UNIFIED ENTERPRISE SECURITY
|
|
- Emmeline Davis
- 8 years ago
- Views:
Transcription
1 WHITE PAPER UNIFIED ENTERPRISE SECURITY A HOLISTIC APPROACH TO INTEGRATED, BEHAVIORAL-BASED NETWORK SECURITY BY: DEAN A. TRUMBULL
2 WHITE PAPER Table of Contents EXECUTIVE SUMMARY 3 INTRODUCTION 3 THE SECURITY PROBLEM: FAILURE TO CONNECT THE DOTS 4 BEHAVIORAL-BASED UNIFIED SECURITY: A HOLISTIC APPROACH 5 CHALLENGES FACING BEHAVIORAL-BASED UNIFIED SECURITY 6 MASERGY UNIFIED ENTERPRISE SECURITY 7 MASERGY PRODUCT OVERVIEW 10 UNIFIED ENTERPRISE SECURITY CONFIGURATIONS 12 UNIFIED ENTERPRISE CLOUD SECURITY CONFIGURATIONS 15 HYBRID NETWORK CONFIGURATIONS 18 CONCLUSION 19 2
3 UNIFIED ENTERPRISE SECURITY EXECUTIVE SUMMARY Internet-based attacks are a serious threat to any public or private organization s information technology systems. Despite a substantial increase in spending for cyber security over the past few years, new and evolving Internet security threats remain widespread and most cyber defense products are woefully inadequate. While many powerful point solutions exist to protect specific pockets of vulnerability, industry analysts agree that the next evolutionary leap in security technology will focus on the development of a systemic cyber security architecture that s capable of providing true subsystem integration of disparate security applications within a unified threat management system. Masergy s Unified Enterprise Security (UES) is the industry s first fully integrated, network behavior analysis and correlation-based security platform. It is the premier threat management system on the market today because it is the only unified offering that combines the unique integration properties of a security architecture with the adaptive and predictive data sharing, tracking and analysis capabilities of a network behavior analysis and correlation engine. Masergy s UES solution provides true subsystem integration of industry-proven security applications network behavior analysis and correlation; intrusion detection and prevention; vulnerability scanning and management; log management, analysis and monitoring; network access and policy monitoring; and comprehensive threat management for prioritized network, global and vendor threats and vulnerabilities within a multi-layered, 21st century security architecture that spans premise-based, cloud and hybrid network environments. Finally, there s a unified security solution that works anytime, anywhere your business operates. INTRODUCTION In an era of increasing regulatory compliance, where the level of investment in best-of-breed corporate IT security technology is significantly higher than in any previous year, CIOs, Security Chiefs and IT Leaders are asking the same question: Why are high profile security breaches still so prevalent? To adequately answer that question, one need only review the data. Consider, for example, the recently published Verizon Business: Y2009 Data Breach Investigations Report of high profile security breaches. It found that, for 82% of all breaches, readily available evidence existed in an organization s logs that it had been breached or was in the process of being breached. Further, the same report also found that: 71% of breached organizations already had log collecting solutions in place; 30% of breached organizations already had a intrusion detection/prevention system (IDS) in place; 69% of breaches were discovered by a 3rd party, not by the actual organization that was breached; 19% were deemed to be compliant with the Payment Card Industry (PCI) Data Security Standard (DSS); and Only 6% of these organizations actually discovered the breach on their own. These are shocking statistics, especially when you consider that IT security budgets rose to 12.6 percent, and Global IT security spending climbed to $14.7B in With continuously evolving attack profiles and too many disparate applications and appliances requiring updates on a daily basis, it s virtually impossible for network administrators to stay ahead of the curve. This paper will highlight the flaws of a best-of-breed approach to network security, the underlying causes of recent high profile security breaches, and the emergence of Unified Enterprise Security a comprehensive, holistic approach to network security integration. Forrester Research: State Of Enterprise IT Security: Verizon Business: Y2009 Data Breach Investigations Report 3
4 WHITE PAPER THE SECURITY PROBLEM: FAILURE TO CONNECT THE DOTS Postmortem analysis by Verizon Business investigators of the underlying causes for a security breach found that either the technology employed, processes in place, or dereliction of duty (though unintended) were the main causes. These finding are understandable given the current state of the network security market, where corporate IT security teams are challenged to implement their network security posture by cobbling together discrete security appliances and applications from a myriad of competing security companies. Such products focus on various specific aspects of network security, leaving the IT department responsible for selecting, integrating, managing, monitoring and correlating discrete security events, alerts, logs and reports into actionable security threats. An all too common misconception is that a network breach is a singular event that occurs during a brief period of time. In reality, Verizon Business investigators found that 82% of successful breaches were actually preceded by a series of successive reconnaissance activities, intentionally spanning days weeks and even months in an effort to avoid detection. These intrusion detection evasion techniques are able to bypass detection by creating different states on the perimeter defenses and/or on the targeted computer. The attacker accomplishes this by manipulating either the attack itself or the network traffic that contains the attack. In this manner, attackers are able to slowly develop techniques, methods, and even the timing to successfully breach perimeter defenses. Even though much of this reconnaissance activity can be detected by perimeter defenses, it tends to be overlooked because 1) the number and frequency of these events appear to indicate a cessation of hostile activity, leaving the IT staff with the impression that perimeter defenses are working, or 2) they simply go unnoticed due to inadequate security monitoring. Aside from the obvious silo-effect of deploying discrete security appliances, it s important to note that most network security technology relies heavily on signature detection to identify malicious traffic. Since security appliances are only able to load a mere 5% of currently available signatures (~1500), this leaves network security analysts guessing as to which signatures to load. It also leaves the network 95% exposed to well known attack methods regardless of analyst s signature selection and completely vulnerable to any new stealth attacks. 4
5 UNIFIED ENTERPRISE SECURITY Simply put, the primary reasons why high profile security breaches are still so prevalent is that: There are too many vendors too many disparate security systems too many alerts not enough actionable root-cause and resolution information. With most security products, there is an inability to connect the dots between an impending attack and its related reconnaissance activity, which can span hours, days, weeks, and even months. Most security products are reactive and focused on explaining what happened, instead of tracking reconnaissance activity and detecting threats before they happen. In addition, the deployment of organizational resources necessary to successfully operate in such an environment further stresses IT departments that are already challenged with squeezing the most out of their minimalist security budgets. These disparate product, process and budget issues are contributing to a growing movement within the security industry one that supports the convergence of security requirements as part of an extensible systemic architecture. It is this type of approach that analysts believe will enable disparate applications to be seamlessly integrated into a single system, with unified administration, operations and reporting. BEHAVIORAL-BASED UNIFIED SECURITY: A HOLISTIC APPROACH The concept of a systemic, architectural approach to network security is increasingly gaining traction among leading security companies. In fact, Cisco Chief Executive John Chambers predicts the end of pinpoint security applications and believes that, in order to stop online threats, security should be integrated throughout the network with an underlying architectural approach, and that SMEs should be focusing now on how their security pieces integrate. There is also a growing realization that signature-only detection cannot adequately address the current state of network security attacks. A behavioral approach to deep packet analysis is now a requirement in order to address zero-day attacks and compensate for the limited number of signatures that IDS/IPS appliances can actually load (~1500),which leaves networks 95% exposed to well known attack methods. The following quotes from Gartner, Aberdeen and Yankee Group analysts further highlight the industry s alignment with network behavioral analysis and correlation as a must-have component of an extensible, architecture-based security program: After an organization has successfully deployed firewalls and intrusion prevention systems (IPS) with appropriate processes for tuning, analysis and remediation, they should consider network behavior analysis (NBA) to identify network events and behaviors that are undetectable using other techniques. By Paul E. Proctor, Research Analyst, Gartner Inc. The industry is moving toward a more holistic and integrated approach to security and the key to realizing the benefits of such an approach lies in how effectively integrated technologies are able to share, correlate, and analyze information, according to Derek Brink, Vice President and Research Fellow for Aberdeen s IT Security Division. Solution Providers who incorporate NBA most effectively will enable their customers to improve protection by predicting and preventing emerging threats before they cause harm, rather than by merely explaining events that have already ensued. 5
6 WHITE PAPER Traditional signature-based security products can t stop zero-day attacks, says Andrew Jaquith, a senior analyst with Yankee Group. Our research shows that while 99% of corporations have deployed antivirus software, nearly two-thirds (64%) nonetheless suffered virus or worm outbreaks that disrupted at least one business unit. Behavioral security solutions are an increasingly important part of a balanced security program. CHALLENGES FACING BEHAVIORAL-BASED UNIFIED SECURITY As alluded to earlier, the state of the enterprise security market is highly fragmented, with point solutions designed to address distinct security requirements. Many larger security firms Cisco, McAfee, and Symantec, among others are now trying to address the unified security software space by acquiring disparate applications with a promise to integrate them down the road. Many vendors are telling the unified security story, but instead are delivering a SIM/SEM solution, as in the case of Cisco MARS. The challenges facing a true behavioral-based unified security implementation are three-fold: Unified security is a relatively new product category, and the work of category creation is challenging and expensive. It is imperative that the industry overall ensures that incumbent competitors do not use their enormous advertising budgets to water-down the true definition of a unified security platform. Existing network security incumbents are pitching a solid unified security story, but what they are actually delivering is a collection of disparate point solutions that are loosely integrated, usually for reporting purposes. In most cases, these are stand-alone signature detection products, separately administered, and they do not share security information in real-time to enhance detection. This is creating confusion with customers as well as a significant market gap, since many businesses are now taking a wait and see attitude with regard to security integration. Since IT organizations have historically implemented a security posture by cobbling together discrete security solutions, this investment in appliances, time, and resources makes the prospect of deploying a unified solution difficult, especially where there is an overlap in applications. Organizations are reluctant to request additional budget dollars to replace investments that have not yet been fully depreciated, regardless of the efficacy of the new solution. 6
7 UNIFIED ENTERPRISE SECURITY MASERGY UNIFIED ENTERPRISE SECURITY To address these challenges, Masergy has developed a security solution that actually combines the exceptional integration capabilities of a security architecture with the adaptive and predictive data sharing, tracking and analysis capabilities of a network behavior analysis and correlation engine. This uniquely integrated approach is at the heart of Masergy s Unified Enterprise Security (UES) solution, and enables all security applications to take advantage of patented, leading-edge behavioral technology. Other advantages of the UES architecture a single console and unified reporting, administration, and operational ease-of-use make this technology particularly attractive to over-burdened and under-resourced IT departments. The Unified Enterprise Security architecture provides an extensible platform to incorporate ever expanding security applications. In fact, Masergy has leveraged the UES architecture to incorporate several new security applications, including behavioral network access policy monitoring, log management and monitoring and emerging Cloud security applications. Further, Masergy s Unified Enterprise Security architecture is very cost-effective since it overlays and complements a company s existing network security infrastructure. This modular approach allows customers to mix-n-match applications, adding additional modules over time, as needed, which helps to maximize their current security investment. Enterprise UTM Architecture Unified Enterprise Security Architecture Unified Administration, Monitoring, Reporting Trusted Computing Base Protect Monitor Alert Report Internet IDS IPS NBA AV NAC AS CF Firewall BLOCKING Users Servers Firewalls Syslogs Switches Routers Policies Threats Intrusions Suspicious Traffic Viruses Trojans Vulnerabilities Vendor Alerts Stealth Attacks Access Violations Resource Violations Threats Discover Alerts Compliance Prioritized Threats Policy Violations Access Violations Network Traffic Suspicous Traffic Network Behavioral Analysis and Correlation Server 7
8 WHITE PAPER UNIFIED ENTERPRISE SECURITY ARCHITECTURE True Subsystem Integration Masergy s Unified Enterprise Security product portfolio enables true subsystem integration and intelligent, adaptive information sharing/correlation of detected threats and alerts with detected vulnerabilities between all application subsystems and appliances. It is this level of architecture-based integration that provides long-term context to threats and enables early warnings of threats and attack reconnaissance that other products cannot see. Industry-proven application modules network behavior analysis and correlation; intrusion detection and prevention; vulnerability scanning and management; log management, analysis and monitoring; network access and policy monitoring; and comprehensive threat management for prioritized network, global and vendor threats and vulnerabilities can be deployed as part of a complete security infrastructure or they can be added incrementally, over time, as an organization s business and network requirements change. Further, Masergy s holistic approach to compliance ensures that customers can efficiently achieve and maintain ongoing regulatory compliance within their unique vertical markets, whether it s for PCI, SOX, HIPAA, NERC CIP, NCUA or FISMA standards. Unified Enterprise Security Software Architecture Detected Vuln. Risk Analysis Engine Unified Security Console, Adminstration, Reports, Forensics, Events Correllation Engine Threats SYSLOG Scanner, ThreatData, Firewalls, Servers, AV, AS, IPS, IDS, Other Sources Raw Packet Data Sources Policy Violations Policy Rules Deep Packet Analysis Behavior Analysis Engine NetFlow Security Heuristics sflow Routers, Switches, Sensors, Probes, Mirrored Raw Packets At the heart of Unified Enterprise Security (UES) is a proprietary behavioral correlation engine that is actually the foundation upon which all other applications are built. This basic tenet of UES enables each security application to leverage the rich data derived from the correlation of weeks of raw packet data, detected vulnerabilities, signature detection applications, posted vendor alerts, globally detected threats, logs from 3rd party security devices, as well as network access policy violations. A true behavioral analysis and correlation requires: Packet data, IDS/IPS alerts, scans, vendor threats, and tracked resources are data feeds to be analyzed and correlated continuously, and tracked over long periods of time. Use of raw packet data vs. log files for behavioral analysis. Packets have more data for analysis. Data is used for analysis spanning days, weeks and months, which is necessary to correlate seemingly discrete events intentionally spaced-out to avoid detection. The longer the timeframe, the better the analysis can be. Analysis is relative to an individual network and adapts to that network. A behavioral system becomes customized to that network without human intervention. A behavioral system has learned intelligence, can measure increasing hostility from progressive reconnaissance activity, and predict behaviors that enable it to track developing threats leading up to a breach. 8
9 UNIFIED ENTERPRISE SECURITY Architecturally Layered Security Applications It s important to not mistake Unified Enterprise Security for a SIM or SEM (SIEM) implementation. A SIEM is a noble attempt to integrate a collection of security appliances that were never intended to work together. Consequently, they don t. The SIEM approach has proven to be a complex, limited, and expensive approach to very loose integration that has relegated most SIEMs to nothing more than log management platforms. The Unified Enterprise Security offering is not the aggregation of log information from disparate security appliance logs/alerts. Instead, it provides twelve (12) unparalleled layers of fully integrated security: % PASSIVE SECURITY IMPLEMENTATION introduces absolutely no additional network latency, and no single point of failure. In practice, network traffic is mirrored to detection devices, allowing easy installation without disruption to network activity. 2. EXTERNAL INTRUSION DETECTION & PREVENTION detects increasing external hostility from reconnaissance activities, external threats, and other malicious traffic. 3. INTERNAL INTRUSION DETECTION & PREVENTION monitors potentially suspicious employee activity, evidence of malware infections, and security policy violations. 4. NETWORK BEHAVIOR ANALYSIS AND CORRELATION analyzes and correlates all suspicious network traffic received from both internal and external IDS sensors, spanning days, weeks and months. Detects sophisticated intrusion evasion techniques, anomalous patterns, and even new stealth attack methods for which there are no published signatures. 5. BEHAVIORAL-BASED NETWORK ACCESS POLICY CONTROL & MONITORING behaviorally detects and blocks both internal and external access policy violations in real-time. This capability utilizes shared information between intrusion detection and network behavior analysis subsystems to secure critical assets without deploying any additional hardware or host agent software. 6. UNIFICATION OF EXISTING SECURITY INFRASTRUCTURE provides real-time monitoring of 3rd party security events and automatic / manual blocking of malicious traffic via native integration with all commercially available firewalls, switches and routers. 7. NETWORK RESOURCE VIOLATION MONITORING resource violation alerts occur automatically when unrecognized IP addresses (internal or foreign) are detected, and/or when a well-known IP address attempts to access a device for which they have no history of accessing. 8. INTEGRATED VULNERABILITY SCANNING & REPORTING provides automated vulnerability scanning for detected vulnerabilities in the network infrastructure, critical assets, application servers, client PCs, etc. Detected vulnerabilities are then shared with other subsystems for real-time correlation. 9. REAL-TIME CORRELATION OF SUSPICIOUS NETWORK TRAFFIC WITH DETECTED VULNERABILITIES activity reported by the integrated vulnerability scanner subsystem is automatically shared with intrusion detection, threat management, network behavioral analysis and network access control subsystems for real-time correlation between disciplines. This capability adds context to potential threats that would otherwise go unnoticed. 10. COMPREHENSIVE REAL-TIME LOG ANALYSIS, ARCHIVAL, AND MONITORING processes log events from firewalls, switches, routers, 3rd party security devices, and application servers using sophisticated policy-based rules to detect anomalous events, security policy violations, changes to account privileges, and the like. 11. LOG MANAGEMENT AND ARCHIVAL functionality, including comprehensive log searching, reporting, and 1.5Tb of network access storage (NAS) is available to help meet regulatory compliance. 12. COMPREHENSIVE THREAT MANAGEMENT automatically detects, correlates, and prioritizes detected network threats, global threats, and posted vendor threats with detected vulnerabilities. The resulting prioritized threat remediation list is designed to focus IT remediation teams on the most pressing threats to network security, providing detailed remediation steps, links to patches, vulnerability reports, CVEs, etc. The system is also designed to provide a complete graphical rendering of your entire network security posture, which is automatically updated once the system has empirically verified that the requisite remediation has been completed. 9
10 WHITE PAPER For those organizations following the widely accepted defense-in-depth network security strategy, Masergy s Unified Enterprise Security portfolio economically delivers a security layer that augments and holistically provides oversight of an organization s security environment without the need to uproot or disrupt its existing security infrastructure. This self-reliant approach combines real-time flexibility, long-term correlation, and historical trending, with no maintenance and security business intelligence requirement. This revolutionary behavioral approach is quickly becoming the industry standard for next generation network security architectures. MASERGY PRODUCT OVERVIEW As previously mentioned, the Unified Enterprise Security (UES) system is built from the ground up using a modular architecture. It provides a simple and affordable migration strategy because it allows for extensive customization. For example, a customer may initially choose to mix-n-match components to address gaps or holes their security posture, then add additional applications or components incrementally, over time, in response to their evolving network environment. Unified Enterprise Security - Customizable By Design Solutions This modular approach also enables Masergy to cost-effectively introduce new components / applications that address new and emerging security threats, enabling a company to keep its security infrastructure up to date. The core Unified Enterprise Security components include: A MASTER CONTROL UNIT (M-4000-G) The MCU module is a browser-based monitoring console, signature server, cluster manager and Web server that utilizes plug-and-play installation. It contains the custom Web portal that houses all the reports and graphs for the appliance suite, including the security dashboard, intrusion detection and vulnerability scanning reports. The Security Risk Management (SRM) Managed Services can also be provisioned through the MCU for thorough and economical risk management on-demand. 10
11 UNIFIED ENTERPRISE SECURITY BEHAVIORAL CORRELATION MODULE (A-5000-G, A-5110G) The Behavioral Correlation Module (BCM) identifies and tracks typical network traffic and packet behaviors over long periods of time and automatically sends out alerts for any anomaly. The BCM identifies reconnaissance activity, unknown attacks and zero-day attacks. It also guards against threats from within, providing alerts for resource violations, abuse of privileges and misuse of corporate assets. Its behavioral analytics employ raw packet information through layer 4, detecting early threat activity and maintaining alert logs and behavioral profile information for at least six months enabling constant monitoring of global attacks and vulnerabilities. The Behavioral Correlation Module (BCM) is available in two models; A-5000-G for 10/100/1000Mb networks and A-5110-G for 10 GB networks. SECURITY DASHBOARD MODULE (I-6000-G) The Security Dashboard Module (SDM) provides immediate single-source access to all threat data, including an easy-to-use, instant view of prioritized security threats and the underlying data that created them. The Security Dashboard Module (SDM) correlates data and prioritizes security threats from multiple security, network and server sources, including behavioral alerts from packet data analysis; signature IDS alerts; and vulnerability scans against assets and global alerts. The SDM instantly identifies the most critical network threats, determines the best path for remediation and gathers the data for forensic reporting. Because of its extensible architectural design, the SDM requires no tuning or correlation rules. This means that time is not wasted attempting to integrate complex SIM software with third-party security products or implementing, updating and maintaining multitudes of SIM correlation rules. DETECTION + PREVENTION MODULE (N-1001-S, N-1010-S, N-2100-S, N-2101-S, AND N-2110-S) The Detection + Prevention Module (DPM) is a 100% passive network sensor hosting an intelligent packet inspection and capture system that selects and transfers suspicious packets to the Behavioral Correlation Module (BCM) for further behavior analysis. By employing signature detection technology, deep-packet inspection of layers 1 7 and tunable signatures on a 24x7 basis, the DPM provides for automatic alert analysis and correlation, as well as alert escalation and prioritization; detection of unauthorized access to network resources; countermeasures for denial-of-service attacks; termination of attack sessions via a TCP reset or ICMP unreachable message; probe prevention (defeats or confuses scanning techniques with false responses); and enterprise threat correlation and global threat correlation. Detection + Prevention Modules (DPM) are available in several models: N-1001-S for copper LAN/WAN speeds up to 10Mb N-1010-S for copper LAN/WAN speeds up to 100Mb N-2100-S for copper LAN/WAN speeds up to 1000Mb N-2101-S for fiber LAN/WAN speeds up to 1000Mb N-2110-S for LAN/WAN speeds up to 10Gb VULNERABILITY SCANNER MODULE (V-3001-G) The Vulnerability Scanner Module (VSM) provides the full benefit of regular security scans that are integrated and correlated with data and alerts from the other appliances, as well as extensive research capabilities. The Vulnerability Scanner module s extensive reporting includes individual vulnerability reports for each device, with associated risk levels (informational, low, high, and severe) and appropriate links to remediation steps. This module also includes: Summary and management reports for easier risk mitigation; On Demand Scanning options: Light limited port scans that identify common vulnerabilities such as those within DNS, Web, or FTP and SMTP; Heavy full port scans that look for all known vulnerabilities and potential risk areas; and DOS scans that identify all dangerous vulnerabilities on the appropriate ports; A Scan Scheduler with customizable scanning options for immediate, daily, weekly, monthly, quarterly and annual scans; and A Private Customer Web Portal -- that allows customers to view alerts, scans, and run reports in real-time. 11
12 WHITE PAPER FIREWALL/SYSLOG MODULE (N-2800-G) The FSM module provides real-time rules-based syslog analysis for commercially available firewalls and syslog compatible systems, applications and devices. The FSM is integrated with the Unified Enterprise Security monitoring console and reports. It can match multiple rules based on Boolean logic, time and frequency to develop sophisticated policy oversight and alert on violations. The FSM is configured with 1.5TB of network access storage (NAS) to collect and maintain up to one (1) year of logs per logging source; provides automated back-up to long-term network storage devices; offers log management searching and reporting, and supports up to 150 syslog devices per FSM; The FSM can also be tightly integrated all commercially available firewalls, switches and routers to enable automatic and manual blocking of malicious traffic. NETWORK SECURITY ZONES (Z-1000-G) The Network Security Zones (NSZ) feature defines secure boundaries for managing and monitoring access to information and applications across multiple systems and disciplines simultaneously delivering unimpeded online services to employees, customers and suppliers. Simply put, the NSZ system defines what an individual can access within the network, at what time and from which location. Any violation of established boundaries will generate an unauthorized access alert. The NSZ system also supports DHCP environments where it s necessary to track individual users or hosts independent of their IP addresses; protects against various network intrusions and illicit access, whether from inside or out; provides a clear path to enhanced compliance and auditing requirements; handles security and access for remote and mobile workers; and works with drag-and-drop simplicity. ON-DEMAND MANAGED SECURITY SERVICES Masergy s Security Risk Management (SRM) Managed Services provides the flexibility to choose between centrally managed or co-managed services, or a combination of the two based on outsourcing requirements at any point in time. It provides immediate turnkey access to the UES solution with no contract required. SRM Managed Services allows an enterprise to cost-effectively allocate internal resources, while outsourcing network security requirements based on demand. Outsourcing by contract is also available, providing an economical and flexible way to augment a company s IT security staff with 24x7 managed security services whether it s for off-hours, holidays or customized timeframes based on peak management requirements. With or without a contract, SRM Managed Services provides visibility, control and oversight of the entire enterprise security environment; enables actionable remediation information to prevent network security problems as well as dealing with immediate security issues; and offers significant cost savings through reduced capital expenditures, training and staffing. UNIFIED ENTERPRISE SECURITY CONFIGURATIONS To start, each UES solution is deployed with one (1) Master Control Unit (MCU) providing a private web portal access to unified administration, monitoring, ticketing and reporting for all deployed UES subsystems. Secure facilities typically have a limited number of internet connections and should install at least two (2) Detection + Prevention Modules (DPMs) to perform signature detection (IDS), prevention (IPS), and behavioral packet analysis capture. Additional DPMs can be installed to provide coverage for additional internet connections, whether collocated or geographically remote locations. It is important to note that DPMs are installed as 100% passive devices receiving mirrored traffic from monitored network segments, and there is no requirement to integrate any 3rd party devices. The first DPM is installed outside the firewall to monitor network activity at the perimeter. The external DPM is deployed to detect reconnaissance activity leading up to an attack, initially performing signature detection and then collecting suspicious network packets for further analysis by the Behavioral correlation Module (BCM). 12
13 UNIFIED ENTERPRISE SECURITY It is recommended that a second DPM be installed inside the firewall to monitor suspicious internal network traffic, outbound traffic to the internet, and correlate with inbound network traffic that makes it through the firewall. Like the external DPM, the internal DPM performs signature detection and then collects suspicious network packets for further analysis by the Behavioral correlation Module (BCM). Additionally, the DPM will correlate suspicious network traffic with detected vulnerabilities reported by the Security Dashboard Module (SDM) to identify malicious traffic targeting vulnerable devices and applications (for example, detecting SSH-1 network traffic targeting a device vulnerable to a SSH-1 type attack). Customer Premise-Based Unified Enterprise Security Configuration The diagram above depicts an example of fully configured Unified Enterprise Security system deployed as Customer Premise Equipment (CPE) at a secure facility. Operating within each deployed DPM is a network access policy monitoring feature, used to define secure policies for managing and monitoring access to information and applications across multiple systems and disciplines. The Network Security Zones (NSZ) feature defines secure access policies for what employees and groups can access within the network, at what times, and from which location. Any violation of established policies will generate an unauthorized access alert. The NSZ system also supports DHCP environments where it s necessary to track individual users or hosts independent of their IP addresses; protects against various network intrusions and illicit access, whether from inside or out; provides a clear path to enhanced compliance and auditing requirements; handles security and access for remote and mobile workers; and works with drag-and-drop simplicity. As DPMs perform signature IDS and IPS, suspicious network packets are collected and transmitted to the Behavioral Correlation Module (BCM) for further analysis and behavioral correlation along with the previously collected data for the past days. Initially behavioral correlation is performed on the data collected within each 13
14 WHITE PAPER DPM. Secondly, behavioral correlation is performed on the data collected across all deployed DPMs at each secure facility. Finally, behavioral correlations are performed on the sanitized external data collected across all Masergy customer secure facilities, and this information is fed back into each UES system to provide awareness for global threats that your network is vulnerable to, but have yet not occurred on your network. Each secure facility should also have at least one Vulnerability Scanner Module (VSM) deployed to identify and report vulnerabilities to the Behavioral Correlation Module (BCM) the integrated threat management system known as Security Dashboard Module (SDM), as well as the Master Control Unit (MCU) for reporting purposes. This is important to proactively identify vulnerabilities to critical infrastructure at each facility in an effort to remediate ahead of any potential exploit, as well as to provide visual context and correlation of suspicious network activity against vulnerable assets. A key UES component for integrating and unifying existing IT infrastructures, 3rd party security appliances, and application services is the Firewall Syslog Module (FSM). The primary role of the FSM is to process and archive log events from any log producing device or application based on customized policy-based rules, as well as generate alerts to the monitoring console for ticketing and incident response. All log events are archived and stored for one year and are available for searching and analysis via the 1.5Tb of onboard storage. Additionally, the FSM is able to natively integrate with commercially available firewalls, switches, and routers to automatically and/or manually block and quarantine malicious traffic. The last and most effective component to deploy at each secure facility is the Security Dashboard Module (SDM), which acts as a fully integrated threat management system, designed to collect, correlate, and prioritize global network alerts, local network alerts, posted vendor alerts, and detected network vulnerabilities with enterprise assets. In this manner, threats are assessed, ranked and prioritized to intelligently focus IT resources on remediation activities. Each prioritized threat provides access to forensic information, a comprehensive list of vulnerable assets, associated vulnerability reports, and remediation instructions. It is important to note that the Security Dashboard requires no integration with any third-party products, as it correlates the raw packet level information collected/ analyzed by DPMs, FSMs and BCMs, with the detected assets, vulnerability reports, and posted vendor alerts. Further, the SDM is fully automated, requires no complex correlation rules to setup, and requires no configuration and tuning to enable. 14
15 UNIFIED ENTERPRISE SECURITY UNIFIED ENTERPRISE CLOUD SECURITY CONFIGURATIONS Beyond the traditional challenges customers face in securing their premise environments (CPE), IT security teams must now deal with issues arising from the emergence of corporate Cloud computing services. The prospect of Cloud Computing offers companies a compelling financial cost savings in annual IT hardware and software expenditures. While offering companies an attractive pay-only-for-what-you-use utility model to deploy business applications, Cloud computing environments may further burden IT departments with the challenge of providing security within an environment for which they may not even have access. As depicted in the graphic below there is a virtual machine instance hosting each element of the Cloud Guard offering: Unified Administration, Monitoring, and reporting is encapsulated in the virtualized Master Control Unit (MCU) Network Behavioral Analysis is encapsulated in the virtualized Behavioral Correlation Module (BCM) Threat Management is encapsulated in the virtualized Security Dashboard Module (SDM) Network Access Policy Monitoring is encapsulated in the virtualized Network Security Zones (NSZ) Intrusion Detection Service is encapsulated in the virtualized Detection + Prevention Module (DPM) Security Event Monitoring & Log Management encapsulated in the virtualized Firewall Syslog Module (FSM) Vulnerability Scanning / Management is encapsulated in the virtualized Vulnerability Scanner Module (VSM) Masergy Unified Cloud Security Architecture Signature Based Analysis Alert Engine Classify Prioritize Vulnerability Scan Console Human Intelligence Normalize Correlate Alert Release Behavioral Analysis EC1 The diagram above depicts an example of fully configured Cloud Guard Unified Enterprise Cloud Security (UECS) system deployed as Software-as-a-Service (SaaS) within a customer Cloud account. Analysis Engine Resource Threshold Pattern Matching Protocol Traffic Sessions Statistical 15
16 WHITE PAPER To start, each Cloud Guard system is deployed with one (1) Master Control Unit (MCU) that provides private web portal access to unified administration, monitoring, ticketing and reporting for all deployed UECS subsystems. Each Cloud account is then configured with a number of individual virtual machine instances that operate as virtual services to host Cloud applications. although each virtual machine instances within the Cloud account typically has its own virtual firewall configuration to facilitate internet access, only one (1) Detection + Prevention Module (DPM) is installed to provide intrusion detection services for all Cloud application instances. DPMs perform signature detection (IDS), prevention (IPS), and behavioral packet analysis capture. It is important to note that virtualized DPMs are 100% passive devices that receive mirrored traffic from all other monitored application instances that are running Linux and Windows operating systems. Additionally, the DPM will correlate suspicious network traffic with detected vulnerabilities reported by the Security Dashboard Module (SDM) in order to identify malicious traffic targeting vulnerable devices and applications (for example, detecting SSH-1 network traffic targeting a device vulnerable to a SSH-1 type attack). Operating within each deployed virtual DPM is a network access policy monitoring feature, used to define secure policies for managing and monitoring access to information and applications across multiple Cloud instances. The Network Security Zones (NSZ) feature defines secure access policies for what employees and groups can access within the network, at what times, and from which location(s). Any violation of established policies will generate an unauthorized access alert. The NSZ protects against various network intrusions and illicit access, whether from inside or out; provides a clear path to enhanced compliance and auditing requirements; handles security and access for remote and mobile workers; and works with drag-and-drop simplicity. Masergy s Cloud Packet Analysis Approach Signature Based Analysis Alert Engine Classify Prioritize Vulnerability Scan Console ECn EC3 EC2 Data Gathering Signature Alerts Human Intelligence Normalize Correlate Alert Release Behavioral Analysis Raw Packet Data EC1 Analysis Engine Resource Threshold Pattern Matching Protocol Traffic Sessions Statistical Customer EC2 Account Hypervisor Virtual Interface(s) Customer Security Groups Firewall Physical Interface Masergy s unique proprietary cloud technology overcomes EC2 restrictions to provide signature detection and network behavior analysis (NBA) & correlation. In addition, Masergy Cloud Guard System Modules operate as EC2 instance(s)within each customer cloud account while the integrated Vulnerability Scanner ensures full regulatory compliance. 16
17 UNIFIED ENTERPRISE SECURITY As the virtual DPM performs signature IDS, suspicious network packets are collected and transmitted to the Behavioral Correlation Module (BCM) for further analysis and behavioral correlation along with the previously collected data for the past days. Initially, behavioral correlation is performed on the data collected within each instance. Next, behavioral correlation is performed on the data collected across all deployed Cloud instances within the Cloud account. Finally, behavioral correlations are performed on the sanitized external data collected across all Masergy Cloud customer accounts. This information is then fed back into each UECS system to provide awareness for global threats that the customer network is vulnerable to, but have yet not occurred within the customer account(s). For reporting purposes, each secure facility should install one (1) virtualized Vulnerability Scanner Module (VSM) in order to identify and report vulnerabilities for all deployed Cloud applications to the Behavioral Correlation Module (BCM), the integrated threat management system (known as the Security Dashboard Module), and the Master Control Unit (MCU). Although vulnerability scanning is strictly prohibited in Cloud computing environments (according to most Cloud Vendor agreements), the virtualized VSM is specifically provisioned to only scan applications within a specific customer s Cloud account. This important feature helps to proactively identify vulnerabilities and provide remediation capabilities in advance of any potential exploits, ensure and maintain regulatory compliance (PCI, HIPPA, SOX, etc.), as well as provide visual context and correlation of suspicious network activity against vulnerable applications. A key UECS component used to integrate and unify virtualized Cloud Firewall and application services is the Firewall Syslog Module (FSM). The primary role of the FSM is to process and archive log events from any log producing Cloud application based on customized policy-based rules, as well as generate alerts to the monitoring console for ticketing and incident response. All log events are archived and stored for 1 year and are available for searching and analysis on the 1.5Tb of elastic block storage (EBS). Additionally, the FSM is able to natively integrate with Cloud firewall APIs in order to automatically and/ or manually block and quarantine malicious traffic. The last and most compelling component to deploy at each Cloud account is the virtualized Security Dashboard Module (SDM), which acts as a fully integrated threat management system that s designed to collect, correlate, and prioritize global Cloud alerts, local Cloud alerts, posted vendor alerts, and detected Cloud application vulnerabilities. In this manner, threats are assessed, ranked and prioritized to intelligently focus IT resources on specific remediation activities. Each prioritized threat provides access to forensic information, a comprehensive list of vulnerable assets, associated vulnerability reports, and remediation instructions. It is important to note that the Security Dashboard requires no integration with any 3rd party applications, as it correlates the raw packet level information collected/analyzed by virtualized DPMs, FSMs and BCMs, and correlates this information with the detected Cloud instances, vulnerability reports, and posted vendor alerts. Further, the SDM is fully automated, requires no complex correlation rules to setup, and requires no configuration and tuning to enable. 17
18 Signature Based Analysis Alert Classify Engine Prioritize Normalize Correlate Alert Release Analysis Engine Human Intelligence Behavioral Analysis Resource Threshold Pattern Protocol Traffic Statistical Matching Sessions WHITE PAPER HYBRID NETWORK CONFIGURATIONS Though Cloud Computing services makes obvious sense for small internet based companies and/or startup operations, the lure of Cloud Computing is just as compelling to existing brick-and-mortar companies desiring to expand into what is commonly referred to as a Hybrid Cloud Computing environment. Masergy Unified Cloud Security Architecture Masergy Cloud Packet Analysis Vulnerability Scan Console ECn EC3 EC2 Data Gathering Signature Alerts Raw Packet Data EC1 Customer EC2 Account Hypervisor Virtual Interface(s) Customer Security Groups Firewall Client Segments Physical Interface Trusted Computing Base A single, high-availability Masergy Unified Cloud Security appliance on your network delivers all of these features: Packet and logfile analysis IDS/IPS Adaptive behavioral analysis Vulnerability scanning Vendor alerts Correlation of data between disparate subsystems Asset database Unified security dashboard Internet Core Switch DMZ Within a hybrid deployment environment, the Masergy Virtual Detection + Prevention Module (DPM) connects to the Master Control Unit (MCU) and Behavioral Correlation Module (BCM) for true unified network security. Like most corporations today, these companies are now faced with the prospect of securing their traditional customer premise equipment (CPE) as well as their new Cloud account. For hybrid environments, Unified Enterprise Security (UES) is provisioned to enable virtualized UECS subsystem elements to be connected back to the physical appliance UES system securing the customer premise equipment. In this manner, a single system can be deployed to unify their CPE and Cloud environments holistically. 18
19 UNIFIED ENTERPRISE SECURITY CONCLUSION For a growing number of organizations concerned by the prevalence of high profile network security beaches, the answer to the high cost, complexity and uncertainty surrounding network security is within reach: a unified, behavioral-based security architecture that is extensible, modular, centrally manageable, and scalable. These capabilities and more are inherent in the Masergy Unified Enterprise Security (UES) solution. CONTACT MASERGY TODAY For more information regarding our Unified Enterprise Security and Unified Cloud Security solutions, contact us at 1 (866) or visit us online at Best Products & Services Reader s Trust Award Network Products Guide has awarded Masergy the 2009 Best Products and Services - Readers Trust Award for Unified Security Global Product Excellence - Customer Trust Award Masergy is a winner of the Info Security Products Guide 2010 Global Product Excellence-Customer Trust Award for Behavioral Security. The company also won this award in 2009 for Integrated Security Tomorrow s Technology Today Award Masergy is a winner of 2006, 2007, 2008 and 2009 Tomorrow s Technology Today awards from Info Security Products Guide Best Deployment Scenario Award Info Security Products Guide has named Masergy a winner of the 2009 Best Deployment Scenario Award for Managed Security Services Product Innovation Award Masergy s Enterprise UTM++ and All-n-One Security Module for Enterprise UTM have received 2008 and 2009 Product Innovation awards for unified security from Network Products Guide Masergy, Inc. All Rights Reserved. All product and company names are the property of their respective owners. 19
20
CLOUD GUARD UNIFIED ENTERPRISE
Unified Security Anywhere CLOUD SECURITY CLOUD GUARD UNIFIED ENTERPRISE CLOUD SECURITY UNIFIED CLOUD SECURITY Cloudy with a 90% Chance of Attacks How secure is your cloud computing environment? If you
More informationCloudCheck Compliance Certification Program
CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or
More informationUnified Enterprise Security
WHITE PAPER Advanced Managed Security Unified Enterprise Security A HOLISTIC APPROACH TO INTEGRATED, BEHAVIORAL-BASED NETWORK SECURITY rev. 022515 Table of Contents Executive Summary 3 Introduction 3 The
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationAchieving SOX Compliance with Masergy Security Professional Services
Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called
More informationUnified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES
Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationUnified Security Anywhere PCI COMPLIANCE PCI COMPLIANCE WE CAN HELP MAKE IT HAPPEN
Unified Security Anywhere PCI COMPLIANCE PCI COMPLIANCE WE CAN HELP MAKE IT HAPPEN PCI COMPLIANCE COMPLIANCE MATTERS. The PCI Data Security Standard (DSS) was developed by the founding payment brands of
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationPCI Compliance We Can Help Make it Happen
We Can Help Make it Happen Compliance Matters The Data Security Standard (DSS) was developed by the founding payment brands of the Security Standards Council (American Express, Discover Financial Services,
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationSP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF
NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationTrend Micro. Advanced Security Built for the Cloud
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationIBM Global Technology Services Preemptive security products and services
IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently
More informationAn Advanced and Integrated Approach to Managed Enterprise Network Security
An Advanced and Integrated Approach to Managed Enterprise Network Security A Frost & Sullivan White Paper Chris Rodriguez, Senior Industry Analyst Sponsored by: Masergy frost.com Introduction... 3 The
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationAn Advanced and Integrated Approach to Managed Enterprise Network Security
An Advanced and Integrated Approach to Managed Enterprise Network Security A Frost & Sullivan White Paper Chris Rodriguez, Senior Industry Analyst Sponsored by: Masergy frost.com Introduction... 3 The
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationREVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS
REVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS STEALTHWATCH BY LANCOPE Lancope expertly provides flow-based visibility
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationIBM Internet Security Systems products and services
Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationNetwork Immunity Solution. Technical White paper. ProCurve Networking
ProCurve Networking Network Immunity Solution Technical White paper Introduction... 2 Current Security Threats... 2 Solutions for Internal Threat Protection... 2 Network Immunity Solution: What It Is and
More informationApplying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationnfx One for Managed Service Providers
NFX FOR MSP SOLUTION GUIDE nfx One for Managed Service Providers With netforensics MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and increase your bottom line
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationThe Sumo Logic Solution: Security and Compliance
The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationNetwork Performance + Security Monitoring
Network Performance + Security Monitoring Gain actionable insight through flow-based security and network performance monitoring across physical and virtual environments. Uncover the root cause of performance
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationThe Value of QRadar QFlow and QRadar VFlow for Security Intelligence
BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationDatabase Security in Virtualization and Cloud Computing Environments
White Paper Database Security in Virtualization and Cloud Computing Environments Three key technology challenges in protecting sensitive data Table of Contents Securing Information in Virtualization and
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationEndpoint Security More secure. Less complex. Less costs... More control.
Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationBlackStratus for Managed Service Providers
BLACKSTRATUS FOR MSP SOLUTION GUIDE PAGE TM BlackStratus for Managed Service Providers With BlackStratus MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationIDS or IPS? Pocket E-Guide
Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly
More informationSecurity Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2
Sponsored by McAfee Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2 May 2013 A SANS Whitepaper Written by Dave Shackleford The ESM Interface Page 2 Rapid Event
More informationSELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:
SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: 12 Key Questions to Ask Executive Summary Host Intrusion Prevention Systems (HIPS) complement perimeter defenses, and play a vital role in protecting
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More information