Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Common Data Protection Pitfalls –And How You Can Avoid Them
Upcoming SlideShare
Loading in …5
×

Common Data Protection Pitfalls –And How You Can Avoid Them

894 views

Published on

CISOs and their security programs face overwhelming pressure to renew their focus on data protection. This pressure stems from external forces of advanced threats, a multitude of compliance obligations, and internal forces of new business initiatives. This combination of factors leads to a complex set of data protection requirements. But CISOs and security programs face further complexity meeting those requirements due to the virtual explosion in data volume and the variety of locations where that data may reside. If that's not enough, the scope of data to be protected includes not only customer data, but internal data and system data as well.In this webcast, Jim Maloney, CEO of Cyber Risk Strategies, LLCand Mark Evertz, Security Solutions Manager at Tripwire discuss:


The evolution of information security and why it has renewed its focus on data protection

The challenges CISOs and their security programs face in securing data, including increasing volumes of data, multiple locations of data, compliance obligations and more

Why data protection efforts must go beyond customer data to also protect internal data and system data

How data protection can serve as a business enabler

How solutions like the Tripwire VIA Suite can help protect essential organization data

Five steps CISOs can take to significantly improve their organization's information security

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
894
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Over the last several years many organizations have put collection systems in place to meet PCI requirements. They put in log management and FIM along with other security tools. And they have been collecting a ton of data ever since. So they have plenty of data to meet compliance requirements. But the problem is they have too much data for it to be useful. And it is almost impossible to quickly know if any of the data is indicating a security issue. It ’s like trying to find a single land-mine in a massive land-fill before it goes off and causes damage.
  • Scenario—the power of integrating file integrity monitoring, configuration policy management with log and event management: A critical application setting goes from in Compliance to out of compliance (green to red) The investigation reveals who made the change - an unknown user Drilling in to the Event Logs related to the application server reveals that user ID was created by a known Administrator, and then given elevated privileges All of this data was turned in to information - a critical application is about to go down, a type of denial of service All this information was available through the TE Console Bottom line: By correlating Compliance, Change and Event data, individual non-suspect changes are shown to be a high security event
  • This is really what you want to know. 5 failed logins on its own followed by a successful login is probably a medium to low alert. In fact, this is so common it ’s contributing to SIEM overload. But, getting an unrelated alert for each one of these every step along the way won’t help. We think you need this context to see all of these happening in concert so you can quickly see these complicated patterns that impact security. so what does Tripwire do to help solve this? Let me show you.
  • Here ’s a snapshot of a high-level dashboard to give you a lay of the land in your IT infrastructure based on policies and standards in place. In this case, based on FISMA compliance. You’ll note, a real-time scoring element, details on a failed test and any associated changes based on those failed tests. But beyond the colors and pie charts, the devil is in the details
  • As an person watching this all behind the scenes, you are notified when something like "FTP Publishing" service failed the "disabled" test put in place, meaning someone has enabled something against your security or compliance policy.  For you, this is a major RED FLAG, but may not be malicious. You need to know more. 
  • So you start piecing together what happened or is happening…This start up type indicates that this has happened and the type represents an auto start… after that policy test. Odd…
  • So you go into the "Log Center Events" tab and step through building the forensics on who enabled it…to get the 4ws Who, What, When and Where of the attack.
  • As you do you ’ll notice "myuser" enabled it, but as you progress through the log events, a user named "sjohnston" is the one who created "myuser" and then gave "myuser" admin privileges.
  • From there "myuser" began to wreak havoc.  Point being that through a critical change found in Tripwire Enterprise, as it impacts a compliance regime like PCI, FISMA for govt. SOX or some other prescribed standard or security control, we were able to discover a "breach or potential breach “ through integration with our next-generation Security Information and Event Management solution, Tripwire Log Center.
  • Here ’s another view of what myUser’s been up to that represent a breach. Successful login; group member added and given admin privileges and then another user account created. You’ve pinpointed who did it, when they did it and what they did…in minutes rather than days, weeks or months…by correlating log events with change data. Now you can take action.
  • As Verizon pointed out…the precursor to breaches or breaches in progress live in your log data. The question is…do you have the tools to find the culprit before damage is done. If you can find suspicious log behavior and correlate it with suspicious file or system changes in near real time you can maintain a constant state of compliance and improve your ability to protect your most sensitive data.
  • And it ’s all spelled out for you here. In addition to unified dashboards with compliance and security Red or Green status using easy to understand widgets and reporting tools, Tripwire VIA helps you fight through a deluge of data with real-time visibility, true threat detection and response and that ability to automate remediation procedures to stop or reduce the impact of an attack.
  • The integration of Tripwire Log Center, Tripwire Enterprise and the dynamic alerting we deliver through that integration elevates seemingly innocuous events by identifying complicated patterns of behavior that represent a potential compromise of sensitive data or critical systems. Tripwire VIA is a product suite that represents the tight integration of Tripwire Enterprise and Tripwire Log Center. It is the only IT Security and Compliance solution available that allows you to correlate changes of interest to events of interest to bring an unprecedented new level of Visibility, Intelligence and Automation across the enterprise to help automate and improve overall IT security and speed IT compliance.
  • ×