Educational Moment:
Easily Compare & Contrast Compliance Reports with Gen7

Continuous Compliance – Myth?

How often should you be in compliance of your standard?

• When the Audit is due?
• Within 6 months of the ROC (Report on Compliance)
• Always, but if not in compliance, never for more than 7 days

Should you always show a 100% score for any scans/reports?

• Not at the outset but within 6 months you should
• Never, it doesn’t matter if you miss a few, that’s our choice
• 24/7/365 – any time you aren’t 100% you are more vulnerable to attack

Why does partial compliance, some of the time, matter?

Happy Thanksgiving

• Remember Target?
• In less than 3 weeks they had lost payment card and personal information relating to 70M customers

When do Cyber-Attacks happen?

• Thanksgiving?
• Weekends when it is quieter?
• Nights when nobody is on duty?  

What do the Security Standards say?

PCI, NIST and all other standards set the bar pretty low

• File Integrity Checks once a week
• Vulnerability Scans every 6 months (at best, 30 days)
• This says more about the limitations of technology available e.g. standard scanners than the need for 24/7 security

Compliance? Continuous and Real-Time!

General Security and Compliance is based on the adoption of Security Best Practices:

• System Hardening
• Vulnerability Management
• System Integrity Monitoring
• Malware Mitigation
• Change Control
• Audit Trails
• Breach Detection

NNT Change Tracker Gen 7™ underpins any enterprise compliance initiative with CIS-based Audit reports…and now with Compliance Remediation Kits for Group Policy, Puppet and other deployment tools

Live Demo of Compliance Report Comparer

See video opposite for demo

Threat Intelligence Integration – A Mute button for FIM Change Noise

The Reality? – Easy to become overwhelmed

• Tripwire® Daily FIM Change Report – Necessary but laborious task to assess all changes manually. Time-consuming and the sheer volume of changes could mask genuine security threats.

The File Whitelist Concept – The Opposite of Anti-Virus

Anti-Virus is Signature-based – a blacklist of all bad files

• As malware is identified, signatures are added to the AV system
• If signatures are identified as present on a system, the files can be quarantined
• Zero Day Malware is invisible to AV, Zero Day = Never-Before-Seen, so no signature
• So how do you spot Zero Day malware if it can’t be identified?

Whitelist is also signature-based - a whitelist of all good files

• We also need knowledge of all known-good files, then any files not on EITHER the whitelist OR the blacklist list should be treated as suspicious

NNT F.A.S.T. Cloud

NNT now provide a cloud-based Threat Intelligence service, continuously updated with file reputation intel sourced directly from Manufacturers (can be cached locally for isolated estates)…

…this is powered by leading File Whitelisting and File Reputation providers and then enhanced with NNT Patch Correlating Intelligent Planned Change rules…

…as file changes are detected in real-time the NNT Threat Intelligence cloud is queried for the file reputation data and either classified as Planned or Unplanned if needing investigation…

Summary

• By Default, the service is cloud-delivered but can use a localized repository instead
• The NNT FAST Cloud is powered by Kaspersky Whitelist, which contains 100M’s of files pre-analysed with around a million new files added/updated every day
• Crucially, NNT FAST Cloud is both dynamic and bespoke –
  • Intelligence from YOUR environment is added every day via Intelligent Planned Change feedback
  • Bespoke, because even in-house, unique applications to you will be added to the FAST Cloud