Presentation is loading. Please wait.

Presentation is loading. Please wait.

System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire.

Published byNathanael Man Modified over 9 years ago

Similar presentations

Presentation on theme: "System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire."— Presentation transcript:

1 System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire

2 IT SECURITY & COMPLIANCE AUTOMATION What Is It? System Hardening is the act of reducing the attack surface in information systems and minimizing their vulnerabilities in accordance with: Recognized Best Practices Vendor Hardening Guidelines Custom Security Polices Industry Standards or Benchmarks Security Configuration Management is an automated, security-focused set of capabilities that makes system hardening: Repeatable and enterprise-scalable Continuous, with real-time or periodic capabilities as needed Flexible, and aligned with business needs, workflows and exceptions Self-correcting and self-remediating 2

3 IT SECURITY & COMPLIANCE AUTOMATION 3 “The management and control of configurations for an information system with the goal of enabling security and managing risk ” NIST says SCM is:

4 IT SECURITY & COMPLIANCE AUTOMATION SCM: Tripwire Definition The ability to create, edit and manage IT security hardening policies in a way that fits real-world business processes and continually balances risk and productivity 4

5 IT SECURITY & COMPLIANCE AUTOMATION On Many Short-term Buying Lists 5 © 451 Group 2013

6 IT SECURITY & COMPLIANCE AUTOMATION 6 Gartner says SCM is the #1 priority in creating a server protection strategy 1

7 IT SECURITY & COMPLIANCE AUTOMATION 7 Securosis says configuration hardening is the 2 nd most effective data security control 2

8 IT SECURITY & COMPLIANCE AUTOMATION 8 SANS says SCM is the 3rd most important security control you can implement 3 (& 10)

9 IT SECURITY & COMPLIANCE AUTOMATION GCHQ’s New Cyber Security Guidance GCHQ released new “10 Steps to Cyber Security” in Fall 2012 Focused on executive and board responsibility Names Secure Configurations as one of the most critical steps to achieving an objective measure of cybersecurity 9

10 IT SECURITY & COMPLIANCE AUTOMATION What’s the Reality When It Comes to SCM? It’s Hard To Do: 10

11 IT SECURITY & COMPLIANCE AUTOMATION Configuration Drift Is A Constant Enemy “Configuration drift is a natural condition in every data center environment due to the sheer number of ongoing hardware and software changes.” – Continuity Software blog “In less than a week, all the configuration controls, permissions and entitlements that IT spends time testing are useless.” – ITPCG blog 11

12 IT SECURITY & COMPLIANCE AUTOMATION What Can You Do? 12 Monitors and assess critical configurations in: File systems Databases like MS-SQL, Oracle, IBM DB2 and Sybase Directory services and network devices When?: Immediate detection of changes to critical, defense-dependant configurations Efficient, change-triggered configuration assessment Shorten time of system risk Demonstrating Compliance: Document any waivers Document when tests went from failing to passing Alerted to tests going from passing to failng – within minutes or at least hours

13 IT SECURITY & COMPLIANCE AUTOMATION Time Secure & Compliant State Security Posture Continuous Monitoring 13 Continually assess and remediate insecure configurations, insuring always-hardened, always-ready information systems and network devices

14 www.tripwire.com Tripwire Americas: 1.800.TRIPWIRE Tripwire EMEA: +44 (0) 20 7382 5420 Tripwire Japan: +812.53206.8610 Tripwire Singapore: +65 6733 5051 Tripwire Australia-New Zealand: +61 (0) 402 138 980 System Hardening Made Easy, By Tripwire

Download ppt "System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire."

Similar presentations

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Brian Markham Director, DIT Compliance and Risk Services May 1, 2014

Brian Markham Director, DIT Compliance and Risk Services May 1, 2014
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Network security policy: best practices

Network security policy: best practices
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.

Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.
Security and Privacy Services Cloud computing point of view October 2012.

Security and Privacy Services Cloud computing point of view October 2012.
Unify and Simplify: Security Management

Unify and Simplify: Security Management
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
Know the Difference™ Disaster Recovery Verification Solution Martin Perlin Marketing Director, Evolven THERE WHEN NEEDED MOST? Verify consistency and integrity.

Know the Difference™ Disaster Recovery Verification Solution Martin Perlin Marketing Director, Evolven THERE WHEN NEEDED MOST? Verify consistency and integrity.

Similar presentations

Ads by Google