Analysis of Missile Threat for Adaptive Closed-Loop ECM (1981)
Tripwire Adaptive Threat Protection
-
Upload
tripwire -
Category
Technology
-
view
418 -
download
3
Transcript of Tripwire Adaptive Threat Protection
2
Threat Landscape
85%
Percentage of breaches that could be prevented by
remediating known vulnerabilities
US-CERT
205Days
Average time to detect an advanced persistent threat
on a corporate networkMandiant
94%Percentage of unauthorized data access was through compromised servers Verizon DBIR
> 123Days
Days the average malicious data breach took to resolvePonemon
3
The Information Security LandscapeData data everywhere, and not a drop of context
Endpoint Configurations
Vulnerability Results
Threat Intelligence
Logs & Events
BIG D
ATA
4
Enterprise Cyberthreat Gap
Response GapTime between discovery to remediation to limit damage
Detection GapTime between actual breach and discovery
Prevention GapTime to put preventative
measures in place to avoid future attacks
Have we been breached?
Can we prevent this from happening
again?
How bad is it?
DETECTIONGAP
RESPONSEGAP
PREVENTIONGAP
5
Tough Challenge to Close the Cyberthreat Gap
Advanced attacks—harder to detect and faster compromises
Limited resources/time – need better prioritization, what is at risk? what do I fix first?
Limited context from fragmented tools — need high-confidence actionable information
6
Solution: Adaptive Threat Protection
Adaptive Threat
ProtectionEndpoint Intelligence
Vulnerability Intelligence
Threat Intelligence
Threat Analytics
Forensics
Zero-Day Detection
Threat Response
Log & Event Intelligence
8
Good changes
Bad changes
Agent-based “inside-out” visibility
File integrity monitoring
Device and application discovery
Web app vulnerabilities
Agent-less “outside-in”visibility
Vulnerability assessment
Balanced Proactive and Reactive Security Controls
9
Delivering Adaptive Threat Protection
The new integration between Tripwire IP360 and Tripwire Enterprise delivers the unique value of Adaptive Threat Protection:
Continuous analysis of an organization’s attack surface Continuous security control automation Significant reduction of overall cyberthreat risk
10
Manually configure Tripwire Enterprise monitoring based on outdated threat landscape
Detect and respond to threats, harden critical systems at risk, manually or through Tripwire Enterprise automation
Produce a PDF report; manually prioritize vulnerability results; handoff results to others
Scan your environment, find assets and vulnerabilities; limited results
The High Cost of Manual Effort
1Scan
2Report
3Combine
4React
Manuallycorrelate vulnerability
results to assets in Tripwire Enterprise
Other Vulnerability Management Solutions
11
Reduce the Threat Gap with Vulnerability Intelligence
Dynamically adapt Tripwire Enterprise monitoring based on the changing threat landscape
Detect and respond to threats, harden critical systems at risk, manually or through Tripwire Enterprise automation
Use factors such as the Tripwire IP360 score and risk matrix to prioritize vulnerability risk
Use Tripwire IP360 to comprehensively profile the assets for vulnerabilities and applications
1Profile
2Prioritize
3Adapt
4Respond
12
Summary
Accelerated Threat Responseby automatically applying Tripwire Enterprise policies and actions based on vulnerability intelligence.
Faster Threat Detection by automatically delivering prioritized vulnerability intelligence to Tripwire Enterprise.
Effective Threat Prevention
by automatically correlating vulnerability intelligence to business
context
DETECTIONGAP
RESPONSEGAP
PREVENTIONGAP
14
Advanced Threat Detection
Identify all changes to high value systems
Investigate each change, determine if it is suspicious
Kick-off an incident response workflow
15
Advanced Threat Detection
Investigate each change, determine if it is suspicious
Tripwire Enterprise customers are already doing this today
Threat Intelligence adds threat context to dramatically improve the efficiency of this step
16
Malware Identification – Identify known malware on assets with a Tripwire Enteprise agent through integration with threat intelligence partners
Identify Zero-Days and Unknown Threats – Identify zero days and previously unknown threats by ‘detonating’ executable files in partner sandboxes for analysis.
Monitoring for Peer, Community and Commercial IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from threat intelligence services
Threat Intelligence Integration Use Cases
17 TRIPWIRE PROPRIETARY & CONFIDENTIAL. NOT FOR DISTRIBUTION
Identify Known Malware
1 Identify files on critical assets 2 Send file hashes to
partner for analysis 3 Update controls based on identified malware
5478192379834875294759273497524933215151
!
Automated Threat Identification Real-Time File Monitoring Support for multiple
Threat Intelligence Vendors
Automates analysis Identifies known and
unknown threats
5478192379834875294759273497524931241542
18 TRIPWIRE PROPRIETARY & CONFIDENTIAL. NOT FOR DISTRIBUTION
Identify Zero Days and Suspicious Files
1 Identify suspicious files on critical assets 2 Send whole file for
‘detonation’ and analysis 3 Update controls based on identified threats
!
Automated Threat Identification Real-Time File Monitoring Support for multiple
Threat Intelligence Vendors
Automates analysis Identifies known and
unknown threats
19 TRIPWIRE PROPRIETARY & CONFIDENTIAL. NOT FOR DISTRIBUTION
Monitor for Indicators of Compromise
1 Obtain IoCs from Threat Intelligence vendor(s) 2 Import IoCs into Tripwire
Enterprise for monitoring 3 Update controls based on identified indicators
IoCs
!
Automated Threat Identification Real-Time File Monitoring Support for multiple
Threat Intelligence Vendors
Automates analysis Identifies known and
unknown threats
20
Open Threat Intelligence IntegrationEnabling zero-day and advanced threat detection and response
DETECTIONGAP
RESPONSEGAP
PREVENTIONGAP
21
Next Steps
Download the Vulnerability Intelligence Solution Brief and http://www.tripwire.com/free-tools-resources/
Request a Demo www.tripwire.com/register/tripwire-contact-sales
Learn more Tripwire IP360:
http://www.tripwire.com/it-security-software/enterprise-vulnerability-management/tripwire-ip360/
Tripwire Enterprise:http://www.tripwire.com/it-security-software/scm/tripwire-enterprise/