Achieving Continuous Monitoring with Security Automation
•Download as PPTX, PDF•
3 likes•3,888 views
This presentation provides: An overview of continuous monitoring Discusses federal requirements for continuing monitoring Explains why it is critical for risk mitigation Describes an effective continuous monitoring strategy that brings together data from different security controls in one place Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (19)
Similar to Achieving Continuous Monitoring with Security Automation
Similar to Achieving Continuous Monitoring with Security Automation (20)
More from Tripwire
More from Tripwire (20)
Recently uploaded
Recently uploaded (20)
Achieving Continuous Monitoring with Security Automation
- 1. Achieving Continuous Monitoring with Security Automation
- 2. Achieving Continuous Monitoring with Security Automation
- 5. • Aligned with RMF (800-37) and CM requirements (800-137) • Cyberscope Management Reporting • DoD adopting RMF for Continuous Monitoring Start SP800-137 Monitor Security State Authorize Information System Categorize Information System Select Security Controls NIST Risk Management Framework SP800-37 Implement Security Controls Assess Security Controls
- 14. • Compliance and Security is often driven by audits Change is occurring Compliance Trusted State RISK change never stops Time 14
- 15. Continuous Compliance Compliance Trusted State Maintain that state Assess & Achieve desired state TRIPWIRE CONFIGURATION ASSESSMENT AND CONTROL Time 15
- 18. 1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system)
- 19. 1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls)
- 20. 1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls) 3 Determine Risk Threshold and Frequency of Monitoring (realtime, daily, weekly, periodic)
- 21. 1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls) 3 Determine Risk Threshold and Frequency of Monitoring (realtime, daily, weekly, periodic) 4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
- 67. 1 Categorize your assets (High, Mod, Low, location, mission, and / or criticality of system) 2 Setup Configuration Control monitoring (SANS top 20, 800-53, STIGS, CIS Benchmarks or defined controls) 3 Determine Risk Threshold and Frequency of Monitoring (realtime, daily, weekly, periodic) 4 Define Reporting and Critical Alert Response Procedures (Unauthorized Change, Event of Interest, Compliance)
Editor's Notes
- Tripwire Strategy – To deliver the world’s best software suite of integrated security controls to help global enterprises protect their critical data & infrastructure.
- We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.
- We all know these customers...Dozens of high-priority projects, budget shortfalls, employee turnover, competitive pressures... And then we add in regulatory compliance. This isn’t optional – they can’t tell the auditors “sorry we didn’t have the budget this year” (however true that might be). The last thing they want to do is devote scarce resources to complex tools that don’t really make their lives easier.What they need: simple automated solutions which reduce their workload and help them achieve and prove compliance.Let’s take a look at one of the most basic requirements: device/activity logging.What are the factors that make it challenging to maintain compliance? Lack of visibility; complexity of environments; demanding reporting requirements. We’re in a position to help with all three of these.