Presentation is loading. Please wait.

Presentation is loading. Please wait.

System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire.

Similar presentations


Presentation on theme: "System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire."— Presentation transcript:

1 System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire

2 IT SECURITY & COMPLIANCE AUTOMATION What Is It? System Hardening is the act of reducing the attack surface in information systems and minimizing their vulnerabilities in accordance with: Recognized Best Practices Vendor Hardening Guidelines Custom Security Polices Industry Standards or Benchmarks Security Configuration Management is an automated, security-focused set of capabilities that makes system hardening: Repeatable and enterprise-scalable Continuous, with real-time or periodic capabilities as needed Flexible, and aligned with business needs, workflows and exceptions Self-correcting and self-remediating 2

3 IT SECURITY & COMPLIANCE AUTOMATION 3 “The management and control of configurations for an information system with the goal of enabling security and managing risk ” NIST says SCM is:

4 IT SECURITY & COMPLIANCE AUTOMATION SCM: Tripwire Definition The ability to create, edit and manage IT security hardening policies in a way that fits real-world business processes and continually balances risk and productivity 4

5 IT SECURITY & COMPLIANCE AUTOMATION On Many Short-term Buying Lists 5 © 451 Group 2013

6 IT SECURITY & COMPLIANCE AUTOMATION 6 Gartner says SCM is the #1 priority in creating a server protection strategy 1

7 IT SECURITY & COMPLIANCE AUTOMATION 7 Securosis says configuration hardening is the 2 nd most effective data security control 2

8 IT SECURITY & COMPLIANCE AUTOMATION 8 SANS says SCM is the 3rd most important security control you can implement 3 (& 10)

9 IT SECURITY & COMPLIANCE AUTOMATION GCHQ’s New Cyber Security Guidance GCHQ released new “10 Steps to Cyber Security” in Fall 2012 Focused on executive and board responsibility Names Secure Configurations as one of the most critical steps to achieving an objective measure of cybersecurity 9

10 IT SECURITY & COMPLIANCE AUTOMATION What’s the Reality When It Comes to SCM? It’s Hard To Do: 10

11 IT SECURITY & COMPLIANCE AUTOMATION Configuration Drift Is A Constant Enemy “Configuration drift is a natural condition in every data center environment due to the sheer number of ongoing hardware and software changes.” – Continuity Software blog “In less than a week, all the configuration controls, permissions and entitlements that IT spends time testing are useless.” – ITPCG blog 11

12 IT SECURITY & COMPLIANCE AUTOMATION What Can You Do? 12 Monitors and assess critical configurations in: File systems Databases like MS-SQL, Oracle, IBM DB2 and Sybase Directory services and network devices When?: Immediate detection of changes to critical, defense-dependant configurations Efficient, change-triggered configuration assessment Shorten time of system risk Demonstrating Compliance: Document any waivers Document when tests went from failing to passing Alerted to tests going from passing to failng – within minutes or at least hours

13 IT SECURITY & COMPLIANCE AUTOMATION Time Secure & Compliant State Security Posture Continuous Monitoring 13 Continually assess and remediate insecure configurations, insuring always-hardened, always-ready information systems and network devices

14 Tripwire Americas: TRIPWIRE Tripwire EMEA: +44 (0) Tripwire Japan: Tripwire Singapore: Tripwire Australia-New Zealand: +61 (0) System Hardening Made Easy, By Tripwire


Download ppt "System Hardening … Made Easy Security Configuration Management Michael Betti, Sr. SE, Tripwire."

Similar presentations


Ads by Google