Easily Compare & Contrast Compliance Reports with Gen7

In this Educational Moment we discuss Comparing and Contrasting Compliance Reports to provide ongoing real time compliance intelligence. Learn how to leverage the information provided for enhanced security and compliance management as well as comparing results from different devices to ascertain any configuration or compliance drift.

We will also provide a sneak peek at the all new Threat Intelligence Engine that will allow you to fully automate change approvals without the need for constant manual review.

This 30 minute educational session works to enhance your understanding of our solutions and unearth features you may not even know exist. Whether you're interested in partner training, customer training, or simply on the market for compliance solutions, we encourage everyone to watch!

Video Transcript

Agenda

  • Educational Moment – 20 Minute Update
  • Compliance – Some of the time? All of the time?
  • Live Demo of Compliance Report Comparer
  • Q & A

Continuous Compliance – Myth?

How often should you be in compliance of your standard?

  • When the Audit is due?
  • Within 6 months of the ROC (Report on Compliance)
  • Always, but if not in compliance, never for more than 7 days

Should you always show a 100% score for any scans/reports?

  • Not at the outset but within 6 months you should
  • Never, it doesn’t matter if you miss a few, that’s our choice
  • 24/7/365 – any time you aren’t 100% you are more vulnerable to attack

Why does partial compliance, some of the time, matter?

Happy Thanksgiving

  • Remember Target?
  • In less than 3 weeks they had lost payment card and personal information relating to 70M customers

When do Cyber-Attacks happen?

  • Thanksgiving?
  • Weekends when it is quieter?
  • Nights when nobody is on duty?  

What do the Security Standards say?

PCI, NIST and all other standards set the bar pretty low

  • File Integrity Checks once a week
  • Vulnerability Scans every 6 months (at best, 30 days)
  • This says more about the limitations of technology available e.g. standard scanners than the need for 24/7 security

Compliance? Continuous and Real-Time!

General Security and Compliance is based on the adoption of Security Best Practices:

  • System Hardening
  • Vulnerability Management
  • System Integrity Monitoring
  • Malware Mitigation
  • Change Control
  • Audit Trails
  • Breach Detection

NNT Change Tracker Gen 7™ underpins any enterprise compliance initiative with CIS-based Audit reports…and now with Compliance Remediation Kits for Group Policy, Puppet and other deployment tools

Live Demo of Compliance Report Comparer

See video opposite for demo

Threat Intelligence Integration – A Mute button for FIM Change Noise

The Reality? – Easy to become overwhelmed

  • Tripwire® Daily FIM Change Report – Necessary but laborious task to assess all changes manually. Time-consuming and the sheer volume of changes could mask genuine security threats.

The File Whitelist Concept – The Opposite of Anti-Virus

Anti-Virus is Signature-based – a blacklist of all bad files

  • As malware is identified, signatures are added to the AV system
  • If signatures are identified as present on a system, the files can be quarantined
  • Zero Day Malware is invisible to AV, Zero Day = Never-Before-Seen, so no signature
  • So how do you spot Zero Day malware if it can’t be identified?

Whitelist is also signature-based - a whitelist of all good files

  • We also need knowledge of all known-good files, then any files not on EITHER the whitelist OR the blacklist list should be treated as suspicious

NNT F.A.S.T. Cloud

NNT now provide a cloud-based Threat Intelligence service, continuously updated with file reputation intel sourced directly from Manufacturers (can be cached locally for isolated estates)…

…this is powered by leading File Whitelisting and File Reputation providers and then enhanced with NNT Patch Correlating Intelligent Planned Change rules…

…as file changes are detected in real-time the NNT Threat Intelligence cloud is queried for the file reputation data and either classified as Planned or Unplanned if needing investigation…

Summary

  • By Default, the service is cloud-delivered but can use a localized repository instead
  • The NNT FAST Cloud is powered by Kaspersky Whitelist, which contains 100M’s of files pre-analysed with around a million new files added/updated every day
  • Crucially, NNT FAST Cloud is both dynamic and bespoke –
    • Intelligence from YOUR environment is added every day via Intelligent Planned Change feedback
    • Bespoke, because even in-house, unique applications to you will be added to the FAST Cloud

Change Tracker Generation 7 logo

NNT Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.