Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Supercharging SIEM with Change & Configuration Data
Upcoming SlideShare
Loading in …5
×

Supercharging SIEM with Change & Configuration Data

954
-1

Published on

Most organizations capture log data that could indicate a breach occurred. Yet not a single breach investigated in the Verizon 2011 Data Breach Investigation Report was detected through log analysis or review. Learn how adding Tripwire Enterprise change and configuration data makes all the difference in detecting critical events.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
954
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • More organizations have deployed more compliance and security tools and are capturing and analyzing more data than ever.Unfortunately, they are not getting stellar results as noted in the Verizon 2011 Data Breach Report.Each year we learn that—even with more data being captured—the number of attacks increases, most organizations had to have a 3rd party tell them they had been hacked, and the resulting breaches were avoidable through simple controls.What was so interesting and new in the 2011 report was the fact that “ZERO” breaches were discovered through log analysis or review!!!
  • In other words, Log management and SIEM solutions did not deliver on the promise of
  • TZ: Ed, what exactly is this “data deluge problem?’Ed: Over the last several years many organizations have put collection systems in place to meet PCI requirements. They put in log management and FIM along with other security tools. And they have been collecting a ton of data ever since. So they have plenty of data to meet compliance requirements. But the problem is they have too much data for it to be useful. And it is almost impossible to quickly know if any of the data is indicating a security issue. It’s like trying to find a single land-mine in a massive land-fill before it goes off and caused damage.TZ (to transition to next): and this here is some data to show what the “deluge” actually means in terms of volume.
  • ER: The cost of this time delay is enormous.These organizations not only suffer monetarily, their “mojo” is also badly damaged.They loose shareholder trust and value.Their name remains in the press and presentation like this for a very long time.TZ (to transition to next slide): Going back to our title which is about ensuring security and compliance in light of this vast sea of data, we at Tripwire offer a Pragmatic approach to compliance and security. Let’s spend a moment talking about what that means.
  • ER: The cost of this time delay is enormous.These organizations not only suffer monetarily, their “mojo” is also badly damaged.They loose shareholder trust and value.Their name remains in the press and presentation like this for a very long time.TZ (to transition to next slide): Going back to our title which is about ensuring security and compliance in light of this vast sea of data, we at Tripwire offer a Pragmatic approach to compliance and security. Let’s spend a moment talking about what that means.
  • Having tools in place that just capture the things that are changing does not help close the time gap problem.Capturing data is NOT the same as knowing when something BAD is happening.And isolating the bad from the good is what is needed to make it possible to find and fix bad events within minutes of them happening.
  • Event Integration Framework benefits:Aggregate change data based on criticalityCan integrate a single criticality level into a single log messageEIF reports “who” made the changeReports on patterns of compliance (change reduces compliance level of a box then report it – not just in or out of a compliant state)
  • Event Integration Framework benefits:Aggregate change data based on criticalityCan integrate a single criticality level into a single log messageEIF reports “who” made the changeReports on patterns of compliance (change reduces compliance level of a box then report it – not just in or out of a compliant state)
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×