Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Multi-Cloud Security
Advanced Vulnerability Management with Tripwire IP360
FOUNDATIONAL CONTROLS FOR
SECURITY, COMPLIANCE & IT OPERATIONS
When you opt to use multiple cloud providers, you’re implementing a
multi-cloud strategy. This practice is increasingly common, and can refer 80% of IT decision-makers
to mixing SaaS (software as a service) and PaaS (platform as a service) say new approaches are
offerings as well as public cloud environments that fall under the IaaS needed to successfully
(infrastructure as a service) category. The most common public cloud operate in multi-cloud
environments today are Amazon Web Services (AWS), Microsoft Azure and environments.
Google Cloud. ——What the New Multi-Cloud
World Means to IT,
Security professionals responsible for securing multi-cloud environments BMC infographic
are often stuck trying to apply the old principles of vulnerability
management (VM) to these new environments with varying success. The
truth is, multi-cloud environments require special consideration when
Scanning
deploying VM tools.
Vulnerability management functions
by way of continuous, scheduled scan-
This best practice guide outlines the methods of deploying and using ning. These scans can pick up known
vulnerabilities, misconfigured assets,
Tripwire® IP360™ in a multi-cloud environment with public cloud
uninventoried endpoints, slips in compli-
providers. ance and many other network instances
that hackers see as an invitation.
Google AWS
Fig. 1 Regardless of which services you use, Tripwire provides flexible multi-cloud deployment options for VnE Managers and
Device Profilers.
Eight Steps to a Successful 5. Decide where you want to collect this
info in the VnE Manager—on-prem, in
Multi-Cloud Deployment one of the cloud environments, or one REQUEST A DEMO
When you’re ready to leverage the for each cloud environment.
benefits of a multi-cloud approach with Visit tripwire.com/contact/
6. Enable remote scanning Tripwire DP
Tripwire IP360’s powerful vulnerability
virtual images in your public cloud request-demo and learn
management, follow these best practice
environments.
steps to get started: more about how Tripwire
7. Regularly review the results from IP360 is the perfect
1. Review the concept of the shared your cloud assessments and follow
security model in the cloud with your remediation instructions.
vulnerability management
business partners to make sure they solution for on-prem, cloud
8. Assess the security of your cloud
understand the benefits and risks of
services with a tool like Tripwire Cloud and hybrid environments.
moving to the cloud. Reinforce that VM
Management Assessor.
and security controls are an essential
part of a cloud strategy.
Summary
2. Inventory which cloud environments Multi-cloud environments call for
are being used or planned by your sophisticated vulnerability management
organization and choose your cloud solutions. Whether your organization
vendors. or agency uses on-premises, cloud or
3. Understand the accounts and hybrid systems, Tripwire IP360 provides
deployment zones where you need comprehensive asset discovery and
visibility to monitor for vulnerabilities. inventory. Take advantage of the most
Deploy Tripwire DP scanning granular risk scoring and prioritiza-
resources to get the needed coverage. tion reporting on the market in order
to address vulnerabilities quickly and
4. Understand the nature of the
thoroughly.
application in the cloud. Server
replacement IaaS may be a good fit
for network scanning. Highly dynamic
environments will need agents or
integration with the cloud tools.
Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial
organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity
asset visibility and deep endpoint intelligence combined with business context; together these solutions
integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions
includes configuration and policy management, file integrity monitoring, vulnerability management,
log management, and reporting and analytics. Learn more at tripwire.com
©2018 Tripwire, Inc. Tripwire, Log Center/LogCenter, IP360 and Tripwire Axon are trademarks or registered trademarks of Tripwire, Inc.
All other product and company names are property of their respective owners. All rights reserved. BRMCSBPG1a 1807