SlideShare une entreprise Scribd logo

Cyberwar Threats: New Security Strategies for Governments

Tripwire
Tripwire

Cyberwar fundamentally changes how government must handle security. Faced with increasingly sophisticated attacks from gangs of cyber criminals and foreign governments probing systems for sensitive data, threats frequently go undetected for days, weeks, and even months. And it’s not just financial data being stolen. Terrorists and rogue governments may steal confidential data, including intelligence information, that exposes a country and its citizens to potential harm. Unfortunately, the traditional fortress approach no longer suffices. Learn what’s needed to tackle the new threats, and why Tripwire's solutions provide the real-time awareness necessary to fight cyberwar. Whitepaper here: http://www.tripwire.com/register/cyberwar-threats-new-security-strategies-for-governments/

Technologie
1  sur  6
Télécharger pour lire hors ligne
Cyberwar Threats NEW SECURITY STRATEGIES FOR GOVERNMENTS WHITE PAPER
Introduction Cyberwar fundamentally changes how government must help overwhelmed security professionals immediately identi- handle security. Faced with increasingly sophisticated fy and automatically mitigate any damage from existing and attacks from gangs of cyber criminals and foreign govern- potential threats. Only with these solutions can government ments probing systems for sensitive data, threats frequently agencies defend themselves against the threats and conse- go undetected for days, weeks, and even months. And it’s quences of cyberwar in an age of declining budgets. not just financial data being stolen. Terrorists and rogue governments may steal confidential data, including intel- ligence information, that exposes a country and its citizens Evolving Threats Require New to potential harm. Unfortunately, the traditional fortress Cybersecurity Strategies approach no longer suffices. Firewalls, intrusion detection The attack that compromised Google’s systems in December systems and other security devices can stop the average 2009 demonstrates just how the new generation of adversar- hacker, but new threats use stealth techniques that these ies can effectively take down an Internet giant. Google said defenses cannot detect on their own. that the Chinese government launched the attack to access Faced with the certainty that attackers will get into their the email accounts of Chinese human rights activists, but systems, government organizations must take a more proac- that some 20 other organizations fell victim to the attack, tive approach to risk management. This approach includes including several US defense contractors. The attackers got focusing security efforts on protecting mission-critical data. past all of the defenses installed by Google, and managed to To focus those efforts, government organizations need situ- stay hidden for days while they hunted for the activists’ data. ational awareness. They must know the location of critical In testimony to the US Senate Select Intelligence data, identify the characteristics of the systems that carry Committee in February 2010, Dennis Blair, the US Director the data, understand the vulnerabilities of those systems, of National Intelligence, said that these kinds of advanced and detect changes in activity that signal potential threats. persistent threats (APTs) result in the theft of sensitive Government organizations around the world must also know information from government networks every day. The tech- what security controls they have in place throughout the IT nology balance currently favors the attacker, he said, and infrastructure, and whether these controls protect the infra- may do so for some time. structure against the potential threats. The UK government’s recently released Strategic Defense However, the sheer size and complexity of government and Security Review (SDSR) likewise recognizes the new age infrastructure makes gaining that awareness difficult. For of cyber threats, citing one of its top risks as cyber attacks, example, the US government boasts thousands of uniquely whether from other states, terrorists or via organized crime. configured systems strewn across hundreds of offices and The recent discovery of an organized crime ring that used government departments. The thousands of security devices the Zeus Trojan to steal money from financial accounts lends throughout the average government IT infrastructure gen- credence to their assessment of this risk; in late September erates such huge quantities of valuable data that the IT 2010, 10 people in the UK were charged with using the Zeus departments in these government organizations get over- Trojan to steal millions of pounds.2 Similarly, in the US, whelmed when faced with collecting and analyzing it. In the FBI and the US Attorney General’s office in southern addition, governments must secure this infrastructure with New York charged 37 people in a criminal operation that shrinking budgets, a trend illustrated by the UK govern- used the Zeus Trojan to steal $3 million dollars from bank ment’s recently announced £81 billion in budget cuts slated accounts. The crime ring allegedly involved operations man- to take effect over the next four years.1 agers and money mules who, for a commission, laundered Government organizations urgently need solutions that the stolen money through bank accounts they opened.3 provide automated, continuous, and end-to-end monitoring Deloitte, in its 2010 CSO Cybersecurity Watch Survey, of that infrastructure to isolate vulnerabilities and risk and found that most organizations it surveyed lacked awareness Cyberwar Threats | WHITE PAPER | 2
of these kinds of attacks, or felt overconfident that their In the UK, the Good Practice Guide No. 13: Protective current security measures and technology could protect Monitoring, or GPG 13, issued by the UK Government’s CESG them. More than two-thirds still considered hackers the big- is part of the Security Policy Framework (SPF) designed to gest threat. protect the government’s IT infrastructure. Similar to NIST, Unfortunately, these non-agile security tools and process- GPG 13 and the SPF take a risk-based approach to protect- es don’t work against APTs. The Deloitte report noted that ing the infrastructure. GPG 13 outlines an approach that intrusion detection, signature-based malware and anti-virus UK government organizations should take to manage the solutions provide little defense, and rapidly become obso- risk to their critical systems, including the information they lete against attackers who use such strategies as encryption must record, the events they must report, and the alerts technology to mask their efforts. they must generate based on anticipated modes of attack to Cyber attackers typically exhibit much more patience than these systems. the traditional hacker. When rebuffed, they keep probing The opposition can exploit any weakness, so to manage until they find a way in. Once past the defenses, they call risk you must know the security status of all of the systems on their assets time and again to extract data. You would throughout the enterprise. That‘s the essential visibility not classify these attackers as opportunists; they have a that all agencies will be looking for. mission and remain focused on it until they succeed. In an interview with GovInfoSecurity.com, Ron Ross, the head of the team that drew up the NIST guidelines, said Identifying and Managing Risk continuous monitoring “is critical” for making sure that agencies know the security state of their systems on an Given the tactics and tools of cyberwar, IT can no longer ongoing, day-by-day, hour-by-hour basis. “That is the up simply man the barricades and plug whatever holes develop tempo that our adversaries are working in today as they in their defenses. Instead, government must use continuous, launch these very sophisticated cyber attacks against our or protective monitoring, to proactively identify the data critical systems,” he said. most at risk and secure the systems that contain that data. The UK government echoes this belief, citing a major The desired end? Agencies continue to operate and missions benefit of protective monitoring as increased situational remain uncompromised. When it comes to national security, awareness that results from continuously collecting informa- defense and essential parts of the country’s IT infrastruc- tion about threats to, and trends in, critical government ture, that’s the ultimate goal. systems and data. This information enables organizations to In the US, the National Institute of Standards and identify what attacks are occurring, where they’re occurring, Technology (NIST) is responsible for drawing up the guidelines who is behind the attacks, how vulnerabilities have been for certifying and accrediting the security of government IT or are being exploited, current and potential future vulner- systems. NIST puts risk management at the center of its most abilities, attacks in progress, and how to fix issues that led recent revision of those guidelines. The guidelines emphasize to an attack. building solid security into those critical government systems as early in their life cycle as possible. Doing so makes it easier to identify what vulnerabilities and weaknesses remain, which Still a Long Way to Go makes it easier to manage them within the standard risk deter- Most governments around the world still lack the visibil- mination and acceptance process. That’s certainly something ity and situational awareness needed to manage risk. Few that the US Department of Defense (DoD) counts on to keep its know if systems are correctly configured according to a Global Information Grid, the worldwide collection of computers known, good baseline of policies and controls. Few have and networks that drives its operations, up and running, and the ability to receive alerts when system changes result its most important data safe. Of all US government organiza- in insecure configurations so they can fix them before the tions, cyber attackers consider the DoD the prize target. damage occurs. 3 | WHITE PAPER | Cyberwar Threats
As part of their annual FISMA report to the US Office of Management and Budget (OMB), US government agencies Tripwire VIA Solutions: must show they have both an agency-wide security con- Visibility, Intelligence, figuration policy, and provide evidence on how well they Automation have implemented various security configurations on their The Tripwire® VIA™ suite delivers the real-time, continuous systems. monitoring organizations need to counter modern cyberwar In a July 2009 report, the US Government Accountability threats, so agencies see the data that matters no matter Office (GAO) said all 24 of the major US federal agencies it how much noise the IT infrastructure generates. Armed with investigated claimed they had a security configuration pol- this visibility, security professionals detect weaknesses and icy in place. But almost all of them had weaknesses in their vulnerabilities, and make fixes before attackers can exploit information security controls, and over 21 had configuration them. Tripwire VIA solutions include Tripwire® Enterprise for management weaknesses. Several agencies did not imple- industry-leading configuration control, and Tripwire® Log ment common secure configuration policies across their Center for next-generation log and security information and systems, the GAO said, and many did not ensure that system event management (SIEM). software changes had been properly authorized, documented Tripwire Enterprise helps organizations focus on the and tested. John Gilligan, a former chief information officer changes that matter with continuous file integrity monitor- for both the Air Force and the Department of Energy, told a ing, compliance policy management, real-time intelligence recent cybersecurity forum that if government organizations that identifies changes that introduce risk or non-compli- deployed and enforced security measures such as configu- ance as they occur, and on-demand automated remediation. ration controls, these organizations could block some 85 With over 300 out-of-the-box policies, Tripwire Enterprise percent of attacks. covers just about any security, regulatory and operational Devices in the network that record security-related policy needed for assessing and managing configurations. events offer another source of useful security information. Specific to US government organizations, Tripwire Enterprise Collecting those logs and having some way of analyz- includes policies for NIST SP 800-53 Rev 3, DISA STIGS and ing them can help flag potential threats. Unfortunately, FISMA requirements. For UK government organizations, most agencies can’t do that right now, due in part to the Tripwire Enterprise includes a Security Policy Framework perceived difficulty in implementing a log management (SPF) policy that can be applied for GCSX CoCo and GPG 13: solution. However, many are starting to realize what those Protective Monitoring requirements. These policies include logs offer. In a recent study, the DoD said that log manage- weighted tests that help IT managers focus on the configu- ment ranked among the highest value controls that could be rations that pose the greatest security risk or most impact used to block attacks. system performance. The security of UK government systems is less publicized, Tripwire Enterprise also allows organizations to capture but the recent inclusion of cybersecurity as a top priority in secure or operationally optimized configurations devel- the SDSR indicates that cybersecurity is top of mind in the oped in-house so these configurations can be re-applied as UK for the foreseeable future. And with the 2012 Olympic needed. And Tripwire Enterprise automates remediation of Games in the works, it’s a certainty that the UK govern- detected issues on-demand for both physical and virtual ment will scrutinize government agencies more than ever to environments. ensure that they have continuously secure system configu- Tripwire Log Center, captures and stores tens of thousands rations and the ability to easily review network and activity of events per second to meet the log management require- logs for potential threats and forensics. ments of many standards and regulations. It also enables 4 | WHITE PAPER | Cyberwar Threats
Google-like searches of log activity data for deep forensic analysis. Because Tripwire Log Center supports the most Conclusion popular log transmission protocols, it collects logs from just Cyberwar, with its sophisticated, persistent threats, is about any source out of the box. In addition, Tripwire Log forcing government agencies to move away from an all-or- Center detects and alerts to events that may indicate suspi- nothing approach to security. These organizations must now cious activity. The solution’s graphical tools help correlate focus on protecting essential data and ensuring continuous events, and pinpoint those parts of the infrastructure that availability of critical systems—all without interrupting the could be open to attack. ability of these agencies to conduct the day-to-day busi- As part of the Tripwire VIA suite, Tripwire Enterprise and ness activities required to fulfill their missions. As a result, Tripwire Log Center integrate with each other to provide security becomes a strategic necessity rather than activity a single solution for complete IT security and compliance. that simply complements the other activities of government Using Tripwire solutions, IT can investigate individual agencies. Agencies must now apply risk management prac- changes and events as well as complex sequences of activity tices that ensure systems stay up and running. like suspicious events related to a change that may indicate To do that, security professionals must shift from their a new risk or noncompliance. Combined, these solutions also traditional reactive stance to a more proactive one. Because support incident investigation, reveal patterns of activity they can’t manually plug the holes fast enough, they need a that indicate threats, and help identify downstream impacts way to get ahead of the threats. Key to this is being able to of a given change. The combination also enables organiza- get a clear view of the existing vulnerabilities through the tions to gain instant audit logging capabilities across the noise created by the overwhelming number of systems and entire IT infrastructure without installing additional code. configurations that make up today’s IT enterprise. Equally With the Tripwire VIA suite, organizations gain end-to- key is automation that not only detects the vulnerabilities end visibility across the enterprise, intelligence to help as they occur, but that also enables them to remediate them make better and faster decisions about threats and these vulnerabilities immediately, before the damage occurs. risk, and automation to address and fix the millions and Automation is also critical protecting these systems and billions of changes and events that occur in today’s IT data in the face of decreased budgets and headcounts. infrastructure. Tripwire VIA solutions provide the needed end-to-end visibility of all activity and events across the enterprise so users can identify potential threats in real-time. These leading solutions also deliver actionable intelligence so managers immediately know where misconfigurations, and therefore vulnerabilities and non-compliance, exist. And Tripwire VIA solutions automate much of the work, includ- ing remediation, so government organizations can provide effective security even with today’s reduced budgets and round-the-clock threat environment. 1 “Spending Review 2010: George Osborne wields the axe” (www.bbc.co.uk/news/uk-politics-11579979) 2 “UK police charge 10 people with Zeus fraud” (http://news.cnet. com/8301-1009_3-20018167-83.html?tag=mncol;txt) 3 “Dozens charged in use of Zeus Trojan to steal $3 million” (http:// news.cnet.com/8301-27080_3-20018177-245.html) Cyberwar Threats | WHITE PAPER | 5
ABOUT TRIPWIRE Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses and government agencies take control of their entire IT infrastructure. Thousands of customers rely on Tripwire’s integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire® VIA™, the comprehensive suite of industry-leading file integrity, policy compliance and log and security event management solutions, is the way organizations can proactively achieve continuous compliance, mitigate risk and improve operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and TripwireInc on Twitter. ©2010 Tripwire, Inc. | Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. | WPCS2a 2010/11

Recommandé

Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
 
Meeting the True Intent of File Integrity Monitoring
Meeting the True Intent of File Integrity MonitoringMeeting the True Intent of File Integrity Monitoring
Meeting the True Intent of File Integrity Monitoring
Tripwire
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
Tripwire
 
A Look Back at 2016: The Most Memorable Cyber Moments
A Look Back at 2016: The Most Memorable Cyber MomentsA Look Back at 2016: The Most Memorable Cyber Moments
A Look Back at 2016: The Most Memorable Cyber Moments
Tripwire
 
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 CybercrimesBreaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Tripwire
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Tripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
Tripwire
 

Recommandé

Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
 
Meeting the True Intent of File Integrity Monitoring
Meeting the True Intent of File Integrity MonitoringMeeting the True Intent of File Integrity Monitoring
Meeting the True Intent of File Integrity Monitoring
Tripwire
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
Tripwire
 
A Look Back at 2016: The Most Memorable Cyber Moments
A Look Back at 2016: The Most Memorable Cyber MomentsA Look Back at 2016: The Most Memorable Cyber Moments
A Look Back at 2016: The Most Memorable Cyber Moments
Tripwire
 
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 CybercrimesBreaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Tripwire
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Tripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
Tripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
Tripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Tripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Tripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
Tripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
Tripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Tripwire
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Tripwire
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Contenu connexe

Plus de Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Tripwire
 

Plus de Tripwire (20)

Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Cyberwar Threats: New Security Strategies for Governments

  • 1. Cyberwar Threats NEW SECURITY STRATEGIES FOR GOVERNMENTS WHITE PAPER
  • 2. Introduction Cyberwar fundamentally changes how government must help overwhelmed security professionals immediately identi- handle security. Faced with increasingly sophisticated fy and automatically mitigate any damage from existing and attacks from gangs of cyber criminals and foreign govern- potential threats. Only with these solutions can government ments probing systems for sensitive data, threats frequently agencies defend themselves against the threats and conse- go undetected for days, weeks, and even months. And it’s quences of cyberwar in an age of declining budgets. not just financial data being stolen. Terrorists and rogue governments may steal confidential data, including intel- ligence information, that exposes a country and its citizens Evolving Threats Require New to potential harm. Unfortunately, the traditional fortress Cybersecurity Strategies approach no longer suffices. Firewalls, intrusion detection The attack that compromised Google’s systems in December systems and other security devices can stop the average 2009 demonstrates just how the new generation of adversar- hacker, but new threats use stealth techniques that these ies can effectively take down an Internet giant. Google said defenses cannot detect on their own. that the Chinese government launched the attack to access Faced with the certainty that attackers will get into their the email accounts of Chinese human rights activists, but systems, government organizations must take a more proac- that some 20 other organizations fell victim to the attack, tive approach to risk management. This approach includes including several US defense contractors. The attackers got focusing security efforts on protecting mission-critical data. past all of the defenses installed by Google, and managed to To focus those efforts, government organizations need situ- stay hidden for days while they hunted for the activists’ data. ational awareness. They must know the location of critical In testimony to the US Senate Select Intelligence data, identify the characteristics of the systems that carry Committee in February 2010, Dennis Blair, the US Director the data, understand the vulnerabilities of those systems, of National Intelligence, said that these kinds of advanced and detect changes in activity that signal potential threats. persistent threats (APTs) result in the theft of sensitive Government organizations around the world must also know information from government networks every day. The tech- what security controls they have in place throughout the IT nology balance currently favors the attacker, he said, and infrastructure, and whether these controls protect the infra- may do so for some time. structure against the potential threats. The UK government’s recently released Strategic Defense However, the sheer size and complexity of government and Security Review (SDSR) likewise recognizes the new age infrastructure makes gaining that awareness difficult. For of cyber threats, citing one of its top risks as cyber attacks, example, the US government boasts thousands of uniquely whether from other states, terrorists or via organized crime. configured systems strewn across hundreds of offices and The recent discovery of an organized crime ring that used government departments. The thousands of security devices the Zeus Trojan to steal money from financial accounts lends throughout the average government IT infrastructure gen- credence to their assessment of this risk; in late September erates such huge quantities of valuable data that the IT 2010, 10 people in the UK were charged with using the Zeus departments in these government organizations get over- Trojan to steal millions of pounds.2 Similarly, in the US, whelmed when faced with collecting and analyzing it. In the FBI and the US Attorney General’s office in southern addition, governments must secure this infrastructure with New York charged 37 people in a criminal operation that shrinking budgets, a trend illustrated by the UK govern- used the Zeus Trojan to steal $3 million dollars from bank ment’s recently announced £81 billion in budget cuts slated accounts. The crime ring allegedly involved operations man- to take effect over the next four years.1 agers and money mules who, for a commission, laundered Government organizations urgently need solutions that the stolen money through bank accounts they opened.3 provide automated, continuous, and end-to-end monitoring Deloitte, in its 2010 CSO Cybersecurity Watch Survey, of that infrastructure to isolate vulnerabilities and risk and found that most organizations it surveyed lacked awareness Cyberwar Threats | WHITE PAPER | 2
  • 3. of these kinds of attacks, or felt overconfident that their In the UK, the Good Practice Guide No. 13: Protective current security measures and technology could protect Monitoring, or GPG 13, issued by the UK Government’s CESG them. More than two-thirds still considered hackers the big- is part of the Security Policy Framework (SPF) designed to gest threat. protect the government’s IT infrastructure. Similar to NIST, Unfortunately, these non-agile security tools and process- GPG 13 and the SPF take a risk-based approach to protect- es don’t work against APTs. The Deloitte report noted that ing the infrastructure. GPG 13 outlines an approach that intrusion detection, signature-based malware and anti-virus UK government organizations should take to manage the solutions provide little defense, and rapidly become obso- risk to their critical systems, including the information they lete against attackers who use such strategies as encryption must record, the events they must report, and the alerts technology to mask their efforts. they must generate based on anticipated modes of attack to Cyber attackers typically exhibit much more patience than these systems. the traditional hacker. When rebuffed, they keep probing The opposition can exploit any weakness, so to manage until they find a way in. Once past the defenses, they call risk you must know the security status of all of the systems on their assets time and again to extract data. You would throughout the enterprise. That‘s the essential visibility not classify these attackers as opportunists; they have a that all agencies will be looking for. mission and remain focused on it until they succeed. In an interview with GovInfoSecurity.com, Ron Ross, the head of the team that drew up the NIST guidelines, said Identifying and Managing Risk continuous monitoring “is critical” for making sure that agencies know the security state of their systems on an Given the tactics and tools of cyberwar, IT can no longer ongoing, day-by-day, hour-by-hour basis. “That is the up simply man the barricades and plug whatever holes develop tempo that our adversaries are working in today as they in their defenses. Instead, government must use continuous, launch these very sophisticated cyber attacks against our or protective monitoring, to proactively identify the data critical systems,” he said. most at risk and secure the systems that contain that data. The UK government echoes this belief, citing a major The desired end? Agencies continue to operate and missions benefit of protective monitoring as increased situational remain uncompromised. When it comes to national security, awareness that results from continuously collecting informa- defense and essential parts of the country’s IT infrastruc- tion about threats to, and trends in, critical government ture, that’s the ultimate goal. systems and data. This information enables organizations to In the US, the National Institute of Standards and identify what attacks are occurring, where they’re occurring, Technology (NIST) is responsible for drawing up the guidelines who is behind the attacks, how vulnerabilities have been for certifying and accrediting the security of government IT or are being exploited, current and potential future vulner- systems. NIST puts risk management at the center of its most abilities, attacks in progress, and how to fix issues that led recent revision of those guidelines. The guidelines emphasize to an attack. building solid security into those critical government systems as early in their life cycle as possible. Doing so makes it easier to identify what vulnerabilities and weaknesses remain, which Still a Long Way to Go makes it easier to manage them within the standard risk deter- Most governments around the world still lack the visibil- mination and acceptance process. That’s certainly something ity and situational awareness needed to manage risk. Few that the US Department of Defense (DoD) counts on to keep its know if systems are correctly configured according to a Global Information Grid, the worldwide collection of computers known, good baseline of policies and controls. Few have and networks that drives its operations, up and running, and the ability to receive alerts when system changes result its most important data safe. Of all US government organiza- in insecure configurations so they can fix them before the tions, cyber attackers consider the DoD the prize target. damage occurs. 3 | WHITE PAPER | Cyberwar Threats
  • 4. As part of their annual FISMA report to the US Office of Management and Budget (OMB), US government agencies Tripwire VIA Solutions: must show they have both an agency-wide security con- Visibility, Intelligence, figuration policy, and provide evidence on how well they Automation have implemented various security configurations on their The Tripwire® VIA™ suite delivers the real-time, continuous systems. monitoring organizations need to counter modern cyberwar In a July 2009 report, the US Government Accountability threats, so agencies see the data that matters no matter Office (GAO) said all 24 of the major US federal agencies it how much noise the IT infrastructure generates. Armed with investigated claimed they had a security configuration pol- this visibility, security professionals detect weaknesses and icy in place. But almost all of them had weaknesses in their vulnerabilities, and make fixes before attackers can exploit information security controls, and over 21 had configuration them. Tripwire VIA solutions include Tripwire® Enterprise for management weaknesses. Several agencies did not imple- industry-leading configuration control, and Tripwire® Log ment common secure configuration policies across their Center for next-generation log and security information and systems, the GAO said, and many did not ensure that system event management (SIEM). software changes had been properly authorized, documented Tripwire Enterprise helps organizations focus on the and tested. John Gilligan, a former chief information officer changes that matter with continuous file integrity monitor- for both the Air Force and the Department of Energy, told a ing, compliance policy management, real-time intelligence recent cybersecurity forum that if government organizations that identifies changes that introduce risk or non-compli- deployed and enforced security measures such as configu- ance as they occur, and on-demand automated remediation. ration controls, these organizations could block some 85 With over 300 out-of-the-box policies, Tripwire Enterprise percent of attacks. covers just about any security, regulatory and operational Devices in the network that record security-related policy needed for assessing and managing configurations. events offer another source of useful security information. Specific to US government organizations, Tripwire Enterprise Collecting those logs and having some way of analyz- includes policies for NIST SP 800-53 Rev 3, DISA STIGS and ing them can help flag potential threats. Unfortunately, FISMA requirements. For UK government organizations, most agencies can’t do that right now, due in part to the Tripwire Enterprise includes a Security Policy Framework perceived difficulty in implementing a log management (SPF) policy that can be applied for GCSX CoCo and GPG 13: solution. However, many are starting to realize what those Protective Monitoring requirements. These policies include logs offer. In a recent study, the DoD said that log manage- weighted tests that help IT managers focus on the configu- ment ranked among the highest value controls that could be rations that pose the greatest security risk or most impact used to block attacks. system performance. The security of UK government systems is less publicized, Tripwire Enterprise also allows organizations to capture but the recent inclusion of cybersecurity as a top priority in secure or operationally optimized configurations devel- the SDSR indicates that cybersecurity is top of mind in the oped in-house so these configurations can be re-applied as UK for the foreseeable future. And with the 2012 Olympic needed. And Tripwire Enterprise automates remediation of Games in the works, it’s a certainty that the UK govern- detected issues on-demand for both physical and virtual ment will scrutinize government agencies more than ever to environments. ensure that they have continuously secure system configu- Tripwire Log Center, captures and stores tens of thousands rations and the ability to easily review network and activity of events per second to meet the log management require- logs for potential threats and forensics. ments of many standards and regulations. It also enables 4 | WHITE PAPER | Cyberwar Threats
  • 5. Google-like searches of log activity data for deep forensic analysis. Because Tripwire Log Center supports the most Conclusion popular log transmission protocols, it collects logs from just Cyberwar, with its sophisticated, persistent threats, is about any source out of the box. In addition, Tripwire Log forcing government agencies to move away from an all-or- Center detects and alerts to events that may indicate suspi- nothing approach to security. These organizations must now cious activity. The solution’s graphical tools help correlate focus on protecting essential data and ensuring continuous events, and pinpoint those parts of the infrastructure that availability of critical systems—all without interrupting the could be open to attack. ability of these agencies to conduct the day-to-day busi- As part of the Tripwire VIA suite, Tripwire Enterprise and ness activities required to fulfill their missions. As a result, Tripwire Log Center integrate with each other to provide security becomes a strategic necessity rather than activity a single solution for complete IT security and compliance. that simply complements the other activities of government Using Tripwire solutions, IT can investigate individual agencies. Agencies must now apply risk management prac- changes and events as well as complex sequences of activity tices that ensure systems stay up and running. like suspicious events related to a change that may indicate To do that, security professionals must shift from their a new risk or noncompliance. Combined, these solutions also traditional reactive stance to a more proactive one. Because support incident investigation, reveal patterns of activity they can’t manually plug the holes fast enough, they need a that indicate threats, and help identify downstream impacts way to get ahead of the threats. Key to this is being able to of a given change. The combination also enables organiza- get a clear view of the existing vulnerabilities through the tions to gain instant audit logging capabilities across the noise created by the overwhelming number of systems and entire IT infrastructure without installing additional code. configurations that make up today’s IT enterprise. Equally With the Tripwire VIA suite, organizations gain end-to- key is automation that not only detects the vulnerabilities end visibility across the enterprise, intelligence to help as they occur, but that also enables them to remediate them make better and faster decisions about threats and these vulnerabilities immediately, before the damage occurs. risk, and automation to address and fix the millions and Automation is also critical protecting these systems and billions of changes and events that occur in today’s IT data in the face of decreased budgets and headcounts. infrastructure. Tripwire VIA solutions provide the needed end-to-end visibility of all activity and events across the enterprise so users can identify potential threats in real-time. These leading solutions also deliver actionable intelligence so managers immediately know where misconfigurations, and therefore vulnerabilities and non-compliance, exist. And Tripwire VIA solutions automate much of the work, includ- ing remediation, so government organizations can provide effective security even with today’s reduced budgets and round-the-clock threat environment. 1 “Spending Review 2010: George Osborne wields the axe” (www.bbc.co.uk/news/uk-politics-11579979) 2 “UK police charge 10 people with Zeus fraud” (http://news.cnet. com/8301-1009_3-20018167-83.html?tag=mncol;txt) 3 “Dozens charged in use of Zeus Trojan to steal $3 million” (http:// news.cnet.com/8301-27080_3-20018177-245.html) Cyberwar Threats | WHITE PAPER | 5
  • 6. ABOUT TRIPWIRE Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses and government agencies take control of their entire IT infrastructure. Thousands of customers rely on Tripwire’s integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire® VIA™, the comprehensive suite of industry-leading file integrity, policy compliance and log and security event management solutions, is the way organizations can proactively achieve continuous compliance, mitigate risk and improve operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and TripwireInc on Twitter. ©2010 Tripwire, Inc. | Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. | WPCS2a 2010/11