Cybersecurity Overconfidence

Do You Really Know Yourself?

Ed SmithSr. Product Marketing ManagerVM ProductsTripwire

2

Warning

Photo Credit: BethAndWarren.com

3Photo Credit: Wikipedia

4Photo Credits: Wikipedia

5

The basics are boring, yet necessaryMost of us know this, but do we act accordingly?

6

7

Agenda

Are IT pros overconfident? What could be causing overconfidence? What can you do about it?

8

Unauthorized Devices

87% of finance respondents believe they can isolate or remove unauthorized devices within minutes or hours.

75% of finance respondents say they automatically discover 80% or less of the hardware assets on their networks.

9

Tracking Critical Details

ONLY 37% of finance respondents say their automated tools are able to identify locations, department and other critical details about unauthorized configuration changes to network devices.

10

Knowledge Gap?

11

Vulnerability Scanning

92% believe their vulnerability scans will alert of an unauthorized device within a few hours.

59% are unsure how long it actually takes.

12

Detecting Configuration Changes

82% believe it takes less than a few hours to detect configuration changes to a device on their network.

59% are unsure how long it actually takes

13

Unauthorized Assets and Changes

14

Unattended Vulnerabilities

of vulnerabilities are not fixed within 30 days.

15

Patch Success Rate

40% of financial respondents said that fewer than 80 percent of patches succeed in a typical patch cycle.

16

Centralized Logging

One-third DO NOT log appropriately to a centralized system

17

Unauthorized Access

29%do not detect every attempt by users without appropriate privileges who try to access files on local systems or network-accessible file shares.

18

19

Situational AwarenessWhat Kind of Organization Are You?

Public, Private, Government, Non-profit Industry Regulatory Compliance High or low tech Supply chain and partners Locations

20

The Security Maturity Model

Download the EDR for Dummies book from www.tripwire.com

21

Challenges to Knowing Yourself

Limited visibility to identify devices and changes

Missing key information

Limited resources

22

Doing the (not-so-boring) BasicsDiscovery, Vulnerability Assessment & Configuration Assessment

Continuously Know What Assets are on Your Network• Find unauthorized devices and applications to disable them• Remove or disable rogue or risky assets

Fix What Attackers are Targeting• Prioritize based on ease of attack, exploit-kit availability, potential impact• Identify changes associated with high-risk vulnerabilities and applications

Leverage Integrations to Automate Workflows• Capture and share tribal knowledge• Automate actions to increase efficiency and reduce error

23

Summary

• Understand what you have• You can’t manage what you can’t see• It’s less expensive to be proactive

24

Fighting the 1,000 Battles

tripwire.com | @TripwireInc