10 Steps to Better Security Incident Detection

Like this? Share it with your network


10 Steps to Better Security Incident Detection

Uploaded on

* Why many organizations don’t successfully detect security breaches ...

* Why many organizations don’t successfully detect security breaches
* How to best use existing security information and event management and log management tools
* Other sources, including external ones, that can provide early indicators of a security breach
* How to maximize the security resources you already have
Watch the webcast here: http://www.tripwire.com/register/10-steps-to-better-security-incident-detection/

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 649

http://www.tripwire.com 590
https://twitter.com 45
http://webstage.tripwire.com 9
http://tweetedtimes.com 3
http://bp_cms 1
http://webcache.googleusercontent.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • The three certainties with regards to information securityDeath and TaxesYou will have an incident.How you respond to an incident will have a direct influence on the impact that incident may have to your costs, reputation and ability to conduct business.
  • [T]here are known knowns; there are things we know we know.We also know there are known unknowns; that is to say we know there are some things we do not know.But there are also unknown unknowns – there are things we do not know we don’t know.
  • IT Manager Updating Their CVInvariably IT get blamed for either letting the incident happen in the first place or for not responding appropriately
  • More solutions do not necessarily guarantee you are secure.Neither does more standards such as ISO 27001 or PCI DSS. Yes they will make your security more efficient and better, but you still will at some stage suffer a breach.
  • Improved Response provides;Positive Security PostureIncidents Dealt with Quickly, Efficiently and EffectivelyRapid and Accurate Assessment of IncidentsChoosing Most Appropriate Response.Shortened Recovery Times.Minimised Business Disruption.Confidence to Proceed with a Court Case.Regulatory and Legal Compliance.Potential Reduction in Incidents.Accurate Reporting and Metrics
  • Tripwire Strategy – To deliver the world’s best software suite of integrated security controls to help global enterprises protect their critical data & infrastructure.
  • Tripwire VIA delivers an integrated IT security framework to proactively and continuously protect critical data and infrastructure. The VIA platform offers components that build on your integrated controls to:Provide proprietary security and policy content to protect against the most common attacks.Let you manage monitored assets more intuitively and in business context.Let you use data from the various controls for analytics and reporting in Tripwire and third party tools.Combine security controls through automated workflows that address key IT security needs.The Tripwire VIA platform:Provides you with business-aligned leading indicators of riskCombines protective security controls that harden systems against compromise and detective security controls that continuously monitor systems for threats, risks and non-compliance. Integrates data from both protective and detective controls that adds a layer of contextual intelligence to detect incident that may cause undesired risk to the organization.Continuously monitors for system integrity, unauthorized changes, security vulnerabilities and incidents and non-compliance across the virtual, physical and cloud infrastructure to ensure security defenses are maintainedEnsures organizations that their critical security controls provide continuous protection, mitigate the risks of cyber threats and delivers business context across assets, business services, policies, data types and risks.ContentIntegrated content for security hardening and continuous monitoring to protect your critical data and mitigate risks. Leading enterprise organizations rely on this content to automatically identify and fix weaknesses in their cyber defenses and detect when someone has tampered with systems.ContextThe Tripwire VIA platform is designed to turn the massive amounts of data your critical security controls produce into information you can use to protect your data and infrastructure. It also lets you add business context to your monitored assets. Tripwire VIA identifies and alerts on suspicious and unexpected events and places them in context of your assets, business services and risk profiles.AnalyticsEasily use data from controls in dashboards and a variety of analysis and reporting tools, add it to data marts, and correlate data from multiple controls to identify security threats, trends and status.WorkflowThe Tripwire VIA platform delivers built-in workflows so you can quickly implement and integrate your critical security controls in ways that turn the data they provide into information that helps you improve security.


  • 1. 10 Steps to Better Security Incident Detection
  • 2. 10 Steps to Better Security Incident Detection
  • 3.   
  • 4. Helping You Piece IT Together 10 Steps to Better Security Incident Detection http://www.bhconsulting.ie info@bhconsulting.ie
  • 5. Infosec Certainties
  • 6. Systems Under Constant Threat
  • 7. Threats Are Evolving
  • 8. Resurgence of Hacktivism WE DO NOT FORGIVE. WE DO NOT FORGET. EXPECT US
  • 9. Traditional IT Security
  • 10. Breach Detection 8% Detected by 3rd Party Detected by Org 92% Source: Verizon DBIR 2012
  • 11. Time To Discover Breach 15% More than 1 Week Less than 1 Week 85% Source: Verizon DBIR 2012
  • 12. Avoidable? 3% Avoidable Using Simple Controls Not avoidable 97% Source: Verizon DBIR 2012
  • 13. Difficulty 4% Not Difficult Difficult 96% Source: Verizon DBIR 2012
  • 14. Examples of Bad IR
  • 15. Why Are We Bad in Detecting Incidents?
  • 16. Are Tools Fit For Purpose?
  • 17. Volume of Information
  • 18. Drowning In Data
  • 19. The Rumsfeld Effect
  • 20. Results in You In Line Of Fire
  • 21. So …
  • 22. Improving Incident Response
  • 23. Detect Incidents Early
  • 24. (1) Understand Your Business
  • 25. (2) Analyze Network Patterns
  • 26. (3) Segment Your Information
  • 27. (4) Harden Systems
  • 28. (5) Monitor Logs
  • 29. (6) Use Security Tools
  • 30. (7) Train Staff & Partners
  • 31. (8) Use Open Source Data
  • 32. (9) Set Traps
  • 33. (10) Share with Peers
  • 34. More Information  White Paper: “10 Steps for Early Incident Detection”  Available Online In the Resources Section on Tripwire Inc.’s website. http://www.tripwire.com/data-security/
  • 35. Questions ?