What Security Leaders Should Consider When Building a Business Case for Integrity Monitoring

Posted on April 8, 2020
What Security Leaders Should Consider When Building a Business Case for Integrity Monitoring

We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and keeping up our integrity monitoring processes. To understand the utility of integrity monitoring, let’s review some questions that we might ask ourselves in order to evaluate a network firewall’s configuration:

  • What was the last known good configuration?
  • What were the settings of the operating system on the device at the last known good configuration?
  • What are the file types and executables on this device?
  • What are the patching procedures, and how are they reconciled?
  • Is it automated? Are exceptions to the environments? If yes, how are they addressed?
  • Is the software regularly updated, and how is the integrity measured and validated?
  • Who has access to the device, and have they made changes to it?
  • Who has made changes, and are all changes incorporated into an SCM or a CM Systems/Process?
  • How much time is the above taking, and how accurate is it?

These considerations also need to be broken down into costs which either a VP of operations or a CISO consider to have major importance to the company. Doing this takes time and money. For instance, if it takes an FTE 10 hours per week to address the organization’s firewall infrastructure, without taking into consideration the skills-gap, hiring, wages and the talent pool, then what about the rest of the security environment? It’s also crucial to keep the following questions in mind:

  • How accurate is the process?
  • Are their assumptions built into the above model?
  • What are the known points that are tied into the company’s baseline, and how often is this reviewed and validated?
  • What are the costs involved?
    • For setting up the baseline?
    • For going through the change control process?
    • How often is it audited? Is this a major undertaking, or can reports be garnered in time to meet the needs of the business seamlessly and effortlessly?
  • How much time is this all taking?
    • What are the costs to the business in lack of detail?
    • In lack of automation?
    • In lack of repeatability?
    • In the stress to the organization by not being able to access the information in time when there is an operational incident or a misconfiguration or worse?

As a great example of this type monitoring, one of our clients performed the cost justification easily since two people had literally taken a year to be able to understand and monitor the above for just two devices. Two highly paid FTEs took 20% of their days to get this information manually. And we can do things at just the click of a mouse. In the process, we’re able to glean the following:

  • A description of the device
  • Severity
  • Weighted score
  • Type
  • Rules
  • Elements
  • Version Conditions
  • Remediation

Acknowledging all of this, there are a number of different parameters that can be monitored within specific security devices. These parameters need to be identified and remediation actions defined. But Tripwire delivers. Once identified, Tripwire can provide the requisite integrity monitoring in any facet of a device and provide monitoring for change on an ongoing basis, all without the need for labor to be involved in such a tedious task. In this sense, the human element is taken away because it is now fully automated in software, and reporting can be done at any point in time. It does not require a structured manual effort in order to make this happen. We then have the ability to provide full Integrity monitoring on devices that would have taken several working hours to complete. Productivity rises, and do we really want a team of experts working on a manual process? Or would you rather let the technology do the heavy lifting and have your experts spend their time on action items, recommendations, etc.? You know, doing the things that benefit the business in a myriad of other ways? Now about those savings. ROI that flows back to the business can be measured in many ways, and each business case is different. But with a 92% customer satisfaction rate of nearly a quarter-century in business, we believe we are well on our way to helping our clients succeed with best of class solutions tied to the CIS Controls. Learn more about how Tripwire’s solutions can help you fulfil your integrity monitoring processes.

Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!