SOURCEFIRE PRODUCT OVERVIEW. Sourcefire 3D System. Security for the real world. Discover. Determine. Defend.
|
|
- Margery Edith Griffin
- 8 years ago
- Views:
Transcription
1 SOURCEFIRE PRODUCT OVERVIEW Sourcefire 3D System Discover. Determine. Defend.
2 Discover Threat Intelligence Snort the de facto standard for intrusion prevention Sourcefire Vulnerability Research Team (VRT) seasoned industry experts providing coverage in advance of actual threats Detect and prevent spyware, worms, attacks, DoS, and more Endpoint Intelligence Passive asset discovery Targeted active scanning NETWORK SECURITY TODAY: DAUNTING, FRUSTRATING, AND NEVER-ENDING You have made quite an investment into firewall technology, antivirus packages, security software, staff, and consultants. Yet even with your best efforts, security breaches continue to threaten your revenue, reputation, and ability to adhere to regulations. Detecting and responding to attacks just at the perimeter is no longer effective or sufficient. How can you confidently and proactively protect all networks, systems, applications, data, and entry points short of blocking all traffic? You need a multi-layered, integrated process that will help you protect against threats across all vectors, all the time, in real-time. You need the Sourcefire 3D System. Asset-based business context Network Intelligence Comprehensive and persistent network discovery Network Behavior Anomaly Detection (NBAD) Network flow analysis Despite the fact that more than $20 billion was spent on security products over the last year, the threats and vulnerabilities keep coming just adding another patch won t ensure network protection. Discover. Determine. Defend. 2
3 TRUE, UNIFIED, INTRUSION PREVENTION With the Sourcefire 3D System, all of your security applications and technologies finally work together and benefit from each other s capabilities. You have a common framework for decision making and collaborative security functionality that uses rules and automation 24 hours a day, seven days a week. The Sourcefire 3D System brings together policy, behavior, rules, technology, and automation to complement the sevenstep process advocated by Gartner for true, unified, intrusion prevention: Policy definition asset inventory policies, port/protocol policies, security configuration policies At this stage, the Sourcefire 3D System helps you define IT security policies based on business needs and required access to applications, files, IP addresses, protocols, services, and more. Baseline/discovery endpoint intelligence, Network Behavior Anomaly Detection (NBAD) Here, the Sourcefire 3D System discovers context and endpoint intelligence about network components, eliminating ambiguity and dangerous assumptions so that you benefit from more accurate blocking decisions. Policy enforcement block all services not explicitly allowed Based on user-defined policies, the Sourcefire 3D System knows which protocols and services to allow or block. Updates to the IT infrastructure are implemented through change management processes. Inspection defragmentation, reassembly The Sourcefire 3D System goes beyond inspection at the network perimeter with blocking decisions that can be automated enabling inspection across the enterprise and at the core of the network seamlessly and simultaneously. Its focus at this stage includes behavioral and anomaly analysis so that suspicious targeted and internal activity can be logged, alarmed, or blocked based on its relative threat to your organization. Threat blocking signature match, protocol analysis, anomaly detection, behavior analysis At this step, the Sourcefire 3D System will contain, quarantine, or block critical threats via a myriad of techniques including dropping traffic, disrupting sessions between devices, replacing malicious content with benign content, and integrating with network devices such as firewalls, routers, and switches. Management device management, vulnerability management, compliance management The Sourcefire 3D System makes it easy to manage rule sets, filters, software updates, configurations, and changes in users, applications, and usage. Much of the policy and configuration information comes from the system s vulnerability management process. Monitoring alerts, log events, QoS/Shaping During this last step, the Sourcefire 3D System collects and logs data on attacks and blocking actions. You should be using this data to intervene, report trends, and fine tune the overall process and policies. Staying Ahead We are committed to making sure our products and technology remain on the leading edge and protect all of your online assets and network entry points all the time. Validating our commitment, various industry organizations have given us numerous awards, certifications, and recognition for our innovation and capabilities. One award, the NSS Gold award, has only been presented four other times before Sourcefire. For the first time, you can enjoy true intrusion prevention across your highly switched internal networks, as well as at the perimeter. 3 REV
4 THE SOURCEFIRE 3D SYSTEM: DISCOVER, DETERMINE, AND DEFEND "The full 3D System is the most comprehensive IPS on the market. Five out of five stars for Documentation, Ease of Use, Features, Performance, Support, Value for Money, and Overall rating. Our Best Buy Award goes to Sourcefire. SC Magazine With the Sourcefire 3D System you will: Discover risks, vulnerabilities, and threats through Sourcefire Intrusion Sensors, Sourcefire RNA (Real-Time Network Awareness), and Sourcefire Intrusion Agents. Sourcefire Intrusion Sensors use the award-winning Snort rules-based detection engine to bring you all the benefits of signature, protocol, and anomaly-based inspection methods to all of your network traffic at speeds up to 8 gigabits per second. In addition, Sourcefire RNA Sensors will passively monitor your network to deliver highly detailed, real-time profiles of all your network assets including their configuration, behavior, potential vulnerabilities, and associated changes. Determine the business impact of any risk. By tightly integrating and correlating the threat information provided by Sourcefire Intrusion Sensors and Agents with the endpoint and network intelligence provided by Sourcefire RNA Sensors, the Sourcefire Defense Center will easily prioritize the millions of security events to determine the most critical events to your business and take the appropriate actions. Defend your online assets with the ABCs of Defense Alert, Block, Correct all in real time. Send alerts through , SNMP, Syslog, and trouble ticket systems. Block attacks through firewalls, IPSs, switches, and routers. Correct the situation through patch or configuration management. DISCOVER DETERMINE DEFEND Threat Intelligence Endpoint Intelligence Network Intelligence C O R R E L A T E P R I O R I T I Z E C O M P L I A N C E Alert Block Correct Discover. Determine. Defend. 4
5 SOURCEFIRE RNA ALWAYS ON, ALWAYS ALERT Imagine being able to know that an infected laptop has joined your network right when it happens not after you have applied a patch on Friday and the infected laptop connects on Monday or when it is discovered months later by some network audit. Sourcefire RNA is like a magic eye that watches everything happening on your network. This is just one example of how Sourcefire RNA provides always on, real time visibility through passive network discovery methods similar to passive sonar. With passive network discovery, there are no required agents, superfluous traffic, or network asset disruptions. RNA provides a layer of intelligence to network monitoring that has never been seen before within the network security industry. Sourcefire RNA provides continuous visibility into: Flow data, where you can analyze traffic patterns and composition for a variety of purposes including trend analysis Network asset profiles, including IP address, OS and version, services and versions, and ports Asset behavior profiles, including traffic flow and traffic type Network profiles, including hop count, TTL parameters, and security vulnerabilities Change events for new assets, changed assets, and behaviorally anomalous assets All Internet peering points Network World This information, coupled with the RNA vulnerability database, allows you to (1) know all the possible vulnerabilities on your network in real time and (2) take the appropriate action automatically if you choose. You can use this information before and after a threat to remediate an attack as well as to tune Intrusion Sensors making them more efficient and less likely to generate false positives or false negatives. RNA Benefits at a Glance Endpoint Intelligence Know all the machines on your network all the time Easily detect on the spot if a machine begins to rebroadcast SPAM Detect spyware compromise and quickly quarantine infected machines Instantly detect new machines entering your network if policy dictates, sandbox them until clean Know if a new device is behaving maliciously despite having passed access controls to check for antivirus and firewall protection Network Intelligence Detect and shutdown illegal mail servers Detect and shutdown rogue desktop applications including desktop web servers Enforce corporate policies for P2P restrictions such as Kazaa and instant messaging Maximize network intelligence integrity The RNA Visualization Module alerts you when anomalous behavior is detected on the network. When that happens, the specific node begins to blink. Sourcefire RNA technology is deployed three different ways: as a Plug-n-Protect dedicated appliance anywhere on your network, as software on a Sourcefire Intrusion Sensor, or on other third-party servers distributed throughout your environment. 5
6 Targeted Active Scanning for Timely Endpoint Intelligence Providing endpoint and network intelligence to network security products significantly improves their capabilities and limits the obstacles to a successful deployment. Organizations deploying network security products should look for their integration with vulnerability assessment and network intelligence solutions. Gartner Through the integration with Nessus, the open source active scanning tool, the Sourcefire 3D System also enables you to take advantage of targeted active scanning with predefined flexible scanning policies that automatically respond to network change. You get the best of both scanning worlds passive and active. For example, if RNA detects that a new port has been opened on a network asset, Nessus can be triggered to inspect just that port through a surgical scan. The Nessus Scan Input Module also allows you to automatically populate your Vulnerability Database with Nessus Scan data and then maintain the data in real-time via the RNA 24x7 vulnerability feeds. Network Behavior Anomaly Detection (NBAD) Building on the innovation of its RNA technology, the Sourcefire 3D System is the first intrusion prevention system to integrate Network Behavior Anomaly Detection (NBAD) capabilities into an IPS. With a single integrated IPS, you can continually analyze packets, assets, and the flow of data over your network for increased threat and vulnerability management. This is the level of performance where we would like to see all IDS and IPS products aspire. NSS Group Administrators can track and chart a variety of host and network metrics with Advance Flow Visualization. Drilling down is easy and metrics and chart types can be changed with a simple mouse click. With NBAD, the Sourcefire 3D System continually monitors network based on rules and policies that you set. The Sourcefire 3D System then identifies and tracks anomalies such as distributed denial of service (DDoS) attacks, worms, and zero-day threats and provides an alert or takes automatic action. You set the thresholds to measure anomalous activities, customize alerts, and automate responses. With the Sourcefire 3D System, you are in a better position to quickly address and resolve threats before network performance is disrupted and customers complain. Discover. Determine. Defend. 6
7 SOURCEFIRE INTRUSION SENSORS The best prevention begins with the best detection and knowledge. With Sourcefire Intrusion Sensors, you enjoy the highest attack detection and prevention rate on the market through Snort, the world s most popular rules-based detection engine, created and managed by Sourcefire. Snort uses a rules-based language a powerful combination of signature, protocol, and anomaly-based inspection methods to examine packets at both the IP protocol and application level. You can set it to look for specific occurrences of attacks against a protocol or the conditions of an attack. By using the flexibility of the Snort rules language, you can block, contain, or quarantine critical threats with techniques such as dropping traffic, disrupting sessions between devices, or integrating with access control devices such as firewalls, routers, and switches. When deployed inline, the Sourcefire 3D System allows you to replace malicious content with benign content. The flexibility in the rules language and numerous configuration options (port density, interface types, deployment modes), allows you to easily define new ways to identify and prevent threats and enforce policies specific to your individual environment. With Sourcefire Intrusion Sensors, you get the widest range of defense blocking, replacing, alerting, or monitoring when suspicious activity is detected. You can deploy the sensors inline as an IPS or passively as an IDS. You can write your own rules or modify existing ones, and you can keep your database of rules current through automatic downloads from Sourcefire s support site. Overall, Sourcefire 3D is one of the best intrusiondetection/ intrusion-prevention products. Federal Computer Week Every organization is different, with some network traffic considered legitimate for certain firms, and threatening to others. Sourcefire Intrusion Sensors allow you to enable, disable or modify individual rules so that they are exactly appropriate for your environment and your business. Of course, you can also create custom rules, all without affecting the level of threat coverage provided to the remainder of the network. With line speeds from five megabits per second (Mbps) to eight gigabits per second (Gbps) and flexibility up to 14 or more CPU units, Sourcefire Intrusion Sensors come in a variety of capacities to meet a variety of needs. Most come with hot-swap and high availability for all main system components including power supplies, interface cards, disk drives, and processors and the industry s best latency of less than 100 microseconds. 7
8 Sourcefire Intrusion Sensor Throughput IS500 IS1000 IS2000 IS2100 IS3000 IS3800 IS5800 5Mbps 45Mbps 100Mbps 250Mbps 1Gbps 1.5Gbps up to 8Gbps SOURCEFIRE INTRUSION AGENTS TM Sourcefire Intrusion Agents allow you to do more than just detect intrusions; they enable a single Sourcefire Defense Center to aggregate event information from one or more open source Snort sensors alongside data from Sourcefire Intrusion Sensors and Sourcefire RNA Sensors. This allows: Sophisticated data analysis Comprehensive reporting Impact assessment and prioritization of events Integration with third-party tools Real-time response to actual attacks Sourcefire Intrusion Agents transmit events generated by open source Snort sensors to the Sourcefire Defense Center, where it can be tightly integrated with the network and vulnerability information provided by Sourcefire RNA Sensors to create a persistent, comprehensive view of the security events on your network. Discover. Determine. Defend. 8
9 SOURCEFIRE DEFENSE CENTER The Plug-n-Protect Sourcefire Defense Center is the brains of the 3D System. It unifies and centrally manages critical network security functions, including event monitoring, correlation, and prioritization for incident response, forensic analysis, trends analysis, and management reporting so that you can make the most of a distributed sensor infrastructure. Designed to scale to enterprise-wide deployments, Sourcefire Defense Center has the only data management solution capable of handling hundreds of millions of events for identification of long-term security trends, while also allowing in-depth forensic analysis down to the individual packet level. By tightly integrating the threat intelligence provided by Sourcefire Intrusion Sensors and Agents with the endpoint and network intelligence provided by Sourcefire RNA, Sourcefire Defense Center correlates and analyzes events in real-time to determine: The relevance of the event to your network The impact an event will have on your network If the impact is critical to your business The Sourcefire 3D System also provides greater endpoint intelligence and support for third party remediation tools in response to threats or increased data to other network security products. In addition to built-in modules for Cisco PIX and Check Point firewalls, Sourcefire can now interface with the Shavlik Patch Management System to automatically trigger the application of patches. 9
10 Sourcefire Defense Center s policy and response engine is unmatched in its power and capabilities. For the first time, you can build or customize policies that combine threat, network, and vulnerability management. Sourcefire Defense Center allows you to confidently protect your network by analyzing events in real-time and enabling automated responses according to the ABCs of Defense: Alert - automated warnings to individuals and other management systems, via messages sent using SYSLOG, , SNMP traps, or trouble tickets ensure attack warnings are addressed. Block - critical threats can not only be blocked but also contained or quarantined via techniques such as dropping traffic, disrupting sessions between devices, and integrating with network devices such as firewalls, routers, and switches. Correct - new vulnerabilities and threats can be automatically mitigated by integrating with patch or configuration management systems to apply configuration or code changes to eliminate possible exploitation. Sourcefire Defense Center includes an easy-to-use, yet extremely powerful, web-based analysis interface, for real-time forensic reporting and analysis. Customizable workflows enable you to tailor the interface to fit the way you investigate and analyze security events. In addition, you can easily create standard or customized reports in PDF, HTML, and CSV formats that can be automatically ed for easy distribution. PLUG-N-PROTECT All Sourcefire appliances come preconfigured, designed to be up and running in less than 15 minutes. No software installation is required. These Plug-n-Protect appliances come with built-in data management and hardened operating systems. The user interfaces have been designed by security engineers for security engineers. This approach enables you to jump into patch management, system integrity verification, system isolation, and custom remediation activities quickly. To start, simply connect to the network and boot. And going forward, you are assured of low overhead and the best total cost of ownership in network security. Discover. Determine. Defend. 10
11 HAVING CONTEXT MEANS SMARTER AND BETTER DECISIONS Unless tuned by knowledgeable administrators, most intrusion prevention systems have no knowledge of the true context and composition of the network they are responsible for defending. This lack of endpoint intelligence leaves intrusion technologies guessing in many areas of processing especially with regard to packet handling. The intrusion prevention systems are ripe for evasion: attackers can actually know more about the network than you, the defenders. The endpoint intelligence that the Sourcefire 3D System offers eliminates ambiguity and dangerous assumptions enabling better real-time decisions. With the endpoint and network intelligence provided by RNA, the Sourcefire 3D System has the smartest intrusion technology on the market. Relevant and non-relevant threats receive the precise priority and attention they deserve. System profiling also precisely emulates the behaviors of the target, foiling even the most sophisticated hackers once and for all. Without Sourcefire IPS is noise generator Plethora of false positives Gartner 99 out of 100 alerts mean nothing Confidence level low only small amount of threats can be safely blocked. Lack of precision. With Sourcefire IPS driving real-time defense Know that events are real Know the criticality of events Know if critical assets have been compromised Automate timeconsuming manual processes 11
12 ABOUT SNORT AND THE SOURCEFIRE VULNERABILITY RESEARCH TEAM (VRT) Open source Snort was created by Martin Roesch, the founder and Chief Technology Officer of Sourcefire. Sourcefire owns the Snort IP and manages the open source project. Over the past few years, Sourcefire has contributed increasing resources to advancing Snort into a mature, feature-rich technology that offers the most flexible and accurate threat detection and prevention available. That commitment has lead to gigabit performance capability, the integration of the Snort inline technology, portscan detection, protocol anomaly detectors, normalization and detection, documentation, and so much more. Staying Ahead of the Zotob Worm 8/12/05 - Sourcefire VRT responds to a Microsoft Windows Plug-and-Play (PnP) vulnerability announcement that came out a few days earlier issuing an advisory and releasing a number of rules to detect all attempted exploits against the PnP vulnerability. 8/14/05 - The Zotob worm is identified in the wild. 8/15/05 - After thorough analysis of the worm, Sourcefire notifies customers that rules were already in place to detect Zotob activity. 8/17/05 - Variants of Zotob as well as other attacks emerge. The VRT verifies that all are covered by original rules update. 8/19/05 - Sourcefire publishes instructions on how to leverage the power of RNA and the 3D Policy and Response engine for further Zotob detection. With over 2,000,000 downloads and 100,000+ active users, and integration into hundreds of third-party solutions, Snort has become the de facto standard for intrusion detection and prevention. Gartner has recognized the mainstream acceptance of Snort in its Open Source Hype Cycle, describing Snort as widely available, used by mainstream companies and supported by many vendors. The power and reach of Snort is due in large part to the power and reach of the Snort user community. Aside from the seasoned developers at Sourcefire, there are literally thousands of experienced users providing invaluable real-world testing of features and rules as well as a global early warning system for new threats. By leveraging the many eyeballs theory that was popularized by Eric Raymond and used to launch Linux to success in the operating system market, people in the open source Snort community worldwide can detect and respond to bugs and other security threats more quickly and efficiently than in a closed environment. Discover. Determine. Defend. 12
13 The Sourcefire Vulnerability Research Team (VRT), comprised of leading edge intrusion detection and prevention experts, works to discover, assess, and respond to the latest trends in hacking activity, intrusion attempts, and vulnerabilities. The robustness of the Snort rules language enables the VRT to write complex rules that focus on detecting any attempts to exploit an underlying vulnerability. This means you can detect new variants of known worms stay ahead of the threats without the need to update your system. Compliance Ensure compliance with policy-based alerting and reporting Automate compliance reporting ENSURING THE STRONGEST POLICY COMPLIANCE Security policies are only as effective as their monitoring and enforcement. Now you can enforce, manage, enhance, and tune your security policies based on your combined threat, network, and vulnerability management data. The policy and response engine of the Sourcefire 3D System is the first technology to give you such power and confidence. Flow data events can also be included in your compliance policy rules. With the Sourcefire 3D System, you can set security policies specifically for your network and know immediately when those policies are violated. For example, you can easily prevent unauthorized servers, P2P applications such as Kazaa, and rogue applications such as web servers running on desktops. Moreover, you can thoroughly document your organization s compliance with the Federal Information Security Management Act (FISMA), the Gramm-Leach-Bliley (GLB) Act, the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes Oxley (SOX) Act, the Security Breach Information Act (SB1386), or the Visa/MC Processing Card Industry s (PCI) Data Security Standard. In the Visa/MC PCI standard, it states we must use network intrusion detection systems, host-based intrusion detection systems, and/or intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. After our analysis, we were fully convinced that Sourcefire led the way. They just provided more value. BankersBank Card Services By implementing the Sourcefire solution we have protected our network better. We would also recommend this solution for added HIPAA compliance. Sourcefire provides proof that we are monitoring and protecting our systems. If there is suspicious activity on our network, we will know about it. Sisters of Charity Providence Hospitals Administrators can build powerful rules to test for a variety of traffic and connection scenarios. 13
14 ENTERPRISE NEEDS, ENTERPRISE SCALABILITY Sourcefire offers a highly scalable intrusion detection and prevention solution, which includes a built-in high performance database capable of handling millions of events in real time. This solution, the Sourcefire 3D System, provides all the threat, endpoint, and network intelligence features you need for large scale, enterprise deployments. In fact, Sourcefire received the highest score of Exceptional from Network World for scalability. The Sourcefire 3D System provides automated failover support by offering a high availability mode that allows two Defense Centers to manage the same sensor or group of sensors. In addition, this system offers dynamic load balancing across Intrusion Sensors that are deployed on the same network segment. You can easily create groups and apply common policies across the sensor group. The Sourcefire 3D System offers several levels of user-specific access, enabling you to determine exactly what access to allow, including maintenance access, data access, restricted data access, rule access, and admin access. Discover. Determine. Defend. 14
15 YOU NEED MORE THAN AN INTRUSION PREVENTION TOOL, YOU NEED AN INTRUSION PREVENTION PROCESS The days of responding to an attack when it occurs are over. Attacks don t just happen at the perimeter any more. Attacks can come from a variety of network entry points. Adding a new security product to address that threat is not the answer. Blocking all network traffic is not the answer either. You need a solution a process that will protect all network entry points, systems, applications, and data all the time. You need to protect your online assets before, during, and after an attack. To get ahead of the attacks, you have got to continually monitor, assess, and react to potential risks, hidden vulnerabilities, and suspicious behavior and anomalies. If you had to stake your career on your intrusion prevention system and level of network security protection, you would want a system that is: Comprehensive integrating threat, endpoint, and network intelligence. Perhaps you would want the one recognized as the most comprehensive and the best value IPS on the market by SC Magazine. Highly automated giving you context for smarter, better decisions and automation when you want it. Policy driven with a multi-level, integrated approach that ensures thorough compliance enforcement and documentation. Infrastructure agnostic allowing you to leverage your existing investment and not lock you into one approach. Built on a proven technology Snort, the de facto standard for intrusion detection and prevention technology, created by Sourcefire. That only leaves you with one choice the Sourcefire 3D System. 15
16 Discover. Determine. Defend. US Headquarters 9770 Patuxent Woods Drive Columbia, MD US Virginia Sales Office 8000 Towers Crescent Drive Suite 1550 Vienna, VA European Sales Office 400 Thames Valley Park Drive Thames Valley Park Reading RG6 1PT +44 (0) ABOUT SOURCEFIRE Sourcefire, Inc., the world leader in intrusion prevention, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. The company's ground-breaking network defense system unifies intrusion and vulnerability management technologies to provide customers with the most effective network security available. Founded in 2001 by the creator of Snort, Sourcefire is headquartered in Columbia, MD and has been consistently recognized for its innovation and industry leadership by customers, media, and industry analysts alike with more than 16 awards and accolades since January 2005 alone. Most recently, the company was positioned in the Leaders Quadrant of Gartner s Magic Quadrant for Network Intrusion Prevention System Appliances report and the Sourcefire 3D System was named Best Security Solution, at the 2006 SC Magazine Awards. At work in leading Fortune 1000 and government agencies, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and intelligence in network security Sourcefire, Inc. Sourcefire, Sourcefire 3D System, Intrusion Sensor, RNA Sensor, Defense Center and Snort are trademarks or registered trademarks of Sourcefire. All rights reserved. REV
How To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationAdaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland
Adaptive IPS Security in a changing world Dave Venman Security Engineer, UK & Ireland 2 Who Is Sourcefire? Mission: To help customers manage increasing risks and regulations by providing the most effective,
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More information1. Thwart attacks on your network.
An IDPS can secure your enterprise, track regulatory compliance, enforce security policies and save money. 10 Reasons to Deploy an Intrusion Detection and Prevention System Intrusion Detection Systems
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationSOURCEFIRE RNA (REAL-TIME NETWORK AWARENESS)
SOURCEFIRE RNA (REAL-TIME NETWORK AWARENESS) DEALING WITH DYNAMIC THREATS INTRODUCTION The Maginot Line is considered to be one of the greatest failures of military history. It is a line of fortifications,
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationIBM Global Technology Services Preemptive security products and services
IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationInformation Technology Solutions
Managed Services Information Technology Solutions A TBG Security Professional Services Offering LET TBG MANAGE YOUR INFRASTRUCTURE WITH CONFIDENCE: TBG S INTEGRATED IT AUTOMATION FRAMEWORK PROVIDES: Computer
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud
More informationNetwork Security Forensics
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationInternet Security Systems
Internet Security Systems Monitoring the network to enhance visibility, integrity and preemtive protection ISS Company Background World s leading independent IT security provider World leader in security
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationIBM Internet Security Systems products and services
Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationTECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.
The Impact of Virtualization on Network Security Discover. Determine. Defend. EXECUTIVE SUMMARY Virtualization is a concept that has become highly visible in the last few years because of its perceived
More informationForeScout CounterACT Edge
ForeScout is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout is extremely easy to install and manage. It does not
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationIBM Internet Security Systems
IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationVulnerability. Management
Solutions.01 Vulnerability Management.02 Enterprise Security Monitoring.03 Log Analysis & Management.04 Network Access Control.05 Compliance Monitoring Rewterz provides a diverse range of industry centric
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationMcAfee Server Security
Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationSymantec Endpoint Protection 12.1.6
Data Sheet: Endpoint Security Overview Last year, we saw 317 million new malware variants, while targeted attacks and zero-day threats were at an all-time high 1. The threat environment is evolving quickly
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationTechnical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems
Symantec Endpoint Protection.cloud Employing cloud-based technologies to address security risks to endpoint systems White Paper: Endpoint Protection.cloud - Symantec Endpoint Protection.cloud Contents
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationInternet Content Provider Safeguards Customer Networks and Services
Internet Content Provider Safeguards Customer Networks and Services Synacor used Cisco network infrastructure and security solutions to enhance network protection and streamline compliance. NAME Synacor
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationOpen Source Software for Cyber Operations:
W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationWhite Paper: Consensus Audit Guidelines and Symantec RAS
Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with
More informationAttaining HIPAA Compliance with Retina Vulnerability Assessment Technology
l Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Overview The final privacy rules for securing electronic health care became effective April 14th, 2003. These regulations require
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationProduct Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity
NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationIREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business
IREBOX X IREBOX X Firebox X Family of Security Products Comprehensive Unified Threat Management Solutions That Scale With Your Business Family of Security Products Comprehensive unified threat management
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationNetwork Immunity Solution. Technical White paper. ProCurve Networking
ProCurve Networking Network Immunity Solution Technical White paper Introduction... 2 Current Security Threats... 2 Solutions for Internal Threat Protection... 2 Network Immunity Solution: What It Is and
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationTrend Micro. Advanced Security Built for the Cloud
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationWHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI
WHITEPAPER Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI About PCI DSS Compliance The widespread use of debit and credit cards in retail transactions demands
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationNetwork Performance + Security Monitoring
Network Performance + Security Monitoring Gain actionable insight through flow-based security and network performance monitoring across physical and virtual environments. Uncover the root cause of performance
More informationEndpoint Security Management
Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationDer Weg, wie die Verantwortung getragen werden kann!
Managed Security Services Der Weg, wie die Verantwortung getragen werden kann! Christoph Altherr System Engineer Security 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Agenda Enterprise
More informationHIPAA Compliance: Meeting the Security Challenge. Eric Siebert Author and vexpert. whitepaper
HIPAA Compliance: Meeting the Security Challenge Eric Siebert Author and vexpert HIPAA Compliance: Meeting the Security Challenge A Closer Look: The HIPAA Compliance Challenge - As many IT managers and
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationData Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex
More informationSourcefire Next-Generation IPS
Sourcefire Next-Generation IPS Sourcefire Next-Generation IPS sets a new standard for advanced threat protection, integrating real-time contextual awareness, intelligent security automation, and unprecedented
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationHP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise
HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents
More information