Professional Documents
Culture Documents
WHITE PAPER
INTRODUCTION
The problem for most enterprises today is information overload. Attacks
are becoming more sophisticated, and increasing at a pace that IT
professionals simply cant keep up with. A data breach is a matter of when,
not if, and what separates a minor incident from a catastrophic event
is the ability to minimize the cyberthreat gap, and address issues more
effectively and efficiently.
This paper will discuss the security challenges facing enterprises today, and
how to deal with them. Specifically, the paper will describe how automated
vulnerability management can be an effective tool for reducing the
cyberthreat gap, and minimizing the potential damage from a data breach
incident.
If an organization does not have enough
information about suspicious activity or security events on its network,
that is obviously a problem. For most
enterprises today, though, the opposite
is true: there is such an overwhelming
amount of information that it is difficult to properly correlate, analyze, and
understand whats going on. Attackers
continue to get more organized, and
more sophisticated over time, and a lack
of qualified IT staff leaves organizations
at a distinct disadvantage.
Mind the Gap: Using Vulnerability Management to Address the Enterprise Cyberthreat Gap
has time on his or her side, and a successful data breach may play out over
an extended period of days, weeks, or
months. Enterprises need reliable data
collection that can identify changes that
are indicators of compromise, eliminates
blind spots and enables fast and effective
decisions.
THE ENTERPRISE
CYBERTHREAT GAP
How much damage can be done, or how
much data can be compromised by an
attacker in a day? How about a month?
Mandiant (now part of FireEye) reports
that it takes an average of 243 days to
discover an APT (Advanced Persistent
Threat), and a Ponemon study revealed
that it typically takes 123 days to completely resolve a breach. Thats a whole
year from the time an attacker infiltrates
the network until the compromise is
detected and the threat is eradicated.
A year. Add to that the fact that most
organizations dont actually even discover their own data breaches, and its
obvious that enterprises have a problem.
One of the keys to better security is to
give up on the idea that complete security is an achievable goal. It isnt a matter
of if your organization will be compromised, its a matter of when, and its best
to work under the assumption that you
are in a constant state of compromise.
Instead of hiding behind the illusion of
security, work to understand the nature
and behavior of the threats, and then
implement solutions that help identify
and resolve incidents more quickly.
Tripwires Enterprise Cyberthreat Gap
model was created to illustrate the different phases of the Cyberthreat Lifecycle,
and provide IT professionals with a
means of addressing the escalating
security risks. It is critical to discover
a breach, determine when the initial
breach occurred, and identify how long
your data has been exposed.
Mind the Gap: Using Vulnerability Management to Address the Enterprise Cyberthreat Gap
Conduct a scan of remote and third-party (supply chain, vendors, and partner)
networks. Dont ignore scanning hard
to reach places (like your network
perimeter and remote offices) that could
provide an easy back door for attackers, and be thorough by scanning both
managed and unmanaged devices and
systems. Web applications are a frequent
and easy target for attackers, so identify
and fix unpublished vulnerabilities in
those.
Finally, prioritize remediation. You
should have a scoring and reporting
system that takes into account both the
vulnerabilities and general risk for a
given system, as well as its role within a
business context. Each asset should have
a unique score that helps you prioritize
remediation efforts, so allocate resources
to mitigate or recover mission critical
systems first.
Mind the Gap: Using Vulnerability Management to Address the Enterprise Cyberthreat Gap
ABOUT TRIPWIRE
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based
on high-fidelity asset visibility and deep endpoint intelligence combined with business-context, and enable security automation through enterprise integration. Tripwires portfolio of enterprise-class security solutions includes configuration and
policy management, file integrity monitoring, vulnerability management and log intelligence. Learn more at tripwire.com. u
u
WPMTG1a 201501