Big data lakes should be populated with big fish. IT (and OT) staff are tasked with “fishing,” or in this case, splunking data lakes for evidence. They are looking to report and visualize evidence of operational faults, evidence of compliance and evidence of nefarious activities. They are looking to catch the bad guys and the bad things by looking at the evidence in the big data.
Quite often there is difficulty in populating this data lake and then in making sure it’s properly stocked with the most important events of interest. In my latest webinar, we look at this through the lens of Tripwire’s integrations and apps for Splunk Enterprise.
In the first part of the presentation, we talk about the need for valuable data being placed into your data lake. Data is oftentimes rated on a seven “V” scale where you want to minimize volume, velocity, variability and variety while maximizing veracity, value and visualization.
We talk about how Tripwire Enterprise data is very low volume and velocity, as well as very high value. What the Tripwire Enterprise App for Splunk Enterprise brings is a frictionless and free way to capture this data where Splunk can visualize it.
In the second part of our fishing trip, we look at a malware scenario not unlike the recent WannaCry and Petya ransomware attacks. Stop me if you know how this goes, but it starts with an e-mail… At Tripwire, we – and our customers – know that thwarting such an attack isn’t about the latest AV or next-gen EDR. While those technologies are nice, they aren’t foundational.
With Tripwire IP360 you are identifying the hardware and software assets that are vulnerable to attack. By using the Tripwire IP360 App for Splunk Enterprise, you bring that information in a platform of visualization, so you can prioritize your remediation efforts.
In the third part, we briefly discuss Tripwire Log Center (TLC), Tripwire’s agent-based log collector and correlation system. The elephant that just stepped into the room is the idea that this technology competes with Splunk. And while that might be the case in some limited contexts, these two technologies are more complementary than competitive.
The TLC advanced log collector for both Windows and Linux acts as a “last mile” for plopping security events right into your Splunk data lake like those nifty “salmon cannons” shooting fish unharmed and frisky over dams. Collected data is analyzed and filtered, so only actionable and relevant events are sent to IT security teams or forwarded to a SIEM.
In the last part of the presentation, we talk about actionable intelligence and Splunk’s Adaptive Response Initiative, and how our apps were built with the security nerve center in mind.
With pre-built pivots into both Tripwire Enterprise and Tripwire IP360, incident investigators can quickly enrich themselves on the security intelligence from Tripwire. And when it comes to responding by removing threats dwelling in your environment, Tripwire Enterprise can do that; it’s a simple action.
For Tripwire, the answer is simple: foundational controls. Advanced security measures like adaptive response aren’t where most organizations are at on the maturity curve. That’s why we are equipping our customers, technology partners and independent labs with the building blocks of file integrity monitoring, configuration management, asset discovery, vulnerability management and log collection with enhanced capabilities, and services designed for private and public cloud hybrid environments.
To find out more, please watch the recording of the webinar below.