Enterprises today are dealing with “it’s not a matter of if you will be breached but a matter of when.” Executives are taking an increased interest in their organization’s security posture and the impact on business goals and objectives—their job depends on it. Because of this, there is a need to quickly detect, prioritize and remediate information technology risks.
This presentation highlights how security professionals can leverage security controls and analytics to gain more visibility and business context, in order to protect sensitive data from breaches, vulnerabilities and threats.
2. | Smart Metrics, Intelligent Decisions
Agenda
Introductions
About Brinqa and Tripwire
Security Analytics
Integrated Security Analytics Solution
Use Cases
Demo
3. | Smart Metrics, Intelligent Decisions
Software Company, Founded in 2008 – HQ in Austin, TX, U.S.A
Global Presence, Worldwide Channels, Rapid Growth
Addresses – The Biggest Challenge in Risk Analysis
Reduce your risk exposure by assessing, prioritizing, responding, and communicating the
most critical and relevant risks to your business?
Proven Technology – Innovative Solutions
Trusted by Fortune 100 companies, Unified Analytics Platform
Brinqa Overview
7. | Smart Metrics, Intelligent Decisions
“Enterprises can achieve significant savings when using analytics to
stop crime and security infractions”
“Security intelligence with analytics offers real results.”
8. | Smart Metrics, Intelligent Decisions
Key Challenges in Analyzing Security Risk
Disparate security risk inventories
Manual, inconsistent data aggregation and correlation
Subjective, non-standard risk measurement
Lack of business context based reporting
11. | Smart Metrics, Intelligent Decisions
Determine business impact of vulnerabilities
and incidents
Prioritize incidents based on impact and
importance
Quantitative analysis to determine business
cost of vulnerabilities and incidents
Normalization of vulnerabilities and incidents
from different sources
Analyze and evaluate incident priorities based
on organizational goals and mandates
65% reduction
Issue/incident
remediation efforts
55% reduction
Assessment efforts
70% reduction
Information
gathering efforts
13. | Smart Metrics, Intelligent Decisions
Business Driver
Large number (1M+) of vulnerabilities reported daily from the
scanners scanning infrastructure supporting internal and external
applications. The Information security team have been mandated
with the following
• Identify the key vulnerabilities that pose the highest risk
to the Business Application
• Reduce remediation time of App and Infrastructure
teams by highlighting the most important vulnerabilities
• Provide visibility to the management (VP, Director) by
providing flexible and easier reporting on vulnerabilities
Brinqa Solution
• Holistic asset and application inventory with a complete
hierarchy providing a view where Process
Application Physical Server Virtual IP
• Consolidation and remediation by Application instead of
individual vulnerabilities
• Risk analysis using the application and business
process context to highlight key vulnerabilities
impacting assets
• Central warehouse to report on all issues and risks
• Closed loop remediation for host vulnerabilities
Fortune 10 Global Technology Firm
Customer Profile
Fortune 10 global technology
company
14. | Smart Metrics, Intelligent Decisions
Business Driver
The key business requirements are
• Holistic view of Risk reported across various areas
including –
Technology
Regulatory
User Developed Applications
Internal Audit
• Costly labor spent on fixing issue. The driver was to
prioritize issues in various areas based on risk and
remediate them
• Flexible and easy reporting on top risks impacting
each area to management (COO, CTO, Director, VP
etc.)
Brinqa Solution
• Centralized inventory to capture information from
various areas including asset inventory of complete
technology stack , Business area to audit and
regulatory information mapping
• Flexible Risk Analysis on information captured in
each area and reporting based on various areas
• Simulation analysis to produce reports based on
scenarios
Global Financial Institution
Customer Profile
• Major global investment bank based in
Europe is one of the top 5 banks in the
world.
• 800 critical applications, 17000 Servers,
2300 Databases
We have a suite of solutions that are unique in delivering Security Intelligence-- detecting indicators of Breach, Compromise and Vulnerability.
Our suite includes vulnerability management, security configuration management , file integrity monitoring and log intelligence.
Real-time reliable data collection is critical in closing the cybersecurity gap—being able to respond quickly to the advanced level of attacks underway today is the only way to effectively minimize loss.
No one has all the resources they need to fix everything on their network; being able to find and focus on the things that really matter to the business and create the most risk is critical—having relevant business context is the only way to connect your security efforts to what matters to your business and the risks you want to minimize.
Automation—to apply intelligence and drive automation for more effective operations
Enterprise integration with other enterprise systems
The market for better security analytics solutions continues to expand as a number of high profile security breaches demonstrates the high cost of not protecting business-critical systems, data and applications. Current threats are complex and driven by very motivated adversaries. CISOs and CIOs are taking an increased interest in their organization’s security posture, making it more important than ever to tell a full story from the security and risk data embedded in modern IT security controls.
In a recent Gartner survey of CIOs, analytics and business intelligence was ranked as the top priority. Forester views analytics as a top security trend for 2014, saying analytics will help better predict threats and protect data. Safeguarding the enterprise from dangerous events and attacks—without sacrificing innovation and growth—is essential. It requires advanced analytics, expert analysis, and swift remediation.
Varied and disparate security risk inventories
Uncorrelated and redundant data included in reporting
Prohibits establishing a common inherent risk inventory
No historical data for trending and forecasting
Manual and inconsistent data aggregation and correlation
Ambiguous and incomplete risk interpretation
Resource and time intensive
Subjective and non-standard security risk measurement
Resources spent addressing non-prioritized issues
Miscommunication and misunderstanding of risk across enterprise
Lack of business context based reporting
Limits business unit’s ability to understand and accept risk
Inability to measure improvements and predict threats
Reactive vs. proactive decision making
Model an organizations risk framework by defining and representing hierarchies, tolerances, ownership and performance indicators
Assign Business impact and quantitative value to risk information
Manage closed loop remediation of vulnerabilities and effect of remediation on risk posture
Deliver directed, actionable, access-based reports to executives
Identification of critical and at-risk parts of an organization based on metrics
Integrate asset data and modeling
Ability to determine the business impact of vulnerabilities and incidents on the risk exposure of an organization
Prioritization of incidents based on impact and importance of affected business functions allows you to focus your remediation efforts
Quantitative analysis to determine business cost of vulnerabilities and incidents and there overall impact to the business
Normalization of vulnerabilities and incidents from different sources for comparing risk on entities along multiple dimensions and attack surfaces to arm your organization with the information needed to address the next Heartbleed.
Efficiently utilize resources by analyzing and evaluating incident priorities based on organizational goals and mandates
Note: Add a call to action.
Contact sales
Download the data sheet
Schedule a demo