Downloaded 108 times
Uploaded byTripwire
Achieving Continuous Monitoring with Security Automation
The document outlines the process and importance of achieving continuous monitoring with security automation in alignment with various frameworks such as RMF and NIST guidelines. It emphasizes asset categorization, setting up monitoring controls, determining risk thresholds, and defining response procedures to maintain compliance and security. Additionally, it provides contact information for inquiries and further resources.
More Related Content
Similar to Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
- 1. Achieving Continuous Monitoring withSecurity Automation
- 2.
- 5. • Aligned withRMF (800-37) and CM requirements (800-137) • Cyberscope Management Reporting • DoD adopting RMF for Continuous Monitoring Start SP800-137 Monitor Security State Authorize Information System Categorize Information System Select Security Controls NIST Risk Management Framework SP800-37 Implement Security Controls Assess Security Controls
- 14. • Compliance andSecurity is often driven by audits Change is occurring Compliance Trusted State RISK change never stops Time 14
- 15. Continuous Compliance Compliance Trusted State Maintain that state Assess& Achieve desired state TRIPWIRE CONFIGURATION ASSESSMENT AND CONTROL Time 15
- 18. 1 Categorize your assets(High, Mod, Low, location, mission, and / or criticality of system)
- 19. 1 Categorize your assets(High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
- 20. 1 Categorize your assets(High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls) 3 Determine Risk Threshold and Frequency of Monitoring (realtime, daily, weekly, periodic)
- 21. 1 Categorize your assets(High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls) 3 Determine Risk Threshold and Frequency of Monitoring (realtime, daily, weekly, periodic) 4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
- 67. 1 Categorize your assets(High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls) 3 Determine Risk Threshold and Frequency of Monitoring (realtime, daily, weekly, periodic) 4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
- 68.
- 69.
Editor's Notes
- #17 Tripwire Strategy – To deliver the world’s best software suite of integrated security controls to help global enterprises protect their critical data & infrastructure.
- #18 We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- #19 We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- #20 We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- #21 We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- #22 We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- #68 We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.