze and take action on. Where do they start?
Organizations must gain more visibility and business context to protect sensitive data from breaches, vulnerabilities and threats. We, at Tripwire, recognize the complexity of the problem customers need to solve and the security ecosystem required to do it.
Through the Tripwire Technology Alliance Partner (TAP) program, we have teamed up with other security vendors, such as FireMon, Brinqa, HP, Lockpath and Kenna Security (formally known as Risk I/O) to help solve this challenge. These partners offer a variety of capabilities across event, risk and forensic analytics.
The deep library of controls in Tripwire’s security configuration, vulnerability and log management solutions provide unique discovery, detection and monitoring capabilities. By leveraging the deep end-point intelligence data from Tripwire in these analytics tools, organizations can gain unprecedented visibility and business context to quickly identify and prioritize their security actions and reduce the cyber-threat detection, response and prevention gap.
A great example of this is an international gaming company that uses Tripwire Enterprise and HP ArcSight. As an on-line gaming company, they are more prone to compromises and potential breaches. To help monitor and protect critical assets from a potential beach, they maintain a maser list of over 5,000 known “bad” hashes that are harmful to their environment.
This list of 5,000 hashes was loaded into HP ArcSight. Changes and events of interest provided them with an understanding of what is going on in the environment. Tripwire Enterprise then sweeps the environment in real-time, monitoring for changes. When these changes occur, Tripwire Enterprise sends them back over to ArcSight to compare against the master “bad” hash list.
This seamless integration between Tripwire Enterprise and HP ArcSight helps this gaming company increase security and harden systems to ensure they gain the intelligence needed to protect against potential breaches. It allows them to focus on the important and potentially harmful hashes to the environment, giving them a jump start on distinguishing between data noise and serious threats.
Learn more about the TAP program and the joint solution we continuously innovate on with our ecosystem of security partners.
- Key Characteristics of Good Metrics – Comparing Your Security Organization
- Information Security Post-Snowden
- Privacy, National Security and Mass Surveillance: The Role of Crypto
- Defensive Cyberspace Operations and Intelligence
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].