Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Size: px

Start display at page:

Download "Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015"

Madeleine Perkins
8 years ago
Views:

1 Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

2 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source roots 2005 Tripwire Enterprise Integrated Change Audit for Servers, Network Devices, Databases & AcBve Directory 2007 Configura8on Assessment Industry s largest library of security, regulatory and operabonal policies 2010 Log and Security Event Management Integrated log and event management solubon 2011 Thoma Bravo acquires Tripwire Accelerates Tripwire s CreaBng Real Confidence vision 2013 NERC CIP v3 Tripwire acquires ncircle Industry s most complete set of foundabonal security controls for the enterprise SCM, VA, FIM, LM 2015 Belden acquires Tripwire Expansion into broader Energy customer base 2

3 Critical Security Controls Tripwire solution support for the 20 Critical Security Controls (CSC) 20 Critical Security Controls NSA Rank CSC1 CSC2 Inventory H/W Assets, Criticality, and Location Inventory S/W Assets, Criticality, and Location Very High CSC3 Secure Configuration Servers Very High CSC4 Vulnerability Assessment and Remediation CSC5 Malware Protection High/Medium CSC6 Application Security High Tripwire Solutions 20 Critical Security Controls NSA Rank CSC1 CSC2 Inventory H/W Assets, Criticality, Very High and Location Inventory S/W Assets, Criticality, Very High and Location CSC11 Limit and Control Network Ports, Protocols, and Services High/Medium CSC12 Control Admin Privileges High/Medium CSC13 Boundary Defense High/Medium CSC14 Very High Very High Maintain, Monitor, and Analyze Audit Logs Medium CSC15 Need-to-Know Access Medium CSC3 Secure Configuration Servers Very High Tripwire Solutions CSC16 Account Monitoring and Control Medium CSC7 Wireless Device Control High CSC4 Vulnerability Assessment and Remediation CSC8 Data Recovery Medium CSC17 Data Loss Prevention Medium/Low Very High CSC18 Incident Response Medium CSC9 Security Skills Assessment Medium CSC19 Secure Network Engineering (secure coding) Low CSC10 Secure Config-Network High/Medium CSC20 Penetration Testing and Red Team Exercises Low 3

4 Is UBlity Security different? YES Cyber security core principles are ConfidenBality, Integrity and Availability (CIA Triad). Industrial Control Systems (ICS) look at the triad in reverse order from typical IT Business systems. 4

5 Tripwire Technology Alliance Partner Ecosystem ANALYTICS & SIEM IT SERVICE MANAGEMENT NERC ALLIANCE NETWORK IDENTITY MANAGEMENT PLATFORM PARTNERS NETWORK SECURITY THREAT INTELLIGENCE SECURITY COMMUNITY PARTNERS 5

6 Tripwire helps meet 20 of 32 CIP requirements

8 Tripwire Enterprise Demo

9 Tripwire IP360 Vulnerability Management Suite Hardware Appliances Tripwire Security Intelligence Hub Enterprise Dashboards Trend Reports Audit Ready reports Drill Down Reports Virtual Appliances Cloud-Based Scanning Tripwire Research DISCOVER PRIORITIZE ANALYZE SCALE 9

10 Application-centric Vulnerability Detection Efficient, Accurate, Non-intrusive, and automated application inventory Sendmail Address Prescan Memory Corruption Vulnerability Sendmail DNS Map TXT Record Buffer Overflow Vulnerability Sendmail File Locking Denial Of Service Vulnerability Sendmail Header Processing Buffer Overflow Vulnerability Sendmail Long Ident Logging Circumvention Weakness IIS 3.0 and 4.0 SSL "Error Message" Vulnerability IIS 4 Redirect Remote Buffer Overflow Vulnerability IIS 4 Web Server Available IIS 4.0 IISADMPWD Proxied Password Attack IIS 4.0/5.0 File Permission Canonicalization Vulnerability IIS 4.0/5.0 Malformed File Extension DoS Vulnerability IIS Administrative Pages Cross Site Scripting Vulnerabilities IIS IIS Chunked Encoding Transfer Heap Overflow Vulnerability IIS Escape Character Parsing Vulnerability IIS Failure To Log Undocumented TRACK Requests Vulnerability IT SECURITY & COMPLIANCE AUTOMATION

11 Asset Values and Prioritization CVE ID Vulnerability CVSS Score Tripwire Granular Risk Scoring CVE MS08-067: Microso] Windows Server Service RPC Handling Remote Code ExecuBon Vulnerability CVE Wind River VxWork WDB Agent Debug Service Remote Access Breach Vulnerability CVE Apple Mac OS X Net- SNMP Remote AuthenBcaBon Bypass Vulnerability CVE MS11-004: Microso] IIS FTP Service Heap Buffer Overrun Vulnerability CVE CESA- 2008:0890 Wireshark Buffer Overflow CVE IBM WebSphere ApplicaBon Server JSP unspecified Vulnerability 10 0 Network and host-level asset values provide prioritization within the context of business Value Function Geography Business Unit

12 Portal for IT Security Audiences

13 Portal for IT Security Audiences

14 Real-time Analytics: Focus Focus breaks the traditional scan, then report paradigm and enables security professionals to immediately assess network risk through a query-based interface and focus their actions. è Your log monitoring service alerts you to a large amount of traffic being generated by a host on your network. What type of host is it, what applications is it running, what ports are open, what vulnerabilities does it have, and who owns it? è A new DoS attack is out for Cisco IP Phones, and no patch is available yet where are the IP phones on your network that are running the vulnerable software version? IT SECURITY & COMPLIANCE AUTOMATION

15 Log and Events Log Intelligence and Event Management Tripwire Log Center (TLC) > Complete audit log capture > Retention of all log events > Intelligent normalization and correlation rules > Detection > Alerting 15 > Reducing false positives > Customized reports and dashboards > Audit evidence of compliance reporting > Forensic tool Contributes to nearly all: Logging and monitoring Alerts and alarms as well as audit-ready reporting (across many of the CIP requirements)

16 Robert Held Sr. Systems Engineer Strategic Energy (816) Thank you

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE