Vulnerability Voodoo and the Convergence of Foundational Security Controls


Published on

In this, our final webcast of 2013, we’ll show you how Vulnerability Management at “The New Tripwire” benefits you and your organization and how an intelligent approach to performance reporting and visualization enables better business decisions.

Charles Kolodgy, Research Vice President for IDC's Security Products service, and Edward Smith, Product Marketing Manager at Tripwire discuss:

- Integrating Vulnerability Management with other security controls to improve compliance and security posture

- Leveraging Vulnerability Management beyond the server room to reduce risk across the entire enterprise

- Combining business intelligence from Vulnerability Management with other security controls to make better business decisions

A recording of the webcast that accompanies this slide deck can be found here:

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Hello and welcome, I’m Edward Smith Product Marketing Manager for Vulnerability Management solutions at Tripwire.Before we begin, I’d like to go over a couple of housekeeping items:Make sure you have your volume turned up on your computer. If you have questions, you may submit them at any time in the “Questions” tab. We will be doing a Q & A at the end of the presentation.Please rate today’s webcast, in the “Ratings” section. Your feedback is valuable to us.Lastly, I will be sending out a link to the recorded webcast, following the live event, so you can listen again and pass on to colleagues.Before we begin our featured presentation, I’d like to provide a quick update on what’s new at Tripwire now that we’ve completed our acquisition of nCircle…
  • With the acquisition of nCircle, Tripwire affirms its position as the leading provider of risk-based security and compliance management solutions. Tripwire enables enterprises to effectively align security initiatives with the objectives of the business (connect security to the business). We achieve that by:*Providing the broadest set of foundational security controls (FIM, SCM, VM, log and event management)*Providing business context to the IT assets and prioritizing based on risk scoring*Providing security intelligence with the combination of performance reporting and security visualization that allows security professionals to make better and more informed decisions*Covering the entire enterprise: critical assets and less important ones; on-premise and on the cloud; agent and agentless
  • We have found that the 20 Critical Security Controls are a practical way to deploy and enforce security policies.With the acquisition of nCircle, Tripwire is now able to fully support the first four on this list.We also provide additional support for ten other controls
  • Tripwire delivers foundational security controls for the enterprise.For all your assets: servers that hold your most critical data to information that your business partners holdTripwire provides options on the frequency of your security monitoring: continuous for your critical assets, periodic for your entire IT infrastructureAnd allows organizations to choose how they would like to deploy it, based on the number of devices in the enterprise
  • Tripwire product portfolio provides a layer of analytics, reporting and visualization on top of our foundational security controls (SCM, VM, LM, FIM). We offer our customers the choice of agent (most critical assets), agentless (expanding it towards the entire enterprise) as well as on-premise or cloud-based solutions. Tripwire’s flexible and scalable deployment options allow organizations to select the products that best fit their needs to enable them to align security initiatives to the objectives of the business. We’ll do a deeper dive into the vulnerability management slice of the Tripwire pie towards the end of this webcast, but now I’d like to introduce our featured presenter today…
  • Our presenter today is a Research Vice President for IDC's Security Products service, where he executes primary research projects, and analyzes markets for both vendors and user customers.His responsibilities within the Security Products service includes both hardware and software security products. Product areas of concentration include vulnerability assessment and management, endpoint security, and encryption. He is frequently quoted in popular business and trade publications such as TIME, CSO, and Information Week and has been a speaker at numerous industry events including the RSA Security Conference.Please welcome, Charles Kolodgy
  • Thanks Charles, great info, I’m seeing some good questions coming in from our audience…But before we move into our Q&A session, I want to take a few minutes to talk about Tripwire’ s Vulnerability Management solution: IP360.Tripwire IP360 provides actionable vulnerability intelligence to help efficiently and effectively manage the constant change of security risk in complex computing environments.How do we do that? We do that by helping you prioritize your work, discover hidden or missing devices on your network, and measure how effectively you are reducing risk
  • No hundred page report here, Tripwire’s Vulnerability Risk Scoring calculates the severity of a vulnerability based on how easy it is to exploit and the level of access an attacker could gain, along with asset and network values for business context. That means you can focus on remediating the vulnerabilities that matter.To deal with the changing/evolving nature of IT threats both internal and external, the dedicated Vulnerabilities and Exposures Research Team (VERT) at Tripwire guarantees ongoing and up-to-date coverage for vulnerability checks with a 24 Hour turnaround time on Microsoft Advisories.And IP360 offers ongoing protection with continuous, periodic, scheduled, or on-demand scanning for vulnerability intelligence exactly when you need it.
  • Going back to the Critical Security Controls I mentioned at the beginning of the presentation, here’s where we check off CSC’s number 1 and number 2: inventory of authorized and unauthorized devices and applications.We do that by taking an inventory of your network so you can find vulnerabilities, devices, software and other liabilities you don’t know about. We get customers all the time telling us “I knew we were running Solaris, but I didn’t know we were running 9 different versions”IP360 includes a web vulnerability detection engine: WebApp360. WebApp360 includes checks for cross site scripting, SQL injections, other implementation flaws and provides coverage for each area of the OWASP Top 10.And I’m not just talking about finding these things on your internal network, but also the perimeter of your network, remote offices, and even partner offices or networks undergoing due diligence for M&A activity. IP360’s PureCloud technology allows vulnerability scanning, and even PCI DSS scanning, via the cloud. Just fire up a web browser and start scanning—no software or hardware to install.
  • IP360 helps you measure, analyze, and communicate proactively and effectively with key stakeholders.IP360 helps you do this with a library of report templates that incorporate business context, such as asset and network values, so you can prove that you are driving vulnerability risk in the right direction.The IP360 report library includes something for everyone: auditors, security, and IT operations teams.
  • That’s a very brief introduction to Tripwire’s Enterprise Vulnerability Management solution, IP360. If you’d like to learn more, please head over to where you can find much more information.Now, I’d like to open up the Q&A session. If you haven’t already, please enter your questions into the webcast question screen.
  • Thank you for your questionsThanks again to Charles Kolodgy from IDC for joining us today and sharing his thoughts on Vulnerability Management, and thanks to all of you for attending.We hope that you found the presentation informative and interesting. Remember to rate and comment on this webcast, in the Ratings section. And be on the lookout for an email from me with the on-demand link to this event. Have a great week!
  • ×