TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Transcription

1 SOLUTION BRIEF TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED CONTROLS..: Tripwire security controls capture activity data from monitored assets no matter if you rely on physical, virtual, or cloud-based IT infrastructure. The Tripwire VIA platform provides the information you need to evaluate risk to your infrastructure and protect your sensitive data, all from a central, intuitive user interface..:. Cyber threats continue to grow, with attacks occurring more frequently and targeting valuable and sensitive data such as intellectual property, health and financial records, and more. Recent attacks on Sony, the IMF, Citibank, Lockheed Martin, the CIA and RSA are proof of this trend. In addition, enterprise IT infrastructure has more servers and devices than ever, with organizations relying on a combination of virtual, physical and cloud environments. While organizations often have preventive, detective and corrective security controls, rarely are they effectively integrated with each other. They re also being used to protect a security perimeter that is now more porous than ever. As a result, continuously managing these controls in the traditional, non-integrated way has become ineffective, timeconsuming and expensive. Something has to change. The modern enterprise requires a new defense paradigm to protect their business from security threats. Not perimeter-based, but data-centric, and that can readily combine key information from multiple critical security controls to easily identify risks and threats and protect critical infrastructure and sensitive data. This new paradigm must also streamline and simplify the job of managing the data these controls generate. Tripwire VIA, an integration platform for your critical security controls, provides this much-needed new approach. THE TRIPWIRE VIA PLATFORM PROACTIVE AND CONTINUOUS DATA PROTECTION The Tripwire VIA platform changes the way organizations protect their critical data by combining protective, detective and corrective controls to prevent

2 breaches from occurring, detect threats as they arise, and correct settings that introduce security risk or non-compliance. By integrating protective security controls and continuous monitoring across those controls, the Tripwire VIA platform lets you combine, view and act on the valuable data your controls provide in new ways that improve security and ensure continuous compliance. But it provides much more. The platform also: Helps you manage monitored assets more intuitively and in the context you need for example, by risk level, geographic location, and business unit. Includes proprietary Tripwire security content that immediately protects against the most common attacks by hardening configurations and identifying suspicious behavior. Lets you use data from the various controls for analytics and reporting in Tripwire dashboards and reports, third party reporting or business intelligence tools. Unifies security control through automated workflows to address key IT security needs for example, correlating change and security event data to highlight events of interest. CONTROLS IN THE TRIPWIRE VIA PLATFORM Numerous industry sources like the SANS Institute and the National Institute for Standards and Technology (NIST) voice the need for critical controls to protect sensitive data. They have even defined the critical security controls required to protect your organization. The Tripwire VIA platform offers three of these foundational security controls security configuration management (SCM), file integrity monitoring (FIM), and log management along with other important Security Incidents on the Rise, Current Use of Controls Ineffective It s not a matter of if, but when an organization will be attacked. The organizations researched experienced 50 successful attacks per week, and more than one successful attack per company per week. Collectively, over 80 percent of the organizations experienced a data breach in the past year. (Source: Second Annual Cost of Cybercrime Study by Ponemon Institute, released August 2011). From 2005 to 2010, 787 million records were stolen in security incidents. By mid-2011, 127 million more records had already been stolen in 369 incidents. (Source: Open Security Foundation DataLoss DB Year-to-Date Report updated July 21, 2011, from In 2010, 87 percent of organizations had evidence of a breach in their log files that went unnoticed. (Source: Verizon 2011 Data Breach Investigations Report) security controls like security information and event management (SIEM) and automated configuration remediation. It offers these controls through two industry-trusted solutions: Tripwire Enterprise and Tripwire Log Center. Policy Management File Integrity Monitoring PLATFORM LAYER CONTROLS Security Configuration Management Configuration Remediation Tripwire Enterprise, a complete SCM product suite, prevents data compromise by reducing the attack surface through security hardening of IT systems. Tripwire Enterprise includes Tripwire s Policy Manager, File Integrity Manager and Remediation Manager to Content Context Analytics Workflow API LAYER AGENT LAYER..: FIG. 1 Tripwire VIA platform layers, controls and components. Log and Event Management Log Management SIEM

3 TRIPWIRE VIA PLATFORM COMPONENTS Component Type Explanation For Example Content Context Analytics Workflow Rules and policy libraries that help harden systems, detect malicious activity and meet compliance requirements. Tools that enable users to see activity data, assets and other relevant security items in a big picture view. Tools that support business decision making by using data provided by security controls. Tools that enable solutions to communicate with each other to support activities like sharing data. Cybercrime Controls. Select, foundational set of Tripwire proprietary security content that protects against the most common types of attacks on servers, and hardens systems based on industry-recognized IT security sources such as the Center for Internet Security. Regularly updated and expanded, and available as a customer download. Events of Interest. Change data and security data alone can give some indication of threats to security. But by integrating and correlating Tripwire FIM and SCM with Tripwire SIEM through the Tripwire VIA platform, you can see what change and events occurred around one or more security events or vice versa to more definitively identify, prioritize and investigate events of interest. Tripwire VIA Configuration Data Mart. Currently, there s no standard way to collect and consolidate data from controls for easy use in third-party tools for business decision making. The Configuration Data Mart collects configuration data in a standard way so it can be used with Tripwire reports and dashboards as well as with third-party reporting, business intelligence and analysis tools. Integrations and APIs. Tripwire VIA provides an extensible platform for integrating a variety of security controls as well as third party business intelligence and reporting tools. For example, the Event Integration Framework enables SIEM solution data to be easily viewed within the context of industry-recognized change data generated by Tripwire Enterprise...: FIG. 2 Tripwire VIA helps you get more value from your security controls through centralized security content, context, analytics and workflow components. rapidly achieve and maintain a foundational state of security throughout your IT infrastructure. Tripwire Log Center combines log and SIEM capabilities in a single product suite to help you respond to IT security threats in real time and provide you with forensic evidence to investigate a breach. With Tripwire VIA, you can integrate, automate, and centrally manage the following foundational security controls: Tripwire Policy Manager. Policy Manager hardens configurations by assessing them against government and industry regulations and standards, as well as internal security policies. Tripwire offers the most extensive security and compliance policy library in the industry and ensures you have the most up-todate policy protection for your critical configurations. Tripwire File Integrity Manager. Tripwire s best-of-breed FIM solution establishes a known and trusted state baseline for all monitored IT assets in heterogeneous IT environments. It then detects all changes to these assets in real time, determining if the change introduces risk, is unauthorized or unexpected, or impacts compliance status. File Integrity Manager captures who, what, where and when details of each change with minimal performance impact. Tripwire Remediation Manager. Remediation Manager automatically returns a configuration to a known and trusted state. It also supports review workflows to ensure that remediation is requested, approved and implemented according to your policies. Tripwire Log Management. Tripwire s log management solution efficiently captures and stores activity data from your IT assets, including servers, devices and applications. Because it stores this data in a highly searchable format, organizations have an audit trail for forensic investigation and proof of compliance. Activity data can also be THE SIMPLE NATURE OF MOST SUCCESSFUL ATTACKS.:. Many of today s successful attacks could have been easily prevented. The Verizon 2011 Data Breach Investigations Report noted that 92 percent of all successful attacks investigated were not highly difficult, and 96 percent could have been prevented with only simple or intermediate controls properly implemented..:.

4 combined with other critical event data for more effective incident management. Tripwire Security Information and Event Management (SIEM). Tripwire SIEM immediately detects and alerts IT to security events of interest occurring across firewalls, intrusion detection systems, vulnerability scans and more. With Tripwire VIA, even SIEM event data from 3 rd -party tools can be correlated with FIM change data and SCM state/policy data to help identify suspicious activity. PRE- AND POST-INCIDENT PROTECTION WITH TRIPWIRE VIA Tripwire VIA protects the infrastructure before an incident occurs and helps you recover, should you experience one through visibility, intelligence and automation. Security dashboards reveal settings that need remediation and the Tripwire VIA Asset View lets you quickly view your assets in whatever context you need both examples of how Tripwire VIA provides unmatched visibility to security-related activity across the infrastructure. The platform also provides the intelligence you need to defend against attacks and detect breaches before they cause significant damage. For example, with policies that harden critical configurations, Cybercrime Controls that automatically detect specific breach methodologies and malicious activity, and change intelligence from ChangeIQ that helps you focus on the changes that pose the biggest security threats. Automation underlies these capabilities, enabling security professionals to realistically and effectively manage the volume of activity that occurs across the infrastructure every day. For example, Remediation Manager automatically returns configurations to a known and trusted state, Tripwire FIM generates alerts when it detects a suspicious change, and Hyperlogging immediately detects disabled logging on critical assets and within seconds automatically re-enables it. And if you do experience an incident, Tripwire helps you quickly recover before significant damage can occur. With automated reports and dashboards, you can see what s happening now, but you also have proof of past activity for audits and forensic investigations. UNPRECEDENTED DATA PROTECTION WITH THE VIA PLATFORM The sheer number of attacks and records stolen in the last year points to the need for a new approach for protecting your sensitive data and critical infrastructure. The Tripwire VIA platform meets that need with visibility, intelligence and automation. By integrating and automating your critical security controls, Tripwire VIA provides unprecendented data and infrastructure protection. Reduce the attack surface of your infrastructure, detect security threats and risk, and quickly respond to events before suffering financial and brand damage. More integrated, more automated it s a new way to take control. HIPAA WHITE PAPER HIPAA WHITE PAPER HIPAA WHITE PAPER Repurpose callout from TEPB directing readers to additional pieces (TEPB, TLCPB, Report Catalog, LOOKING FOR ADDITIONAL INFORMATION? VISIT TRIPWIRE.COM/VIA etc. HIPAA PROVISIONS ECURITY INSIDER BASEL II SYSTEM MiFID SECUR REACHES COBIT INSIDER ISO27001 SYSTEM GLBA ERC INSIDER ECURITY SOX FAILED AUDITS INSIDER INSIDER BASEL II SYSTEM VIOL MiFID SECUR ONS BASEL REACHES II SYSTEM COBIT INSIDER MiFID COBIT INSIDER ISO27001 AUDITS SYSTEM GLBA VIOLATIO O27001 SYSTEM ERC INSIDER GLBA SOX FAILED AUDITS INSIDER SOX FAILED INSIDER AUDITS BASE VIOL YSTEM ONS BASEL MiFID II SYSTEM MiFID COBIT INSIDER COBIT FAILED FAILED INSIDER AUDITS AUDITS AUDITS BASEL II SYSTEM SYST VIOLATIO MiFID SECUR UTAGES GLBA O27001 SYSTEM COBIT GLBA INSIDER SOX FAILED AUDITS INSIDER SOX BASEL ISO27001 II SYSTEM MiGLBA BASE ECURITY YSTEM COBIT ERC INSIDER MiFID SOX FAILED COBIT AUDITS INSIDER FAILED AUDITS ISO27001 INSIDER SYSTEM FAILED GLBA SECUR AUDITS SYST VIOL REACHES UTAGES INSIDER GLBA ONS BASEL SOX II SYSTEM FAILED AUDITS INSIDER MiFID SOX COBIT BASEL INSIDER II SYSTEM MiFID FAILED BASEL AUDITS II SYSTEM Mi VIOLATIO OBIT INSIDER ECURITY O27001 FAILED COBIT SYSTEM AUDITS INSIDER GLBA FAILED AUDITS INSIDER SYSTEM SOX GLBA ISO27001 FAILED AUDITS SYSTEM NEGLBA SECUR BASE SIDER REACHES FAILED YSTEM INSIDER AUDITS MiFID SOX FAILED AUDITS BASEL COBIT INSIDER II SYSTEM MiFID BASEL FAILED II SYSTEM AUDITS MiFID COBIT INSID SYST HREATS OBIT FAILED INSIDER AUDITS UTAGES GLBA FAILED AUDITS ISO27001 INSIDER SYSTEM SOX GLBA FAILED AUDITS SYSTEM INSIDER GLBA BASEL S II SYSTEM NE Mi AILED AUDITS SIDER ECURITY FAILED AUDITS COBIT INSIDER INSIDER FAILED AUDITS BASEL AUDITS II SYSTEM MiFID BASEL ISO27001 II SYSTEM SYSTEM OUTAGCOBIT INSID GLBA SECUR FID HREATS FAILED REACHES COBIT AUDITS INSIDER INSIDER FAILED SOX ISO27001 AUDITS SYSTEM GLBA ISO27001 BASEL II SYSTEM INSIDER GL MiFID S ECURITY AILED AUDITS OBIT INSIDER SOX FAILED INSIDER AUDITS AUDITS BASEL II SYSTEM SYSTEM MiFID BASEL SECUR GLBA II SYSTEM OUTAG NE REACHES COBIT FID INSIDER SIDER COBIT FAILED INSIDER AUDITS FAILED AUDITS BASEL SYSTEM II SYSTEM GLBA ISO27001 MiFID SYSTEM GL COBIT INSID ERC INSIDER ECURITY SOX HREATS FAILED INSIDER AUDITS SOX FAILED AUDITS BASEL ISO27001 II SYSTEM SYSTEM MiFID BASEL GLBA II SYSTEM COBIT MiFID INSIDER SECUR S DER REACHES COBIT INSIDER AUDITS AUDITS ISO27001 INSIDER SYSTEM FAILED GLBA AUDITS SYSTEM GLBA INSIDBASEL II SYSTEM OUTAG HREATS SOX ERC FAILED INSIDER AUDITS FID SOX FAILED AUDITS COBIT INSIDER BASEL II SYSTEM FAILED BASEL MiFID AUDITS II SYSTEM MiFID COBIT INSIDER ISO27001 THREA SYSTEM COBIT GL DCC DER ECURITY AUDITS INSIDER SYSTEM SOX FAILED GLBA ISO27001 AUDITS SYSTEM GLBA BASEL II SYSTEM INSID MiFID SECUR HREATS SOX REACHES COBIT INSIDER BASEL AUDITS II SYSTEM MiFID SYSTEM COBIT INSIDER GLBA THREA DCC ERC INSIDER SOX SYSTEM GLBA BASEL II SYSTEM MiFID COBIT DER AUDITS ISO27001 SYSTEM GLBA INSID HREATS SOX BASEL II SYSTEM MiFID COBIT INSIDER THREA DCC SYSTEM GLBA IT AND COMPLIANCE AUTOMATION SOLUTIONS HIPAA PROVISIONS IT AND COMPLIANCE AUTOMATION SOLUTIONS HIPAA PROVISIONS IT AND COMPLIANCE AUTOMATION SOLUTIONS Tripwire VIA products brochure Tripwire Enterprise product brief Tripwire Log Center product brief

5 ..: Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses, government agencies, and service providers take control of their physical, virtual, and cloud infrastructure. Thousands of customers rely on Tripwire s integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire VIA, the integrated compliance and security software platform, delivers best-of-breed file integrity, policy compliance and log and event management solutions, paving the way for organizations to proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation. :. LEARN MORE AT ON TWITTER Tripwire, Inc. Tripwire, VIA and ChangeIQ are trademarks of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. xxxxxxx1a 201X/XX