The document emphasizes the need to reassess traditional assessment methods by focusing on continuous configuration, detection, and response to achieve security goals. It highlights measuring and maintaining a sustainable system state through baselining, comparison of actual and desired configurations, and automation for remediation. Key features include deep change inspection, change management processes, and the ability to track and respond to changes effectively.

22. MEGASCAN
required to reassess
Traditional
Assessment
 Continuous Configuration, Detection &
Response
 The Goal is Security, not Audit
 Lower Costs, Greater Efficiency
 Increased Availability, Detect and Respond
 Measurable, Sustainable, Reliable
Continuous Diagnostics and Mitigation
Manual
Configuration
Assessment

40. C:WindowsInfUsbstor.pnf
C:WindowsInfUsbstor.inf

45. Net.exe start > services.txt

47. •Baselining Systems Tells You What You Currently Have
•Files, Registry, Database Configurations, Network Devices, Active Directory, Critical Infrastructure
Know Your Current System
State
•Security Policies Can Define Your Desired State
•Industry Standard Hardening, Compliance, Self-Created
Know your Desired System
State
•Compare Your State To Desired and Correct Differences
•Assessment, Deviations, Variance, Remediation, Automation
Know How To Transition From
Current To Desired State
•Agent and Agentless Change Detection
•Scheduled Scanning & Real Time
Know When Your Desired
State Changes
•Deep Change Inspection
•Who, What, When, Where, Detailed Content, Change Management Processes
Know Why & Who made
Changes
•Sources Of Truth
•Change Windows, Patch Reconciliation, BAU, CMDB Reconciliation, Threat Intel
Know If Changes Are Good or
Bad
•Inspect, Take Action, Report
•Historical Changes, Auto-Remediate, Audit Ready, Change Dashboards
Know How To Respond, Alert
and Share

48. tripwire.com | @TripwireInc