Ensuring Security and Compliance in a Data Deluge

Ensuring Security &

Compliance in a

Data Deluge

Expanding threat

landscape; more

cybercrime with

sophisticated

adversaries

Market is consolidating

and leaning on

strategic vendor

relationships to

reduce TCO

of existing solutions

Barriers To Success

Existing technology

isn’t providing

expected ROI,

is too expensive and

complex, and only

delivers data

Expanding threat

landscape; more

cybercrime with

sophisticated

adversaries

Market is consolidating

and leaning on

strategic vendor

relationships to

reduce TCO

of existing solutions

Barriers To Success

Existing technology

isn’t providing

expected ROI,

is too expensive and

complex, and only

delivers data

Don’t know what I don’t know

Too much data to sift through

Cost of being secure, compliant

and efficient is too high and labor

intensiveProve Compliance

Prevent Outages

Protect Sensitive Data

Don’t know what I don’t know

Too much data to sift through

Cost of being secure, compliant

and efficient is too high and labor

intensiveProve Compliance

Prevent Outages

Protect Sensitive Data

Too much data!

Source: Aberdeen Group

Budget Pressure

Unplanned Work

Longer MTTR

OPERATIONS

Branding

Shareholder Value

$$$$

SECURITY

Desir

ed S

tate

No Visibility

Drifting

High-risk

Temporary Success

Time

No Change Intelligence

No Security

Data Landfill

So What!

Raw Log Data

Detect ChangeGood & Bad

Report ChangeGood & Bad

The lack of compliance in PCI DSS Requirement 11 …. Knowing (not just recording) what is actually occurring

within networks and systems is …. critical.

2010

Raw Log Data

Event

Correlation

Event Alerts

Too Many Alerts Too Investigate

Miss Complex Scenarios

Were changes made?

Who made them?

Did they enable events?

FTP Enabled

Were changes made?

Who made them?

Did they enable events?

10 failed logins

FTP Enabled

Were changes made?

Who made them?

Did they enable events?

FTP event to foreign IP10 failed logins

FTP Enabled

Were changes made?

Who made them?

Did they enable events?

Login successful

FTP event to foreign IP10 failed logins

FTP Enabled

Were changes made?

Who made them?

Did they enable events?

Problem Discovery

Long time to discover breach

Problem Discovery

Raw Log Data

“We consistently find that nearly 90% of the time logs are available but discovery

[of breaches] via log analysis remains under 5% ”

2010

VISIBILITY

Across the entire

IT infrastructure

INTELLIGENCE

Enable better,

faster decisions

AUTOMATION

Reduce manual,

repetitive tasks

A Better Approach

Raw Log Data

Events of Interest!

change event

log event

Am I Secure? Is Policy Impacted?

Business as usual

Change windows

User ID

Multiple conditions

Auto-retest to policy

Close breach-to-discovery time gap

Immediate time-to-value

Exclusive to Tripwire!

Raw Log Data

Dynamic Policy Testing

Change Process Analysis

Reconcile to Authorization

Raw Log Data

• High Speed Log Archival• Google like Index• Fast Search • Intelligent Reporting

• Events of Interest• Structured Data • Complex Reporting• Data visualization

Normalization

& Correlation

5 failed logins

Logging turned off

Host not generating events

Windows event log cleared

Login successful

Policy test fails

Assess & Achieve

Maintain

Non-stop monitoring & collection

Dynamic analysis to find suspicious activities

Alert on impact to policy

Remediate options to speed remedy

Desir

ed S

tate

Time

Correlate to

Bad Changes

Correlate to

Suspicious Events

Tripwire is a leading global provider of

IT security and compliance automation

solutions that enable organizations to protect,

control and audit their entire IT infrastructure

Change, Breaches, Audits

and Outages Happen. TAKE CONTROL.

Answers For Your Questions