Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • The Importance of Content for Security Tools like Tripwire
  • Data Breach

The Importance of Content for Security Tools like Tripwire

5 years ago Ray Lapena
Digital information noise stream

Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning nose, but she’s not trained to detect these things and wouldn’t be able to tell me when she finds something troublesome.

That difference is kind of how I see the difference between a security solution that is backed by good content and one that is not. A dog’s nose has up to 300 million olfactory sensors (a lot), but it needs a reference for differentiating illegal substances from the allowable travel essentials.

To explain more on what that means from a security solution standpoint, I sat down with principal security researcher Travis Smith, who heads up a lot of the content development at Tripwire. Here’s our discussion:

Ray Lapena: What does “content” mean in the context of our tools?

Travis Smith: Content for Tripwire Enterprise is really the data leveraged by Tripwire Enterprise that customers can use. So, content comes in the form of either policies – things like PCI or hardening like CIS – or in the form of something like policy rules which feed in to allow us to actually score these policy tests. But we also have our change detection rules that are monitoring for change on the endpoint.

RL: So, why is content an important aspect to consider when looking at a security solution? How do you differentiate what a solution’s functionalities are versus the content and how do those things work together?

TS: If we look at the different kinds of markets, we have FIM or file integrity monitoring looking specifically for change, and we also have SCM for configuration management of your different assets. The content is really telling one of those solutions what to do.

A big driver is something like compliance. That’s really the driver behind that and which makes SCM content valuable. We don’t want to monitor everything on an asset that’s changing. If we’re looking at things like files and registry and services and ports and processes, all these things, all that stuff changes very frequently on endpoints. So, having content to focus that down to what we expect are important changes.

Gauging Various Levels of Security Content

RL: If you’re looking at a FIM solution or an SCM solution, how do you differentiate one that has good content versus one that has not as great content?

TS: A couple of different things that you would want to assess if you’re looking for “good content” for SCM or FIM solutions. Two of the main drivers is really platform support and policy coverage.

So, you want to have a solution that’s going to be able to cover as many of your assets that you’re under, that your organization has deployed, as possible if not all of them. So not only your Windows and your Linux type servers but your applications and databases and network devices like your firewalls and switches and those types of things. So, something that can cover all of those and have content for them.

If you want to have PCI compliance, you need to have every one of your computing components, your file servers and your databases and even the networking components that are processing credit cards and transferring that data back and forth. All those are in scope. You want something that’s going to be able to do that.

The second component is you want to be able to have the actual content for those things. Going with the PCI example, say your different assets are split between 70% host-based platforms such as Windows or Linux and 30% network devices. That minority of devices might not have coverage under a given PCI product, which means that’s not going to be as valuable to you. You’re not going to get as much value out of that product as another one that would have the PCI coverage for all of those different platforms and types of devices.

RL: Does content go out of date? Is it an issue for people when they’re buying a solution?

TS: Content can go out of date. It is possible. There are updates to compliance frameworks. So that needs to continue to be updated if you’re using actual security content.

From the change management side, things are constantly getting updated to reflect what we want to be monitoring on those systems. So, there’s things that are noisy and changing that aren’t very important. Looking at new files or new features, new services that are on endpoints or network devices that are changing, we want to be able to make sure we have insight into that.

Why a Content Team is Important to a Security Vendor

RL: What does it mean to have a content team at Tripwire or for any vendor for that matter?

TS: The importance of having an actual content team that’s dedicated to creating this content as specifically that this content is continually changing, and they need to be continually updating. Here at Tripwire, we have a dedicated team that is updating this content every couple of weeks.

RL: How does having that team play into the competitiveness or differentiation for our SCM and FIM products?

TS: The differentiation for Tripwire specifically is that we have support for over 30 plus frameworks that we have actual content for. And we have well over three thousand policies available across those different 30 frameworks. That is the biggest differentiator that we have—the most broad scope of coverage that’s going to cover the most assets across the most number of policies. Any kind of compliance need that a customer would have, Tripwire is going to have content for it. If we don’t, the content team that I’m responsible for will release new versions, or if there’s a policy framework that just came out that a customer finds very important, they can send those requests to myself and my team, and we will release that content and get that available for customers as soon as possible.

Every month, we’re releasing about 50 pieces of new content with each month’s release. We’re releasing well over 30 to 40 policies each month. So that could be either content that customers have requested from us, or we are actually keeping up and looking at all of the updates that are coming out.

RL: It seems like a lot to track. How is content prioritized?

TS: Across everything that is coming out, Tripwire will look at the content that our customers are already using. We’re looking at what platforms customers are using most frequently, most often. So, things like Windows or Red Hat are very high priority for us. But it could also be driven by the new compliance frameworks that are coming out.

RL: How do people handle this if they don’t have Tripwire?

TS: So, there are different maturity models. When we’re looking at something like SCM, the less mature organizations are going to be doing things very manually like looking at the CIS website to see if there’s any updates. And if there is something with that or if it is time for your PCI audit, to manually go through an audit the machines and find the machines, check the settings and create the report is not only just a lot of work. It costs a lot of money, and it’s not very fun.

If you’re using something like a Tripwire, you can automate a lot of that for you. You can automate the ability to then say, “Okay, there’s new content available.” We can then put that in there. We’re just going to continually scan our system for PCI. So, once a week or once a month, whatever your scheduling cadence would want to be, you have that historical picture of what your PCI compliance looks like for all of your different assets you have under and within scope of that specific compliance framework. When the auditor comes around, you just pass them the report from Tripwire Enterprise. And instead of it being this long lengthy drawn-out process, you’ve already hit the ground running instead of hitting the ground crawling.

The Advantages of Having The Right Content

Travis and the content team work hard to build and maintain a comprehensive content library. The depth and breadth of the content is what makes Tripwire solutions so effective at covering environments so comprehensively – across the wide variety of platforms, frameworks, and policies.

It also allows us to provide support across industries. With policy coverage for PCI, Tripwire works for retailers; with NERC we’re supporting energy companies; and with HIPAA, our solution operates in healthcare. With the right content, our solutions are trained to find the right things across all these environments. Kind of like the airport dog sniffing through different kinds of luggage, just not as cute.

To learn more about how Tripwire’s solutions use this comprehensive content library, click here.

The post ” The Importance of Content for Security Tools like Tripwire” appeared first on TripWire

Source:TripWire – Ray Lapena

Tags: Finance, High Severity, Linux, TripWire

Continue Reading

Previous Google Fixes Mysterious Audio Recording Blip in Smart Speakers
Next New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)

Recent Posts

  • ⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
  • Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
  • eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
  • Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT