SlideShare une entreprise Scribd logo

Stop Advanced Adversaries: With the Top 5 Critical Controls

Télécharger en tant que PPTX, PDF
Tripwire
Tripwire

Unplanned change is the enemy of security and availability. Whether it comes from an advanced adversary, a malicious insider or a trusted employee, understanding change in your IT environment can help you identify the difference between a simple modification and a malicious attack. Travis Smith, Principal Security Researcher at Tripwire, demonstrates real-world attacks, analyzes how attackers commonly gain access to improperly configured systems, and shows the impact data breaches can have on an organization. You will get a breakdown of the Center for Internet Security’s (CIS) Critical Security Controls, which when implemented, can reduce your risk of cyber attack by up to 85% by: • Continuously inventorying all hardware/software assets • Establishing standard secure configurations • Running automated vulnerability scanning tools • Minimizing anomalous behavior with better administrative privileges

Technologie
1  sur  48
MEGASCAN required to reassess Traditional Assessment  Continuous Configuration, Detection & Response  The Goal is Security, not Audit  Lower Costs, Greater Efficiency  Increased Availability, Detect and Respond  Measurable, Sustainable, Reliable Continuous Diagnostics and Mitigation Manual Configuration Assessment
C:WindowsInfUsbstor.pnf C:WindowsInfUsbstor.inf
Net.exe start > services.txt
•Baselining Systems Tells You What You Currently Have •Files, Registry, Database Configurations, Network Devices, Active Directory, Critical Infrastructure Know Your Current System State •Security Policies Can Define Your Desired State •Industry Standard Hardening, Compliance, Self-Created Know your Desired System State •Compare Your State To Desired and Correct Differences •Assessment, Deviations, Variance, Remediation, Automation Know How To Transition From Current To Desired State •Agent and Agentless Change Detection •Scheduled Scanning & Real Time Know When Your Desired State Changes •Deep Change Inspection •Who, What, When, Where, Detailed Content, Change Management Processes Know Why & Who made Changes •Sources Of Truth •Change Windows, Patch Reconciliation, BAU, CMDB Reconciliation, Threat Intel Know If Changes Are Good or Bad •Inspect, Take Action, Report •Historical Changes, Auto-Remediate, Audit Ready, Change Dashboards Know How To Respond, Alert and Share
tripwire.com | @TripwireInc

Recommandé

Ch01
Ch01Ch01
Ch01Kodok Ngorex
 
Ch02
Ch02Ch02
Ch02Kodok Ngorex
 
Ch07
Ch07Ch07
Ch07Kodok Ngorex
 
Ch03
Ch03Ch03
Ch03Kodok Ngorex
 
Тестирование данных с помощью Data Quality Services (MS SQL 12)
Тестирование данных с помощью Data Quality Services (MS SQL 12)Тестирование данных с помощью Data Quality Services (MS SQL 12)
Тестирование данных с помощью Data Quality Services (MS SQL 12)SQALab
 
Test data management
Test data managementTest data management
Test data managementRohit Gupta
 
Kevin kan- the 11th annual Human Factors IUW 2010
Kevin kan- the 11th annual Human Factors IUW 2010Kevin kan- the 11th annual Human Factors IUW 2010
Kevin kan- the 11th annual Human Factors IUW 2010Maryam Ashoori
 
Agaram data integrity problem and solution
Agaram data integrity problem and solutionAgaram data integrity problem and solution
Agaram data integrity problem and solutionAgaram Technologies
 

Recommandé

Ch01
Ch01Ch01
Ch01Kodok Ngorex
 
Ch02
Ch02Ch02
Ch02Kodok Ngorex
 
Ch07
Ch07Ch07
Ch07Kodok Ngorex
 
Ch03
Ch03Ch03
Ch03Kodok Ngorex
 
Тестирование данных с помощью Data Quality Services (MS SQL 12)
Тестирование данных с помощью Data Quality Services (MS SQL 12)Тестирование данных с помощью Data Quality Services (MS SQL 12)
Тестирование данных с помощью Data Quality Services (MS SQL 12)SQALab
 
Test data management
Test data managementTest data management
Test data managementRohit Gupta
 
Kevin kan- the 11th annual Human Factors IUW 2010
Kevin kan- the 11th annual Human Factors IUW 2010Kevin kan- the 11th annual Human Factors IUW 2010
Kevin kan- the 11th annual Human Factors IUW 2010Maryam Ashoori
 
Agaram data integrity problem and solution
Agaram data integrity problem and solutionAgaram data integrity problem and solution
Agaram data integrity problem and solutionAgaram Technologies
 
Building a Data Quality Program from Scratch
Building a Data Quality Program from ScratchBuilding a Data Quality Program from Scratch
Building a Data Quality Program from Scratchdmurph4
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
Data Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceData Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceStratebi
 
Top 10 Reasons Why You Need a CTMS
Top 10 Reasons Why You Need a CTMSTop 10 Reasons Why You Need a CTMS
Top 10 Reasons Why You Need a CTMSPerficient
 
Database Health-Check Consulting Service
Database Health-Check Consulting ServiceDatabase Health-Check Consulting Service
Database Health-Check Consulting ServiceOnomi
 
Data Driven Testing Is More Than an Excel File
Data Driven Testing Is More Than an Excel FileData Driven Testing Is More Than an Excel File
Data Driven Testing Is More Than an Excel FileMehmet Gök
 
How healthy is your network?
How healthy is your network?How healthy is your network?
How healthy is your network?Marco van den Akker
 
Automation – Way Forward to Achieve Data Integrity
Automation – Way Forward to Achieve Data IntegrityAutomation – Way Forward to Achieve Data Integrity
Automation – Way Forward to Achieve Data IntegrityMukunth Venkatesan
 
Dev ops toronto
Dev ops torontoDev ops toronto
Dev ops torontoCarmen Miller
 
iclaim_emrx_overview_autorun_deck_0215a
iclaim_emrx_overview_autorun_deck_0215aiclaim_emrx_overview_autorun_deck_0215a
iclaim_emrx_overview_autorun_deck_0215aMickey Weis
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyKevin Lloyd
 
DECIDE4ACTION Presentation
DECIDE4ACTION PresentationDECIDE4ACTION Presentation
DECIDE4ACTION PresentationRichard Bergeron
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technologynerdsonsite
 
Testing systemqualities agile2012
Testing systemqualities agile2012Testing systemqualities agile2012
Testing systemqualities agile2012drewz lin
 
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph YoderTesting System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph YoderJoseph Yoder
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISOSecurity Bootcamp
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGSri Latha
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxImXaib
 
Jaxxon consulting presentation
Jaxxon consulting presentationJaxxon consulting presentation
Jaxxon consulting presentationDarrin Jackson
 

Contenu connexe

Tendances

Building a Data Quality Program from Scratch
Building a Data Quality Program from ScratchBuilding a Data Quality Program from Scratch
Building a Data Quality Program from Scratchdmurph4
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
Data Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceData Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceStratebi
 
Top 10 Reasons Why You Need a CTMS
Top 10 Reasons Why You Need a CTMSTop 10 Reasons Why You Need a CTMS
Top 10 Reasons Why You Need a CTMSPerficient
 
Database Health-Check Consulting Service
Database Health-Check Consulting ServiceDatabase Health-Check Consulting Service
Database Health-Check Consulting ServiceOnomi
 
Data Driven Testing Is More Than an Excel File
Data Driven Testing Is More Than an Excel FileData Driven Testing Is More Than an Excel File
Data Driven Testing Is More Than an Excel FileMehmet Gök
 
Automation – Way Forward to Achieve Data Integrity
Automation – Way Forward to Achieve Data IntegrityAutomation – Way Forward to Achieve Data Integrity
Automation – Way Forward to Achieve Data IntegrityMukunth Venkatesan
 
iclaim_emrx_overview_autorun_deck_0215a
iclaim_emrx_overview_autorun_deck_0215aiclaim_emrx_overview_autorun_deck_0215a
iclaim_emrx_overview_autorun_deck_0215aMickey Weis
 

Tendances (10)

Building a Data Quality Program from Scratch
Building a Data Quality Program from ScratchBuilding a Data Quality Program from Scratch
Building a Data Quality Program from Scratch
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation
 
Data Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceData Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open Source
 
Top 10 Reasons Why You Need a CTMS
Top 10 Reasons Why You Need a CTMSTop 10 Reasons Why You Need a CTMS
Top 10 Reasons Why You Need a CTMS
 
Database Health-Check Consulting Service
Database Health-Check Consulting ServiceDatabase Health-Check Consulting Service
Database Health-Check Consulting Service
 
Data Driven Testing Is More Than an Excel File
Data Driven Testing Is More Than an Excel FileData Driven Testing Is More Than an Excel File
Data Driven Testing Is More Than an Excel File
 
How healthy is your network?
How healthy is your network?How healthy is your network?
How healthy is your network?
 
Automation – Way Forward to Achieve Data Integrity
Automation – Way Forward to Achieve Data IntegrityAutomation – Way Forward to Achieve Data Integrity
Automation – Way Forward to Achieve Data Integrity
 
Dev ops toronto
Dev ops torontoDev ops toronto
Dev ops toronto
 
iclaim_emrx_overview_autorun_deck_0215a
iclaim_emrx_overview_autorun_deck_0215aiclaim_emrx_overview_autorun_deck_0215a
iclaim_emrx_overview_autorun_deck_0215a
 

Similaire à Stop Advanced Adversaries: With the Top 5 Critical Controls

Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyKevin Lloyd
 
DECIDE4ACTION Presentation
DECIDE4ACTION PresentationDECIDE4ACTION Presentation
DECIDE4ACTION PresentationRichard Bergeron
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technologynerdsonsite
 
Testing systemqualities agile2012
Testing systemqualities agile2012Testing systemqualities agile2012
Testing systemqualities agile2012drewz lin
 
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph YoderTesting System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph YoderJoseph Yoder
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISOSecurity Bootcamp
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGSri Latha
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxImXaib
 
Jaxxon consulting presentation
Jaxxon consulting presentationJaxxon consulting presentation
Jaxxon consulting presentationDarrin Jackson
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
Heuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityHeuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityjicheng687
 
Qa what is_clinical_data_management
Qa what is_clinical_data_managementQa what is_clinical_data_management
Qa what is_clinical_data_managementHitesh Kadam
 
Clinical Data Management
Clinical Data ManagementClinical Data Management
Clinical Data ManagementMahesh Koppula
 
DevOpsDays Chicago 2014 - Controlling Devops
DevOpsDays Chicago 2014 - Controlling DevopsDevOpsDays Chicago 2014 - Controlling Devops
DevOpsDays Chicago 2014 - Controlling DevopsBrian Henerey
 

Similaire à Stop Advanced Adversaries: With the Top 5 Critical Controls (20)

Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentation
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentation
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
 
DECIDE4ACTION Presentation
DECIDE4ACTION PresentationDECIDE4ACTION Presentation
DECIDE4ACTION Presentation
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
 
Testing systemqualities agile2012
Testing systemqualities agile2012Testing systemqualities agile2012
Testing systemqualities agile2012
 
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph YoderTesting System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
Testing System Qualities Agile2012 by Rebecca Wirfs-Brock and Joseph Yoder
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISO
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODING
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
 
Jaxxon consulting presentation
Jaxxon consulting presentationJaxxon consulting presentation
Jaxxon consulting presentation
 
Network Configuration Management - Mumbai Seminar
Network Configuration Management - Mumbai SeminarNetwork Configuration Management - Mumbai Seminar
Network Configuration Management - Mumbai Seminar
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
 
Heuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityHeuristics ofsoftwaretestability
Heuristics ofsoftwaretestability
 
Qa what is_clinical_data_management
Qa what is_clinical_data_managementQa what is_clinical_data_management
Qa what is_clinical_data_management
 
Clinical Data Management
Clinical Data ManagementClinical Data Management
Clinical Data Management
 
Clinical data management
Clinical data management Clinical data management
Clinical data management
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
DevOpsDays Chicago 2014 - Controlling Devops
DevOpsDays Chicago 2014 - Controlling DevopsDevOpsDays Chicago 2014 - Controlling Devops
DevOpsDays Chicago 2014 - Controlling Devops
 

Plus de Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 

Plus de Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Dernier

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Stop Advanced Adversaries: With the Top 5 Critical Controls

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22. MEGASCAN required to reassess Traditional Assessment  Continuous Configuration, Detection & Response  The Goal is Security, not Audit  Lower Costs, Greater Efficiency  Increased Availability, Detect and Respond  Measurable, Sustainable, Reliable Continuous Diagnostics and Mitigation Manual Configuration Assessment
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. Net.exe start > services.txt
  • 46.
  • 47. •Baselining Systems Tells You What You Currently Have •Files, Registry, Database Configurations, Network Devices, Active Directory, Critical Infrastructure Know Your Current System State •Security Policies Can Define Your Desired State •Industry Standard Hardening, Compliance, Self-Created Know your Desired System State •Compare Your State To Desired and Correct Differences •Assessment, Deviations, Variance, Remediation, Automation Know How To Transition From Current To Desired State •Agent and Agentless Change Detection •Scheduled Scanning & Real Time Know When Your Desired State Changes •Deep Change Inspection •Who, What, When, Where, Detailed Content, Change Management Processes Know Why & Who made Changes •Sources Of Truth •Change Windows, Patch Reconciliation, BAU, CMDB Reconciliation, Threat Intel Know If Changes Are Good or Bad •Inspect, Take Action, Report •Historical Changes, Auto-Remediate, Audit Ready, Change Dashboards Know How To Respond, Alert and Share