Post on 12-Apr-2017
Cybersecurity Overconfidence
Do You Really Know Yourself?
Ed SmithSr. Product Marketing ManagerVM ProductsTripwire
2
Warning
Photo Credit: BethAndWarren.com
3Photo Credit: Wikipedia
4Photo Credits: Wikipedia
5
The basics are boring, yet necessaryMost of us know this, but do we act accordingly?
6
7
Agenda
Are IT pros overconfident? What could be causing overconfidence? What can you do about it?
8
Unauthorized Devices
87% of finance respondents believe they can isolate or remove unauthorized devices within minutes or hours.
75% of finance respondents say they automatically discover 80% or less of the hardware assets on their networks.
9
Tracking Critical Details
ONLY 37% of finance respondents say their automated tools are able to identify locations, department and other critical details about unauthorized configuration changes to network devices.
10
Knowledge Gap?
11
Vulnerability Scanning
92% believe their vulnerability scans will alert of an unauthorized device within a few hours.
59% are unsure how long it actually takes.
12
Detecting Configuration Changes
82% believe it takes less than a few hours to detect configuration changes to a device on their network.
59% are unsure how long it actually takes
13
Unauthorized Assets and Changes
14
Unattended Vulnerabilities
of vulnerabilities are not fixed within 30 days.
15
Patch Success Rate
40% of financial respondents said that fewer than 80 percent of patches succeed in a typical patch cycle.
16
Centralized Logging
One-third DO NOT log appropriately to a centralized system
17
Unauthorized Access
29%do not detect every attempt by users without appropriate privileges who try to access files on local systems or network-accessible file shares.
18
19
Situational AwarenessWhat Kind of Organization Are You?
Public, Private, Government, Non-profit Industry Regulatory Compliance High or low tech Supply chain and partners Locations
20
The Security Maturity Model
Download the EDR for Dummies book from www.tripwire.com
21
Challenges to Knowing Yourself
Limited visibility to identify devices and changes
Missing key information
Limited resources
22
Doing the (not-so-boring) BasicsDiscovery, Vulnerability Assessment & Configuration Assessment
Continuously Know What Assets are on Your Network• Find unauthorized devices and applications to disable them• Remove or disable rogue or risky assets
Fix What Attackers are Targeting• Prioritize based on ease of attack, exploit-kit availability, potential impact• Identify changes associated with high-risk vulnerabilities and applications
Leverage Integrations to Automate Workflows• Capture and share tribal knowledge• Automate actions to increase efficiency and reduce error
23
Summary
• Understand what you have• You can’t manage what you can’t see• It’s less expensive to be proactive
24
Fighting the 1,000 Battles
tripwire.com | @TripwireInc