User s Guide. Skybox Risk Control Revision: 11

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "User s Guide. Skybox Risk Control 7.0.0. Revision: 11"

Transcription

1 User s Guide Skybox Risk Control Revision: 11

2 Copyright Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox Security and is provided under a license agreement containing restrictions on use and disclosure. It is also protected by international copyright law. Due to continued product development, the information contained in this document may change without notice. The information and intellectual property contained herein are confidential and remain the exclusive intellectual property of Skybox Security. If you find any problems in the documentation, please report them to us in writing. Skybox Security does not warrant that this document is error-free. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise without the prior written permission of Skybox Security. Skybox, Skybox View, Skybox Security, Skybox Firewall Assurance, Skybox Network Assurance, Skybox Risk Control, Skybox Threat Manager, Skybox Change Manager, Skybox 5000/5000W/5500/6000 Appliance, are trademarks and registered trademarks of Skybox Security, Inc. Check Point, SiteManager-1, FireWall-1, Provider-1, SmartDashboard, VPN-1, and OPSEC are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other trademark and registered trademark products mentioned in this document are the property of their respective owners. Skybox Security, Inc. Telephone (in the U.S.): SKYBOX ( ) Telephone (outside the U.S.): Fax: Website:

3 Contents Intended audience... 7 How this manual is organized... 7 Related documentation... 7 Technical support... 8 Overview of Skybox Risk Control... 9 Skybox View platform... 9 About Skybox Risk Control... 9 The process About the Skybox View Vulnerability Dictionary Basic architecture Part I: Security Metrics Overview of the Security Metrics feature About security metrics in Skybox View Predefined security metrics Workflow for security metrics Building the model Updating the dictionary Obtaining asset and vulnerability occurrence data Discovery Center Adding organizational hierarchy (Business Units) Analyzing security metrics Viewing security metrics information Focusing on a specific security metric Viewing security metrics information Switching between security metrics Understanding security metrics information Customizing the security metrics Initial customization Security Metric properties Additional customization Remediation Remediation workflow Continuous usage Security metrics notifications Recalculating the security metrics Skybox Risk Control version

4 Skybox Risk Control User s Guide Part II: Exposure Overview of the Exposure feature Introduction to exposure Automated IT security modeling Attack simulation and visualization Business impact analysis and risk metrics Regulation compliance Risk exposure management workflow Building the model Building the network topology Network visualization (maps) Creating and saving dedicated maps Navigating the Network Map Map Groups Validating the model Overview of validating the model Verifying completeness Model completion and validation Using model validation analyses Verifying topology Verifying access Validating the setup for attack simulation Adding Threat Origins Threat Origin types Threat Origin Categories Defining Threat Origins Disabling and enabling Threat Origins Adding Business Asset Groups Defining a Business Asset Group Business Impacts and Regulations Adding dependency rules Explicit dependency rules Implicit dependencies Simulating attacks Understanding Skybox View risk Identifying the critical issues Workflow Reviewing the directly exposed vulnerability occurrences Reviewing the Threat Origins Reviewing the Business Asset Groups Reviewing attacks Check whether the problem is access-related Skybox Risk Control version

5 Contents Remediation Marking vulnerability occurrences as ignored Mitigating critical vulnerability occurrences Creating tickets manually Updating the model after fixing vulnerability occurrences Using the What If model to test changes Continuous risk management Overview of continuous usage Attack simulation for continuous usage Monitoring the risk status Automating tickets Tickets and workflow Model maintenance Part III: Continuous usage Using tasks for automation Task sequences Scheduling tasks and task sequences Task groups Monitoring task results Reports Security Metrics reports Risks reports FISMA/NIST and Risk Assessment reports PCI DSS reports Tickets reports Vulnerability Management reports Vulnerabilities reports Exporting data to CSV files Exporting vulnerability occurrence data to Qualys format Model maintenance Updating the model General maintenance Part IV: Advanced topics Advanced modeling scenarios Modeling VPNs Modeling L2 networks Overlapping networks Virtual routers Virtual firewalls Clusters Modeling multi-homed assets Merging data Using clouds as Threat Origins Advanced dependency rules Skybox Risk Control version

6 Skybox Risk Control User s Guide Additional information about exposure About attack simulation About risk Skybox View analyses Viewing risk PCI DSS support in Skybox Risk Control Access Analyzer Creating new queries Access Analyzer output Adjusting the security metrics parameters Calculation of scores for Vulnerability Level Indicator security metrics Calculation of scores for Remediation Latency Indicator security metrics Impact levels Additional security metrics parameters Vulnerability Dictionary Vulnerability Dictionary information CVE compliance IPS support in Skybox View IPS dictionary Working with IPS in Skybox View Optimization Performance considerations Optimizing Access Analyzer analysis Part V - Planning deployment Planning deployment Deployment plan Deployment team Preparing data for Skybox View Information requirements Preparing a list of network devices Defining the collection strategy Preparing scanning information Preparing the data Phases of deployment First phase Worksheets for planning deployment Deployment overview worksheet Device mapping worksheet Network scans worksheet Business Asset Group mapping worksheet Index Skybox Risk Control version

7 Preface Intended audience The Skybox Risk Control User s Guide explains how to work with Skybox Risk Control. Use this document in conjunction with: Skybox View Installation and Administration Guide, which explains Skybox View installation, and various configuration and maintenance tasks Skybox Risk Control Getting Started Guide, which explains how to use the various features of Skybox Risk Control using predefined data The intended audience is any user of Skybox Risk Control. How this manual is organized This manual includes the following parts: Overview (on page 9) Security Metrics feature (on page 12) Exposure feature (on page 44) Continuous usage (on page 111) Advanced topics (on page 129) Planning deployment (see page 201) Related documentation The following documentation is available for Skybox Risk Control: Skybox Risk Control Getting Started Guide Other Skybox View documentation includes: Skybox View Installation and Administration Guide Skybox View Reference Guide Skybox View Developer s Guide Skybox View Release Notes Skybox Change Manager User s Guide Skybox Threat Manager User s Guide The entire documentation set (in PDF format) is available in the <Skybox_View_Home>/docs directory. A comprehensive Help file can be accessed from any location in the Skybox View Manager by using the Help menu or by pressing F1. Skybox Risk Control version

8 Skybox Risk Control User s Guide Technical support You can contact Skybox Security technical support by: Calling SKYBOX ( ) inside the U.S. or outside the U.S. Using the Skybox Security support portal at You must register to use the support portal. Registered users can view the knowledge base, download updates, and submit cases. Faxing (U.S. number) Sending an to When opening a case, you need the following information: Your contact information (telephone number and address) Skybox View version and build numbers Platform (Windows or Linux) Problem description Any documentation or relevant logs You can compress logs before attaching them by using the Pack Logs tool (see Packing log files for technical support, in the Skybox View Installation and Administration Guide). Skybox Risk Control version

9 Chapter 1 Overview of Skybox Risk Control This chapter is an overview of Skybox Risk Control. In this chapter Skybox View platform... 9 About Skybox Risk Control... 9 The process About the Skybox View Vulnerability Dictionary Basic architecture Skybox View platform Skybox Security delivers a complete portfolio of proactive security risk management solutions that automatically find, prioritize risks, and drive remediation in a large or complex network, before an adverse event occurs. Skybox solutions provide accurate intelligence for daily security and compliance management tasks such as firewall assessments, vulnerability management, threat management, and change planning. While other solutions have limitations such as finding a limited set of risks, can only be used on an infrequent basis, or are reactive and useful only after the breach has already taken place, Skybox enables daily security risk management for the complete enterprise network on an on-going basis. Skybox identifies and prioritizes a wide variety of risks automatically so that the security team has daily risk information to eliminate the most critical risks fast, before an attack. The Skybox Security Enterprise portfolio includes: Skybox Firewall Assurance: Firewall Assessment, PCI Compliance, Firewall Ruleset Optimization Skybox Change Manager: Firewall Change Management and Workflow Skybox Network Assurance: Network Modeling, Access Compliance, Connectivity Troubleshooting Skybox Risk Control: Attack Modeling, Risk Assessment, Vulnerability Management, Patch Optimization Skybox Threat Manager: Threat Analysis, Remediation Planning, and Tracking Workflow The products share common services including modeling, simulation, analytics, reporting, and automated workflow management. About Skybox Risk Control Skybox Risk Control automatically discovers and prioritizes vulnerability occurrences, using contextaware analytics that take network topology, security controls, business assets, and threat intelligence into account. Risk Control gives those on the front line of security the tools they need to focus attention on the most critical risks first to protect customer data, intellectual property and business services. Skybox Risk Control version

10 Skybox Risk Control User s Guide Highlight features Automatically creates and continuously updates a detailed model of your network topology, network and security devices, servers, and end points Incorporates vulnerability data from third-party scanners or with Skybox Vulnerability Detector, scanless vulnerability discovery technique, leveraging product configuration repositories and patch management systems, with daily vulnerability definition content updates Simulates attack scenarios from external or internal threats, highlighting possible exploitation routes by hackers, APT, malware, and internal threats, considering all network security controls such as firewalls and intrusion prevention systems Prioritizes vulnerabilities for remediation, based on exploitability and imposed risk, indicating the most critical vulnerabilities to be fixed Streamlines risk mitigation with automated proposal of remediation alternatives, including ticket generation and workflow Calculates security and risk metrics for every business unit, and for the organization as a whole Robust reporting features include customizable reports for specific audiences such as management, auditors and IT operations Advanced what-if modeling capabilities to predict risky behavior and potential business impact of proposed network changes Integrates with Skybox Threat Manager to prioritize vital threats and updated risk alerts Note: You can use Skybox Threat Manager together with the other features of Skybox Risk Control or separately. Skybox Threat Manager is documented separately in the Skybox Threat Manager Getting Started Guide and the Skybox Threat Manager User s Guide. Comprehensive device support. View the support list at The process The overall Risk Control process is divided into two basic cycles: Import asset and vulnerability data, and then generate security metrics for different technologies and different business units If desired, import network devices to get the topology, and then analyze the exposure of the network to potential attackers Security Metrics Cycle 1 Collect vulnerability occurrences (which also provides information on assets) 2 Organize the assets into Business Units 3 Look at the Discovery Center to understand the security of your inventory 4 Look at the security metrics and the analysis of top problems, such as a Business Unit with many security issues or a specific technology (e.g. Oracle Java) with security issues 5 Remediation track the pace of fixing the top issues 6 Continuous - perform the whole cycle on a regular basis to keep the organization's security status up-to-date Skybox Risk Control version

11 Exposure Cycle 1 Build the topology (bring network devices, view the map) 2 Define Threat Origins 3 Optionally define impact rules for Business Asset Groups 4 Run attack simulation 5 View the results exposure summary and details Chapter 1 Overview of Skybox Risk Control 6 Remediation check important Threat Origins (such as Internet) to see if there are directly exposed vulnerabilities that need fixing 7 Continuous - perform the whole cycle on a regular basis to minimize the organization's exposure About the Skybox View Vulnerability Dictionary The Skybox View Vulnerability Dictionary includes comprehensive and up-to-date data on network vulnerability definitions published within the world. Data source are NVD (National Vulnerability Database), published vulnerability repositories, vulnerabilities scanners, and threat management feeds. Each newly published vulnerability definition is represented in a standard format that includes a Skybox vulnerability ID (SBV ID), CVE ID (if one exists), references to scanner plugin IDs, CVSS score, description, links to relevant sources that describe the vulnerability definition, and solutions. In addition, each vulnerability definition is modeled to include exploitation preconditions and effects, which can then be used in attack simulation. The dictionary enables Skybox Risk Control to represent the vulnerability occurrences of an organization in a standard normalized way, independently of the vulnerabilities scanner or discovery method used to identify it. Skybox Risk Control then prioritizes the identified vulnerability occurrences based on information from both the dictionary and the model. The dictionary supplies the severity of the vulnerability occurrence (CVSS score), the difficulty of its exploitation, and the commonality of such exploitations. The model and attack analysis provides information on the exposure to external and internal threats, the business context, and the potential attack risk of each vulnerability occurrence. This enables the user to relate to rich and meaningful criteria for defining the SLA for remediation of vulnerability occurrences. Vulnerability occurrences with a high CVSS score, high business impact, exposure to various threats, and high attack impact (based on attack simulation), are typically classified as urgent. Basic architecture The Skybox View platform consists of a three-tiered architecture with a centralized server (Skybox View Server), data collectors (Skybox View Collectors), and a user interface (Skybox View Manager). Skybox View can be scaled easily to suit the complexity and size of any infrastructure. For additional information, see Skybox View architecture, in the Skybox View Installation and Administration Guide. Skybox Risk Control version

12 Part I: Security Metrics This part explains how to work with the security metrics feature of Skybox Risk Control.

13 Chapter 2 Overview of the Security Metrics feature You can automate the collection of vulnerability occurrence information from multiple disparate systems and calculate security metrics, which are risk indicators based on vulnerability occurrences. Security metrics provide threat indicators for your organization as a whole and for specific Business Units, enabling the security team to help management understand which threats pose the greatest risk and what your organization is doing about them. Figure 1: Security Metrics Summary page The Security Metrics feature uses vulnerability occurrence data collected on the network to calculate security metrics for each unit in your organization s hierarchy. The security metrics scores allow you to assess the current security and vulnerability status of your organization, track trends, and identify key contributors to poor performance. In this chapter About security metrics in Skybox View Predefined security metrics Workflow for security metrics About security metrics in Skybox View Skybox View uses security metrics to measure the security status of your organization. Skybox View includes predefined security metrics as well as the ability to create new security metrics and customize the existing ones. Skybox Risk Control version

14 Skybox Risk Control User s Guide Most security metrics in Skybox View measure the status of vulnerability occurrences in your organization. However, some security metrics such as MS-VLI, MS-RLI, and Cisco-RLI measure the status of applying security bulletins from vendor based catalogs. The following are the main parameters that define security metrics: Type Vulnerability Level Indicators: These security metrics measure the security status of your organization (or a part thereof) based on the status of its vulnerability occurrences or missing security updates. The more critical vulnerability occurrences or critical security updates in your organization, the higher the score. Vulnerability Level Indicators measure the average rate of vulnerability occurrences residing on assets in a group of assets, such as a Business Asset Group or a Business Unit. In simple terms, the rate is the average number of vulnerability occurrences per asset. Remediation Latency Indicators: These security metrics measure the remediation performance of your organization. The more time it takes to fix the critical vulnerability occurrences or missing security updates, the higher the score. View Remediation Latency Indicators measure the rate of overdue vulnerability occurrences: The Remediation Latency Indicator score for an asset represents the number of overdue (or relatively old) vulnerability occurrences residing on the asset, where each vulnerability occurrence is weighted. The weighting is calculated from the remediation priority of the vulnerability occurrence and its delay; high-priority vulnerability occurrences with a large delay have the highest weight. The Remediation Latency Indicator score for a group of assets (Business Asset Group or Business Unit), is the average of the Remediation Latency Indicator score of each asset in the group. Use the Remediation Latency Indicator metric to identify entities (vulnerability definitions or groups of assets) whose remediation latency is relatively high and to examine trends of remediation latency. Security View: Security View shows the status of vulnerability occurrences in your organization. Note: This is the standard view for most security metrics. Vendor Solution View: Vendor solution view shows the status of applying security bulletins from vendor-based catalogs and the prioritization of the bulletins that need to be applied. Whenever possible, results are displayed in terms of security bulletins, each of which is usually correlated to multiple vulnerability definitions. Vulnerability definitions that are not part of a security bulletins are displayed independently. Scope Vendor solution View is used by default for security metrics such as MS-VLI, MS-RLI, and Cisco-RLI, which measure the status of applying security bulletins from vendor based catalogs. The scope defines which vulnerability definitions are used in each security metric. This can include all vulnerability definitions, only vulnerability definitions or security bulletins from specific vendor-based catalogs (Microsoft, Cisco, Adobe, and/or Oracle), or a custom-defined set. You can also exclude specific groups of vulnerability definitions or products. Predefined security metrics Skybox View includes the following predefine security metrics, some of which are used to track vulnerability occurrence status and some to track remediation progress. Skybox Risk Control version

15 Chapter 2 Overview of the Security Metrics feature Security metric name Security metric long name Scope Description Vendor Solution View Adobe Bulletin Level Adobe Bulletin Level Indicator By Catalog = Adobe Security Bulletins This security metric measures the security status of your organization based on Adobe Security Bulletins. The more critical missing security bulletins, the higher the score. Cisco Remediation Latency Cisco Security Advisories Remediation Latency Indicator By Catalog = Cisco Security Advisory This security metric measures your organization s remediation performance of Cisco Security Advisories. The more time it takes you to apply the missing security advisories, the higher the score. MS Bulletin Level Microsoft Security Bulletins Vulnerability Level Indicator By Catalog = Microsoft Security Bulletins This security metric measures the security status of your organization based on Microsoft Security Bulletins. The more critical missing security bulletins, the higher the score. MS Remediation Latency Oracle Remediation Latency Overall - Remediation Latency Security View Microsoft Security Bulletins Remediation Latency Indicator Oracle Remediation Latency Indicator Remediation Latency Indicator By Catalog = Microsoft Security Bulletins By Catalog = Oracle Security Bulletins Any This security metric measures your organization s remediation performance of Microsoft Security Bulletins. The more time it takes you to apply the missing security bulletins, the higher the score. This security metric measures the security status of your organization based Oracle Security Bulletins. The more time it takes you to apply the missing security bulletins, the higher the score. This security metric measures the remediation performance of your organization. The more time it takes you to fix the critical vulnerability occurrences, the higher the score. Antivirus Integrity Vul Level Antivirus Integrity Vulnerability Level Indicator Custom = Anti-Virus Integrity This security metric measures the security status of your organization based on the alerts (vulnerability occurrences) on antivirus applications. The more unhandled critical alerts (vulnerability occurrences) you have on antivirus applications, the higher the score. Skybox Risk Control version

16 Skybox Risk Control User s Guide Mobile Vul Level Mobile Devices Alerts Vulnerability Level Indicator Custom = Mobile device Vulnerabilitie s This security metric measures the security status of your organization based on the alerts (vulnerability occurrences) on one or more of the following mobile devices: Apple Android Blackberry The more unhandled critical alerts (vulnerability occurrences) you have on mobile devices, the higher the score. New Vulnerabiliti es New Vulnerabilities (Last 30 Days) Vulnerability Level Indicator Custom = New Vulnerabilitie s last 30 days This security metric measures the security status of your organization based on the vulnerability definitions that were published in the last 30 days. The more unhandled new critical vulnerability occurrences you have, the higher the score. Overall Vul Level Vulnerability Level Indicator Any This security metric measures the security status of your organization based on its vulnerability occurrences. The more critical vulnerability occurrences you have, the higher the score. Web Browser Vulnerabiliti es Web Browser Alerts Vulnerability Level Indicator Custom = Web Browsers This security metric measures the security status of your organization based on the alerts (vulnerability occurrences) on any of the following web browsers: Internet Explorer Mozilla Firefox Google Chrome Apple Safari. The more unhandled critical alerts (vulnerability occurrences) you have on web browsers, the higher the score. Workflow for security metrics The following is the basic workflow for security metrics. 1 Analyze the security metrics (see page 29). 2 After you finish the setup, you can view the security metrics (on page 30) by organization hierarchy. 3 Make any necessary changes, such as changing the names, number of levels, or SLA periods of the security metrics (see Customizing the security metrics (on page 36)), and reanalyze. 4 In Skybox View, decide which vulnerability definitions or security bulletins to fix first and create tickets (on page 41) for them. If your organization handles the remediation process externally, export (on page 122) the relevant data to CSV. Skybox Risk Control version

17 Chapter 3 Building the model The Skybox View model (the model) is a schema in the Skybox View database that represents all or part of your organization s network; it is used for vulnerability occurrence profiling, attack simulation, risk analysis, and planning mitigation. When you have gathered as much information about your network as possible, you can begin building the model. It is recommended that you start with a relatively small first phase (for additional information, see First phase (on page 205)). Use the Model workspace and the Model tree to build the model. Note: Before collecting data from your organization s network the first time, the model must be empty. If you loaded the demo model for tutorial purposes, you must clear it (File > Models > Reset Model). In this chapter Updating the dictionary Obtaining asset and vulnerability occurrence data Discovery Center Adding organizational hierarchy (Business Units) Updating the dictionary The Skybox View Vulnerability Dictionary contains information about vulnerability definitions. When a vulnerability occurrence is found by a scanner (or by any other means), Skybox View uses the Vulnerability Dictionary to normalize the vulnerability occurrence and add all the vulnerability definition s information including its description, cross-references from various sources, and external URLs to the model. Skybox View includes the most up-to-date dictionary at the time of release, but new updates are issued periodically. If the Vulnerability Dictionary is more than a week old, update it before running vulnerability detection, calculating security metrics, or simulating attacks. To check the date and version of the Vulnerability Dictionary Select File > Dictionary > Show Dictionary Info. Update the dictionary by running the Dictionary Update Daily task. Note: This task is scheduled to run daily, but is not actually enabled to do so. To enable the Dictionary Update Daily task to run as scheduled 1 Click. 2 In the Operational Console tree, select Tasks > All Tasks. 3 In the Table pane, right-click the Dictionary Update Daily task and select Properties. 4 In the Properties dialog box, make sure that Enable Auto-launch is selected. 5 Click OK. Skybox Risk Control version

18 Skybox Risk Control User s Guide To verify that the task is running correctly 1 In the Table pane, look at the Dictionary Update Daily task. 2 If there are timestamps in the Started at and Finished at columns, the task has run successfully and you can skip the other instructions here. If there are no timestamps in the Started at and Finished at columns, the task has not run, and you must launch it manually ( ). 3 After the task is launched, check its messages. The task may fail if: The internet connection was not set correctly. There is no internet connection. In this case, you must download the dictionary and update it manually as specified in the Updating the dictionary topic in the Skybox View Installation and Administration Guide. Obtaining asset and vulnerability occurrence data Asset and vulnerability occurrence data is a necessary component of security metrics analysis and Exposure analysis. You can obtain this data from: Scanners: Organizations that use scanners on their networks can use Skybox View tasks to either read the scanned data via APIs (online collection) or import the data from files generated by the scanner. Other data sources: In many cases, areas in the network are not scanned or not scanned frequently because of deployment issues. In this case, obtain asset data from other sources, such as: Microsoft Active Directory: Skybox View can import Active Directory data to obtain your organization s Business Unit and Business Asset Group hierarchy and assets (but not asset products). Microsoft System Center Configuration Manager (SCCM): Skybox View can import SCCM data to obtain your organization s assets, products, and patches. Note: SCCM data for Microsoft technologies includes missing patches that are directly equivalent to vulnerability occurrences in Skybox View (for example: MS12-017). Other patch management and asset management systems: Skybox View can connect to these data sources (usually via ixml) and obtain information about assets, products, and sometimes missing patches for vulnerability occurrences. Import data from these other sources as often as necessary; the import is not dependent on the scheduling of specific scans. Note: Whichever sources are used, it is important to make sure that the Skybox View Vulnerability Dictionary is up-to-date (see Updating the dictionary (on page 17)) before you start. When asset data is imported from data sources that are not scanners and that do not include missing patches, it does not include any vulnerability occurrence data. Skybox View s Analysis Vulnerability Detector tasks analyze the asset data to extract vulnerability occurrences from it. For additional information, see: Retrieving scanner data (see "Retrieving the data" on page 19) Tasks, in the Skybox View Reference Guide Vulnerability detection (on page 19) For information about ixml, see the Integration part of the Skybox View Developer s Toolkit. Skybox Risk Control version

19 Retrieving the data Chapter 3 Building the model Scanner data provides information about assets and services, and information about the vulnerability occurrences that exist on scanned assets. You can add this data to the model using tasks. For information about tasks that collect scanner data and add it to the model, see Scanner tasks, in the Skybox View Reference Guide. For a sample workflow, see Workflow for importing a Qualys vulnerabilities scan (on page 20). Skybox View supports many scanners, such as Qualys QualysGuard and ncircle. A complete list of directly supported scanners is available at If your scanner is not supported, create an integration script that converts the source data to Skybox Integration XML (ixml) and import it to Skybox View. For information about ixml, see the Integration part of the Skybox View Developer s Toolkit. Patch data is an important component of the model that provides additional information about IT assets and vulnerability occurrences that is usually quite accurate and helps Skybox View to model your organization s network more accurately. You can retrieve patch data from asset management systems and patch management systems. You can use this data instead of, or in addition to, information collected from network vulnerabilities scanners. This is necessary when the vulnerabilities scanners do not cover the whole network, are not activated very often, or are not deployed at all. You can import data from asset and patch repositories as often as necessary; the import is not dependent on the scheduling of specific scans. Patch data is retrieved using collection tasks for supported patch management systems (such as Shavlik NetChk Protect), import tasks for Active Directory and SCCM, or using ixml to import patch information from other data sources (such as BigFix). For additional information about importing data from ActiveDirectory and SCCM, see Vulnerability detection (on page 19). For information about ixml, see the Integration part of the Skybox View Developer s Toolkit. Vulnerability detection Asset data is imported directly from patch management and asset management systems (such as Active Directory and SCCM) to Skybox View using tasks. After the asset data is imported, an additional task (of type Analysis Vulnerability Detector) must be run to infer the vulnerability occurrences from service banners imported as part of the asset data. Basic workflow for detecting vulnerability occurrences 1 (Optional) Import information from Active Directory to obtain your organization s hierarchy. For additional information, see Importing Microsoft Active Directory data, in the Skybox View Reference Guide. 2 View the imported Business Units, and Business Asset Groups in the Model workspace: Organization > Business Units & Asset Groups. When you select a Business Asset Group in the tree, you can see its assets in the workspace. 3 Run an Asset Management SCCM task to obtain asset information. For additional information, see Microsoft SCCM, in the Skybox View Reference Guide. 4 View the imported assets in the Model workspace: Organization > Model Analyses > New Entities > New Assets, or in any other appropriate analysis. 5 View the generated products (services) of all newly imported assets by selecting an asset and then viewing the Services tab in the Details pane. Note: You can also create operational analyses of type Services in the Model Analyses tree and, for example, set the value of the Discovery Method field to Vulnerability Detector. However, this analysis does not display the services for each asset separately. Until this point, there are assets with products, but no vulnerability occurrences. Skybox Risk Control version

20 Skybox Risk Control User s Guide 6 Run a task of type Analysis Vulnerability Detector. For information about these tasks, see Vulnerability Detector tasks, in the Skybox View Reference Guide. 7 View the generated vulnerability occurrences in any vulnerability occurrences analysis, such as Risk Control > Analytics Center > Analyses > Public Analyses > Vulnerabilities > New Vulnerability Occurrences (in the Risk Control workspace). The Discovery Method field of a vulnerability occurrence generated by this task is Vulnerability Detector. If necessary, you can display the Created Time field in the Table pane to make sure you are looking at vulnerability occurrences from the correct run of the task. Unidentified services There may be cases where an asset has services that Skybox View cannot identify based on their banner. This may occur because the banner format is new to the system or because the product is not yet supported (such as a new minor version of Windows). Sending unidentified banners to Skybox Security, as explained in the next section, can help speed up the identification. You can see these services in two places: Analyses of type Services (such as a New Services analysis). Asset analyses, in the Services tab of the Details pane, when the Show Unidentified Services check box is selected. Look at the Banner field (available as a column in Services analyses and by right-clicking the Service and selecting Properties) to see which product is involved. To send information about unidentified services to Skybox Security for identification (and inclusion in product updates) 1 Right-click the analysis that includes unidentified services and then select Export to CSV. 2 Create a ticket in Skybox View s support portal and add the CSV file as an attachment. Workflow for importing a Qualys vulnerability scan When imported into Skybox View, vulnerability scans provide information about the assets and services in your organization including their vulnerability occurrences. If the scan includes assets that are not already part of the model, they are added to the model. The following explains how to import a Qualys vulnerability scan. To import a Qualys vulnerability scan 1 In the Operational Console tree, select the Tasks node. 2 Click. 3 Type a Name for the task, such as Import Qualys Collection. Skybox Risk Control version

21 Chapter 3 Building the model 4 In the Task Type field, select Scanners Qualys Collection. 5 Fill in the Username and Password. Figure 2: Scanners - Qualys Collection task parameters 6 Define the Network Scope the locations and networks in the model to include in the task. When the collection data is imported, only data from the specified locations and network is merged with the existing model. If the network scope is empty, the entire collection is merged. 7 The Recency field defines how many days back to search for scans. To obtain the most recent scan, fill in this field according to how often scans are run. For example, if scans are run on a daily basis, 1 finds yesterday s scan. If scans are run on a weekly basis, 7 finds the most recent scan. For information about additional parameters in the task, see Qualys QualysGuard collection tasks, in the Skybox View Reference Guide. 8 Click Launch. 9 Verify that the task finished successfully: a) Select the task in the Table pane of the All Tasks node. b) Check that the value of the Exit Code is Success. If the task did not succeed, look in the Messages tab of the Details pane for information about what went wrong. This tab displays a log of the task; you can view the errors there to understand the problem. For example, a necessary file was deleted for some reason or moved to a different location. Skybox Risk Control version

22 Skybox Risk Control User s Guide 10 Close the Operational Console. 11 Check the results of the import as follows: a) Open the Risk Control workspace. b) Navigate to Analytics Center > Analyses > Public Analyses > Vulnerabilities. c) Right-click the New Vulnerability Occurrences folder and select New > Analysis. d) Type a Name for the analysis, such as Vulnerabilities imported by last Qualys scan. e) Fill in the following fields: Last Scan Time: As appropriate (Advanced tab) Discovery Method=QUALYS f) Click OK. Guidelines for setting up scanner tasks Review the following when setting up scanner tasks: Skybox View requires unrestricted scanning output output with a minimum of control devices (such as firewalls) blocking the route between the scanner and the scanned assets. Otherwise, Skybox View s analysis of access and attack scenarios in the model does not reflect the actual access and possibility of attacks in your organization. When your organization includes DHCP networks, you get a more accurate model if you use separate scans for the DHCP networks and for the static networks because Skybox View uses a different mechanism to merge scans of DHCP networks into the model. Some information found by vulnerability scanners is not needed for attack simulation. Skybox View supports blacklists, lists of scanner IDs that contain irrelevant information that Skybox View ignores. Blacklists are used when merging vulnerability occurrences into the model: scanner IDs on the blacklists are not translated into vulnerability occurrences in the model. For additional information, see Blacklists, in the Skybox View Reference Guide. Vulnerability occurrences in the model When a vulnerability occurrence is found by a scanner or by any other means, Skybox View uses the Skybox View Vulnerability Dictionary to formally model the vulnerability occurrence in the model. The following information is displayed for each vulnerability occurrence: Commonality: Unknown, Low, Medium, or High Generated by the Vulnerability Dictionary, commonality specifies how frequently attackers exploit vulnerability occurrences of this vulnerability definition. Severity: Taken from the CVSS base score, and displayed on a scale from Unknown to Critical, and as a number (0-10) Generated by the Vulnerability Dictionary. CVSS information: The Vulnerability Dictionary provides CVSS information for the base and temporal vector of each vulnerability occurrence. This standard enables users to easily analyze the impact of a vulnerability occurrence, including how can it be exploited (locally or remotely, with or without authentication, and so on) and its possible impact in terms of CIA (confidentiality, integrity, and availability). Life-cycle status: Found, Ignored, or Fixed Skybox View assigns an initial status of Found to each vulnerability occurrence detected. Later, this can be changed by Skybox View or by a user to Ignored or Fixed. Attack simulation uses only vulnerability occurrences with the Found status. Skybox Risk Control version

23 Chapter 3 Building the model When you run attack simulation, the exposure level of each vulnerability occurrence in the model is analyzed. The exposure level indicates how many steps are needed to access the vulnerability occurrence from a Threat Origin; direct exposure means that some Threat Origin can reach the vulnerability occurrence in only one step. Discovery Center The Discovery Center provides a high level view of the information Skybox View has about the model. At the top of the page, you can see: The number of vulnerability occurrences in the organization (that is, the parts of the organization are modeled) and their average age The number of vulnerability definitions The number of assets in the organization, including those which have not been scanned recently Figure 3: Discovery Center The various charts and tables below provide a high level view of the inventory of the organization, showing you how your organization looks from a Skybox View point of view. At first, this inventory enables you to see at a glance that all the information you expected is included in the model, and that, for example, you didn't miss a location or a critical network. As you continue to work with Skybox View, it also enables you to view your organization s assets from various perspectives, such as noticing how many of the assets are up-to-date and how many are overdue. Adding organizational hierarchy (Business Units) This section explains how to add Business Units and Business Asset Groups to the model. Skybox Risk Control version

24 Including information about your organization s hierarchy (Business Units and Business Asset Groups) in the Skybox View model enables Skybox View to present the inventory and findings in a logical way for your organization. You define this information after the network and security information is collected for your model. As stated in First phase (on page 205), it is recommended that you start with a first phase consisting of about five Business Asset Groups. Figure 4: Sample business hierarchy Note: When defining your organization s hierarchy, use names that match your organization. Create a naming convention that is understandable and meets the needs of your organization. This makes the first stage of definition easier, makes it easier to maintain the definitions, and makes it easier to add new ones when necessary. Business Units Business Units allow you to group your organization s Business Asset Groups into a hierarchy for management purposes. This is especially useful for large organizations. When you create analyses and reports, you can use the Business Units to organize (aggregate or filter) the results. You can also compare the risk levels of different Business Units. Defining Business Units To define a Business Unit 1 Do one of the following: In the Model tree, select the Business Units & Asset Groups node. To make the new Business Unit part of an existing Business Unit, select the parent Business Unit. 2 Right-click the node and select New > Business Unit. Figure 5: New Business Unit dialog box

25 3 Fill in the fields and click OK. Members (other Business Units and Business Asset Groups) are optional when first creating the Business Unit but you must fill them in later. Selecting an owner is optional. Managing Business Units After you create a Business Unit, you can create a hierarchy by creating Business Asset Groups or other Business Units inside the first one or by attaching existing Business Asset Groups or Business Units to the first one. You can also detach Business Asset Groups or Business Units from a parent Business Unit. To attach a Business Asset Group or a Business Unit to another Business Unit 1 In the Model tree, locate the Business Asset Group or Business Unit that is to become a part of another Business Unit. 2 Right-click the Business Asset Group or Business Unit and select Attach to Business Unit. 3 Do one of the following: Figure 6: Attach Business Units to Business Unit dialog box If the parent Business Unit exists, select it and click OK. The selected entity becomes a child node of the parent Business Unit. To make this entity part of a new Business Unit: a) Select the position in the tree where you want the new (parent) Business Unit. b) Click New. c) In the New Business Unit dialog box, fill in the relevant information. The entity that you are attaching automatically becomes a child of the new parent Business Unit, but you can also add other member entities using the Members field. d) Click OK. The new Business Unit is created in the selected position in the tree and the selected entity becomes a child node, as do any other member entities selected in step c.

26 To detach a Business Asset Group or Unit from a Business Unit 1 In the Model tree, locate the Business Asset Group or Business Unit to detach from a Business Unit. If the Business Asset Group or Business Unit is attached to more than one Business Unit, make sure that you locate the correct instance (that is, you are detaching it from the correct Business Unit). 2 Right-click the Business Asset Group or Business Unit and select Detach from Business Unit. If the Business Asset Group is no longer attached to any Business Units, it is moved to the bottom of the Business Units & Asset Groups node in the Model tree. Note: You can also attach and detach Business Asset Groups and Business Units to or from existing Business Units by dragging them to the desired locations in the Model tree. Business Asset Groups A Business Asset Group is a group of assets that serve a common business purpose. Use Business Asset Groups to model your organization according to functions provided by your IT infrastructure. To add a Business Asset Group 1 Do one of the following: In the Model tree, select the Business Units & Asset Groups node. To make the new Business Asset Group part of an existing Business Unit, select that Business Unit.

27 2 Right-click the node and select New > Business Asset Group. 3 Type a Name for the Business Asset Group. Figure 7: New Business Asset dialog box 4 Click the Browse button next to the Members field to select the members of the Business Asset Group. Select any of the following: Specific assets Networks If you select a network, every non-network-device asset currently in that network is included in the Business Asset Group. 5 (Optional) Select an Owner for this Business Asset Group. 6 Click OK. The Business Asset Group is saved. It is added in the Model tree under its parent node. For information about the parameters of Business Asset Groups, see Business Asset Groups, in the Skybox View Reference Guide. Other ways of adding organizational hierarchy information You can add new information about your organization s hierarchy to the model automatically in the following ways:

28 Import an ixml model Retrieve hierarchy information from various proprietary sources of information, such as a customized asset database. Scripts convert the proprietary information into a format (ixml) that Skybox View can import. For information about ixml, see the Integration part of the Skybox View Developer s Toolkit. Import a Skybox View model (in XML or encrypted XML format) Importing a model adds the new model s entities to the current model. In this manner, you can join several partial models representing different sections of your organization s network into a single model. Note: The imported models may also include Threat Origins.

Vulnerability Control Product Tour

Vulnerability Control Product Tour Skybox Trial Vulnerability Control Product Tour 7.5.300 Revision 11 Copyright 2002-2015 Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox

More information

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation

More information

Novell ZENworks Asset Management 7.5

Novell ZENworks Asset Management 7.5 Novell ZENworks Asset Management 7.5 w w w. n o v e l l. c o m October 2006 USING THE WEB CONSOLE Table Of Contents Getting Started with ZENworks Asset Management Web Console... 1 How to Get Started...

More information

Shavlik Patch for Microsoft System Center

Shavlik Patch for Microsoft System Center Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 Shavlik. All rights reserved. This

More information

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014 QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

Complete Patch Management

Complete Patch Management Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia

More information

Cyber Security RFP Template

Cyber Security RFP Template About this document This RFP template was created to help IT security personnel make an informed decision when choosing a cyber security solution. In this template you will find categories for initial

More information

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Getting Started with the iscan Online Data Breach Risk Intelligence Platform Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing

More information

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE iscan Online 5600 Tennyson Parkway Suite 343 Plano, Tx 75024 Table of Contents Overview... 3 Data Breach Prevention... 4 Choosing

More information

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015 QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information

More information

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012 SOLARWINDS ORION Patch Manager Evaluation Guide for ConfigMgr 2012 About SolarWinds SolarWinds, Inc. develops and markets an array of network management, monitoring, and discovery tools to meet the diverse

More information

Audit Management Reference

Audit Management Reference www.novell.com/documentation Audit Management Reference ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE TRIPWIRE PURECLOUD TRIPWIRE PureCloud USER GUIDE 2001-2015 Tripwire, Inc. All rights reserved. Tripwire and ncircle are registered trademarks of Tripwire, Inc. Other brand or product names may be trademarks

More information

Security Development Tool for Microsoft Dynamics AX 2012 WHITEPAPER

Security Development Tool for Microsoft Dynamics AX 2012 WHITEPAPER Security Development Tool for Microsoft Dynamics AX 2012 WHITEPAPER Junction Solutions documentation 2012 All material contained in this documentation is proprietary and confidential to Junction Solutions,

More information

Administration Guide. WatchDox Server. Version 4.8.0

Administration Guide. WatchDox Server. Version 4.8.0 Administration Guide WatchDox Server Version 4.8.0 Published: 2015-11-01 SWD-20151101091846278 Contents Introduction... 7 Getting started... 11 Signing in to WatchDox... 11 Signing in with username and

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide IBM Security QRadar SIEM Version 7.1.0 MR1 Vulnerability Assessment Configuration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks

More information

Scanless Vulnerability Assessment:

Scanless Vulnerability Assessment: Scanless Vulnerability Assessment: Skybox Security whitepaper July 2014 1 Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the

More information

ez Agent Administrator s Guide

ez Agent Administrator s Guide ez Agent Administrator s Guide Copyright This document is protected by the United States copyright laws, and is proprietary to Zscaler Inc. Copying, reproducing, integrating, translating, modifying, enhancing,

More information

Scanless Vulnerability Assessment. A Next-Generation Approach to Vulnerability Management

Scanless Vulnerability Assessment. A Next-Generation Approach to Vulnerability Management Scanless Vulnerability Assessment A Next-Generation Approach to Vulnerability Management WHITEPAPER Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network

More information

USER GUIDE: MaaS360 Services

USER GUIDE: MaaS360 Services USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document

More information

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE .trust TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE 2007 Table of Contents Introducing Trustwave Vulnerability Management 3 1 Logging In and Accessing Scans 4 1.1 Portal Navigation and Utility Functions...

More information

Radia Cloud. User Guide. For the Windows operating systems Software Version: 9.10. Document Release Date: June 2014

Radia Cloud. User Guide. For the Windows operating systems Software Version: 9.10. Document Release Date: June 2014 Radia Cloud For the Windows operating systems Software Version: 9.10 User Guide Document Release Date: June 2014 Software Release Date: June 2014 Legal Notices Warranty The only warranties for products

More information

P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T

P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T, F U S I O N E D I T I O N R E L E A S E 1 1. 1. 1.x P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E

More information

Integrate Check Point Firewall

Integrate Check Point Firewall Integrate Check Point Firewall EventTracker Enterprise Publication Date: Oct.26, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is

More information

Attix5 Pro Server Edition

Attix5 Pro Server Edition Attix5 Pro Server Edition V7.0.2 User Manual for Mac OS X Your guide to protecting data with Attix5 Pro Server Edition. Copyright notice and proprietary information All rights reserved. Attix5, 2013 Trademarks

More information

Next-Generation Vulnerability Management

Next-Generation Vulnerability Management White Paper Transform Checkbox Compliance into a Powerful Risk Mitigation Tool Skybox Security whitepaper, June 2014 Executive Summary Vulnerability management is the process of identifying, classifying,

More information

Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP

Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP Microsoft Dynamics Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP May 2010 Find updates to this documentation at the following location. http://go.microsoft.com/fwlink/?linkid=162558&clcid=0x409

More information

Software Vulnerability Assessment

Software Vulnerability Assessment Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled

More information

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd. GFI LANguard 9.0 ReportPack Manual By GFI Software Ltd. http://www.gfi.com E-mail: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples

More information

BUILDER 3.0 Installation Guide with Microsoft SQL Server 2005 Express Edition January 2008

BUILDER 3.0 Installation Guide with Microsoft SQL Server 2005 Express Edition January 2008 BUILDER 3.0 Installation Guide with Microsoft SQL Server 2005 Express Edition January 2008 BUILDER 3.0 1 Table of Contents Chapter 1: Installation Overview... 3 Introduction... 3 Minimum Requirements...

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide Note Before using

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Administration Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Administration Guide IBM Security QRadar SIEM Version 7..0 MR Administration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 07. Copyright

More information

Actualtests.C2010-508.40 questions

Actualtests.C2010-508.40 questions Actualtests.C2010-508.40 questions Number: C2010-508 Passing Score: 800 Time Limit: 120 min File Version: 5.6 http://www.gratisexam.com/ C2010-508 IBM Endpoint Manager V9.0 Fundamentals Finally, I got

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

Implementation Guide. Version 10

Implementation Guide. Version 10 Implementation Guide Version 10 Synthesis Enterprise Portal Implementation Guide Part Identification: RPIGSEP10 ReliaSoft Corporation Worldwide Headquarters 1450 South Eastside Loop Tucson, Arizona 85710-6703,

More information

Symantec Security Information Manager 4.8 User Guide

Symantec Security Information Manager 4.8 User Guide Symantec Security Information Manager 4.8 User Guide Symantec Security Information Manager User Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Silect Software s MP Author

Silect Software s MP Author Silect MP Author for Microsoft System Center Operations Manager Silect Software s MP Author User Guide September 2, 2015 Disclaimer The information in this document is furnished for informational use only,

More information

Using the Cisco OnPlus Scanner to Discover Your Network

Using the Cisco OnPlus Scanner to Discover Your Network Using the Cisco OnPlus Scanner to Discover Your Network Last Revised: October 22, 2012 This Application Note explains how to use the Cisco OnPlus Scanner with the Cisco OnPlus Portal to discover and manage

More information

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd. GFI LANguard 9.0 ReportPack Manual By GFI Software Ltd. http://www.gfi.com E-mail: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples

More information

CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE

CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE Quick Start Guide for Partners Cloud Security for Endpoints powered by GravityZone Quick Start Guide for Partners Publication date 2013.10.28 Copyright

More information

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Symantec Security Information Manager 4.6 Administrator's Guide

Symantec Security Information Manager 4.6 Administrator's Guide Symantec Security Information Manager 4.6 Administrator's Guide Symantec Security Information Manager 4.6 Administrator's Guide The software described in this book is furnished under a license agreement

More information

Managing Identities and Admin Access

Managing Identities and Admin Access CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.

More information

http://docs.trendmicro.com

http://docs.trendmicro.com Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

SAS Business Data Network 3.1

SAS Business Data Network 3.1 SAS Business Data Network 3.1 User s Guide SAS Documentation The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2014. SAS Business Data Network 3.1: User's Guide. Cary,

More information

InfoView User s Guide. BusinessObjects Enterprise XI Release 2

InfoView User s Guide. BusinessObjects Enterprise XI Release 2 BusinessObjects Enterprise XI Release 2 InfoView User s Guide BusinessObjects Enterprise XI Release 2 Patents Trademarks Copyright Third-party contributors Business Objects owns the following U.S. patents,

More information

White Paper. Managing Risk to Sensitive Data with SecureSphere

White Paper. Managing Risk to Sensitive Data with SecureSphere Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate

More information

McAfee VirusScan Enterprise for Linux 1.7.0 Software

McAfee VirusScan Enterprise for Linux 1.7.0 Software Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

rating of 5 out 5 stars

rating of 5 out 5 stars SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security

More information

NETWRIX USER ACTIVITY VIDEO REPORTER

NETWRIX USER ACTIVITY VIDEO REPORTER NETWRIX USER ACTIVITY VIDEO REPORTER ADMINISTRATOR S GUIDE Product Version: 1.0 January 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

Item Audit Log 2.0 User Guide

Item Audit Log 2.0 User Guide Item Audit Log 2.0 User Guide Item Audit Log 2.0 User Guide Page 1 Copyright Copyright 2008-2013 BoostSolutions Co., Ltd. All rights reserved. All materials contained in this publication are protected

More information

Qualys PC/SCAP Auditor

Qualys PC/SCAP Auditor Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS

More information

NETWRIX EVENT LOG MANAGER

NETWRIX EVENT LOG MANAGER NETWRIX EVENT LOG MANAGER ADMINISTRATOR S GUIDE Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

SOLARWINDS ORION. Patch Manager Evaluation Guide

SOLARWINDS ORION. Patch Manager Evaluation Guide SOLARWINDS ORION Patch Manager Evaluation Guide About SolarWinds SolarWinds, Inc. develops and markets an array of network management, monitoring, and discovery tools to meet the diverse requirements of

More information

Symantec Security Information Manager 4.7.4 Administrator Guide

Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement

More information

HP Enterprise Integration module for SAP applications

HP Enterprise Integration module for SAP applications HP Enterprise Integration module for SAP applications Software Version: 2.50 User Guide Document Release Date: May 2009 Software Release Date: May 2009 Legal Notices Warranty The only warranties for HP

More information

SecuraLive ULTIMATE SECURITY

SecuraLive ULTIMATE SECURITY SecuraLive ULTIMATE SECURITY Home Edition for Windows USER GUIDE SecuraLive ULTIMATE SECURITY USER MANUAL Introduction: Welcome to SecuraLive Ultimate Security Home Edition. SecuraLive Ultimate Security

More information

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000 ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000 Version 3.2 ArcMail Technology 401 Edwards Street, Suite 1601 Shreveport, LA 71101 Support: (888) 790-9252

More information

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide Abstract This guide describes the Virtualization Monitor (vmon), an add-on service module of the HP Intelligent Management

More information

HP Client Automation Standard Fast Track guide

HP Client Automation Standard Fast Track guide HP Client Automation Standard Fast Track guide Background Client Automation Version This document is designed to be used as a fast track guide to installing and configuring Hewlett Packard Client Automation

More information

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide Dell Enterprise Reporter 2.5 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license

More information

How to Grow and Transform your Security Program into the Cloud

How to Grow and Transform your Security Program into the Cloud How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management

More information

WatchDox for Windows. User Guide. Version 3.9.5

WatchDox for Windows. User Guide. Version 3.9.5 WatchDox for Windows User Guide Version 3.9.5 Notice Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to

More information

Novell ZENworks 10 Configuration Management SP3

Novell ZENworks 10 Configuration Management SP3 AUTHORIZED DOCUMENTATION Software Distribution Reference Novell ZENworks 10 Configuration Management SP3 10.3 November 17, 2011 www.novell.com Legal Notices Novell, Inc., makes no representations or warranties

More information

Authoring for System Center 2012 Operations Manager

Authoring for System Center 2012 Operations Manager Authoring for System Center 2012 Operations Manager Microsoft Corporation Published: November 1, 2013 Authors Byron Ricks Applies To System Center 2012 Operations Manager System Center 2012 Service Pack

More information

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables

More information

Secure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01

Secure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01 Secure Web Service - Hybrid Policy Server Setup Release 9.2.5 Manual Version 1.01 M86 SECURITY WEB SERVICE HYBRID QUICK START USER GUIDE 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange,

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Secure Web Appliance. SSL Intercept

Secure Web Appliance. SSL Intercept Secure Web Appliance SSL Intercept Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About SSL Intercept... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...

More information

vrealize Operations Manager Customization and Administration Guide

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.0.1 This document supports the version of each product listed and supports all subsequent versions until

More information

Oracle Fusion Middleware User s Guide for Oracle Approval Management for Microsoft Excel 11gRelease 1 (11.1.1.7.2)

Oracle Fusion Middleware User s Guide for Oracle Approval Management for Microsoft Excel 11gRelease 1 (11.1.1.7.2) Oracle Fusion Middleware User s Guide for Oracle Approval Management for Microsoft Excel 11gRelease 1 (11.1.1.7.2) July 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Disclaimer

More information

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec User Guide The software described in this book is

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

Advanced Service Design

Advanced Service Design vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

ADP Workforce Now Security Guide. Version 2.0-1

ADP Workforce Now Security Guide. Version 2.0-1 ADP Workforce Now Security Guide Version 2.0-1 ADP Trademarks The ADP logo, ADP, and ADP Workforce Now are registered trademarks of ADP, Inc. Third-Party Trademarks Microsoft, Windows, and Windows NT are

More information

Tutorial: BlackBerry Object API Application Development. Sybase Unwired Platform 2.2 SP04

Tutorial: BlackBerry Object API Application Development. Sybase Unwired Platform 2.2 SP04 Tutorial: BlackBerry Object API Application Development Sybase Unwired Platform 2.2 SP04 DOCUMENT ID: DC01214-01-0224-01 LAST REVISED: May 2013 Copyright 2013 by Sybase, Inc. All rights reserved. This

More information

Shavlik Patch for Microsoft System Center

Shavlik Patch for Microsoft System Center Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 2016 Shavlik. All rights reserved.

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

WhatsUpGold. v3.0. WhatsConnected User Guide

WhatsUpGold. v3.0. WhatsConnected User Guide WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected

More information

Configuration Information

Configuration Information This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,

More information

Release Notes for Websense Email Security v7.2

Release Notes for Websense Email Security v7.2 Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version

More information

Best Practice Configurations for OfficeScan (OSCE) 10.6

Best Practice Configurations for OfficeScan (OSCE) 10.6 Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches for OfficeScan, click here. Enable Smart Clients 1. Ensure that Officescan

More information

AvePoint SearchAll 3.0.2 for Microsoft Dynamics CRM

AvePoint SearchAll 3.0.2 for Microsoft Dynamics CRM AvePoint SearchAll 3.0.2 for Microsoft Dynamics CRM Installation and Configuration Guide Revision E Issued April 2014 1 Table of Contents Overview... 3 Before You Begin... 4 Supported and Unsupported Web

More information

Kaspersky Security Center 10 Getting Started

Kaspersky Security Center 10 Getting Started Kaspersky Security Center 10 Getting Started A P P L I C A T I O N V E R S I O N : 1 0 M A I N T E N A N C E R E L E A S E 1 Dear User, Thank you for choosing our product. We hope that this document will

More information

WatchDox for Windows User Guide. Version 3.9.0

WatchDox for Windows User Guide. Version 3.9.0 Version 3.9.0 Notice Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals or

More information

EMC Smarts Integration Guide

EMC Smarts Integration Guide vcenter Operations Manager Enterprise 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more

More information

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned

More information

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system

More information

Lumension Endpoint Management and Security Suite

Lumension Endpoint Management and Security Suite Lumension Endpoint Management and Security Suite Patch and Remediation Module Evaluation Guide July 2012 Version 1.1 Copyright 2009, Lumension L.E.M.S.S:LPR - Table of Contents Introduction... 3 Module

More information

HP Server Automation Enterprise Edition

HP Server Automation Enterprise Edition HP Server Automation Enterprise Edition Software Version: 10.0 User Guide: Server Patching Document Release Date: June 13, 2013 Software Release Date: June 2013 Legal Notices Warranty The only warranties

More information

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9) Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning

More information

Management Center. Installation and Upgrade Guide. Version 8 FR4

Management Center. Installation and Upgrade Guide. Version 8 FR4 Management Center Installation and Upgrade Guide Version 8 FR4 APPSENSE MANAGEMENT CENTER INSTALLATION AND UPGRADE GUIDE ii AppSense Limited, 2012 All rights reserved. part of this document may be produced

More information