the emergence of enterprise security intelligence
DESCRIPTION
Enterprise Security Intelligence (ESI) is defined as an emerging concept that is a comprehensive and holistic alternative to traditional disjointed security approaches that will enable stronger enterprise-wide security, optimal decision making and better business results. Tripwire’s CTO Dwayne Melançon discusses: -Enterprise Security Intelligence concept and how to utilize it in your security efforts -Practical tips for leveraging security intelligence and how it fits with Tripwire’s System State Intelligence -How Tripwire provides an integrated solution that allows customers to look at security events with business context and detect an insecure system The full webcast can be found here: http://www.tripwire.com/register/the-emergence-of-enterprise-security-intelligence-amer/TRANSCRIPT
![Page 1: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/1.jpg)
5 Tips for LeveragingEnterprise Security Intelligence
DWAYNE MELANÇON & CINDY VALLADARES
![Page 2: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/2.jpg)
5 Tips for LeveragingEnterprise Security Intelligence
DWAYNE MELANÇON & CINDY VALLADARES
April 2013
![Page 3: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/3.jpg)
TODAY’S SPEAKERS
Dwayne Melançon
Chief Technology Officer
@ThatDwayne
Cindy Valladares
Sr. Manager Corporate Communications
@cindyv
![Page 4: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/4.jpg)
4
Enterprise Security IntelligenceFrom the Gartner Files
Emerging as a comprehensive and holistic alternative to traditional disjointed security approaches that will enable stronger security enterprise-wide, optimal decision-making and better business results
![Page 5: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/5.jpg)
5
Benefits of Enterprise Security Intelligence
Higher accuracy of security vulnerability detection, remediation and protection based on technology interaction and correlation
Better correlation and impact analysis across all sources of security information
Detailed understanding of enterprise security Improved decision making
![Page 6: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/6.jpg)
1. UNDERSTAND YOUR ORGANIZATION’S RISK APPETITE
2. PRIORITIZE BASED ON HIGHEST RISK & IMPACT
3. ADD CONTEXT TO YOUR INCIDENT DETECTION
4. ESTABLISH KEY SECURITY INDICATORS
5. MEASURE PROGRESS AND COMMUNICATE RESULTS
5 TIPS FOR LEVERAGING
ENTERPRISE SECURITY INTELLIGENCE
![Page 7: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/7.jpg)
7
#1: Understand Organization’s Risk Appetite
![Page 8: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/8.jpg)
8
Pyramid of Pain
![Page 9: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/9.jpg)
9
#2: Prioritize Based on Highest Risk & Impact
Apply risk ranking/scoring methods Better utilization of resources Prioritize security threats Be proactive about security
![Page 10: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/10.jpg)
10
Aligned With Security Policy
![Page 11: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/11.jpg)
11
#3: Add Context to Your Incident Detection
System State Intelligence Provides full awareness of the state of your systems Anchors your system to a ‘known and trusted state’ Monitors continuously for changes and deviations Uses that awareness to detect suspicious events Enables security context and prioritization Know the security state of your systems
![Page 12: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/12.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
SYSTEM STATE INTELLIGENCE
SYSTEM STATEINTELLIGENCE
12
Asset ViewTripwire
Enterprise
Log / Event
Correlation Engine
![Page 13: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/13.jpg)
IT SECURITY & COMPLIANCE AUTOMATION
SYSTEM STATE INTELLIGENCE
SYSTEM STATEINTELLIGENCE
SIEMPLATFORMS
(ArcSight)
GRCSOLUTIONS
(Archer)
CHANGEMANAGEMENT
(Remedy)
13
CMDBAsset Management
Identity
3rd PartySecurity Controls
Asset ViewTripwire
Enterprise
Log / Event
Correlation Engine
![Page 14: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/14.jpg)
14
What About SIEM Alone?
““Most end users believe the [SIEM] technology is at best a hassle and at worst an abject failure. SIEM is widely regarded as too complex, and too slow to implement, without providing enough customer value to justify the investment.”
![Page 15: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/15.jpg)
15
Event Integration Framework Process
![Page 16: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/16.jpg)
16
#4: Establish Key Security Indicators
Visualize risk, policy scoring and trends Combine data from multiple controls Make your security efforts visible, measurable and
accountable
![Page 17: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/17.jpg)
17
Effective Metrics Guidance
Must align to the goals of the business Measure only what you can control Use quantitative, not qualitative data Don’t over research – collection and analytics should not be
complicated Show trends analysis Drive discussion, decisions, and actions Promote healthy competition
![Page 18: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/18.jpg)
18
Examples Of Metrics That Work
Leading or Preparatory Indicators: Intended to drive proactive behaviour and habits
Intended to identify and measure precursors of risk or vulnerability
Configuration Quality: % of configurations compliant with target security standards (risk-aligned)
i.e. >95% in Critical; >75% in Medium
% of unauthorised or undocumented changes
patch compliance by target area based on risk level
i.e. % of systems patched within 72 hours for Critical;
…within 1 week for Medium, etc.
![Page 19: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/19.jpg)
19
Examples Of Metrics That Work
Lagging or Operational Indicators Intended to measure effectiveness of operational controls
Intended to drive improved efficiency & effectiveness
Control effectiveness: % of incidents detected by an automated control
% of incidents resulting in loss
mean time to discover security incidents
% of changes that followed change process
% of incidents detected by each control or process
![Page 20: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/20.jpg)
20
Examples Of Metrics That Work
Program Effectiveness Intended to track and measure non-technical aspects of security efforts
Security program progress: % of staff (by business area) completing security training
average scores (by business area) for security recall test
% of employees (by business area) who responded to “phishing tests”
![Page 21: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/21.jpg)
21
Some Caveats
Keep things manageable Short lists, small numbers, primary colors
Beware of False Flags Is cost a primary measure of security effectiveness?
Don’t sign somebody else’s deal Can you control what you’re being measured against?
![Page 22: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/22.jpg)
22
#5: Measure Progress & Communicate Results
Continuously monitor Nobody can afford 100% secure – cover based on risk Aim for a balanced approach to security
![Page 23: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/23.jpg)
Report On Status & Progress vs. Goals
![Page 24: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/24.jpg)
24
Compare Various Business Units
![Page 25: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/25.jpg)
25
Tripwire Newsletter FeaturingComplimentary Gartner Research
How System State Intelligence fits into Enterprise Security Intelligence
How Tripwire solutions add business context and detect incidents early
http://gtnr.it/129rpPW
![Page 26: The Emergence of Enterprise Security Intelligence](https://reader033.vdocuments.us/reader033/viewer/2022061221/54bfbf934a7959db668b4572/html5/thumbnails/26.jpg)
tripwire.com | @TripwireInc
DWAYNE MELANÇON -- @THATDWAYNE
CINDY VALLADARES -- @CINDYV
THANK YOU