Tripwire’s Chief Technology Officer, Dwayne Melancon, shared how to achieve trust after a data breach in this increasingly relevant webcast. He covered crucial questions, such as: - Which systems can be trusted? - What is the extent of the compromise? - How quickly can you attain situational awareness? Dwayne also provided participants with an approach to restore trust in your critical systems after a data breach, following five steps: - Know what you have and prioritize by risk levels - Define what “good” looks like - Harvest system state information from your production systems - Perform a reference node variance analysis to identify compromised systems - Remove suspect systems from the environment and return to a trustworthy state Also, for a good primer for the webcast, check out Melancon’s recent article Target and Restoring Trust After a Data Breach… This slide deck accompanies the following archived webcast available here: https://tripwire.com/register/how-to-restore-trust-after-a-breach/

1. Restoring Trust After A Breach
Dwayne Melançon, CISA
Chief Technology Officer

12. Low Priority
Non-admin user added
Password policy varies from policy
High Priority
New unrecognized binaries added
Hash and access privileges
changed on critical file
New listening port opened
Medium Priority
New service activated on payment
server
New routes added on border router
Logging disabled
New local admin user added

16. Change is occurring
Compliance
Compliant State
Periodic Scans or Audits
RISK
increases between scans
Time

17. Continuous Diagnostics
Compliance
Compliant State
Maintain
that state
Assess & Achieve
desired state
Time
REDUCED RISK

19. CSC (SANS Top 20) Controls
CSC 1 & 2: Asset Inventory
CSC 3: Configurations
Attack Surface
Index (Summary)
Aggregated/Weighted
CSC 4: Vulnerabilities
Action Reports
Embed Business Context
And Benchmarking
CSC 5: Malware