Peter Dulay, CISSP Senior Architect, Security BU
|
|
- Eustacia Doyle
- 8 years ago
- Views:
Transcription
1 CA Enterprise Log Manager 12.5 Peter Dulay, CISSP Senior Architect, Security BU
2 Agenda ELM Overview ELM 12.5: What s new? ELM to CA Access Control/PUPM Integration CA CONFIDENTIAL - Internal Use Only
3 Overview
4 User Activity and Compliance reporting The Business Case The Problem: Are my controls working as expected? The Solution: User Activity & Compliance Reporting Collect & Normalize IT Activity Logs Generate Compliance Reports Verify Controls! Investigate Incidents Automate Proactive Alerting User Activity Log Management is a must! PCI, SOX, HIPAA, FISMA, NERC, SAS-70 mandate organizations to audit and report on IT and User Activity.
5 CA Enterprise Log Manager Product Overview Consolidate view across all log types and sources Normalize and classify logs to a common model Enrich queries & reports to show business relevance Collect logs from any source securely & reliably Provide Role-based access to each type of log record Archive logs securely for forensics investigations
6 Value-added CA IAM Integrations CA Enterprise Log Manager Solution Architecture Enterprise Ticketing System (e.g. CA Service Desk) CA Role & Compliance Manager User Activity Metrics for Access Certification Ticket ID Incidents CA Identity Manager Automated Response to Incidents CA DLP CA SiteMinder CA Process Automation Manager Context Incidents Systems & Applications CA Access Control Alerts Logs/Query Drill Down CA Enterprise Log Manager 120+ Supported 3 rd Party Log Sources Network Operations Centre (e.g. CA Spectrum IM) Operating System Hypervisors Database Web/App Server Application(s) Network Devices Physical or Virtual Environments
7 Distributed, Scalable Architecture...with centralized querying and reporting Distributed collection, centralized view Federated-search allows enterprisewide reporting across many distributed Log Managers Scalability needs are met by stacking or distributing Log Managers New York Log Manager Chicago Log Manager Privileged User Logins Across Enterprise Log Manager Federated Search Log Manager Log Manager Log Manager San Francisco London
8 Soft Appliance Model...with automatic product update Customer provided hardware from customer preferred vendor Lowest cost and highest support hardware model Install configures minimal, hardened OS plus ELM application and embedded log store Most reliable and most secure installation possible Insert disk to generating reports is less than one hour Fast! CA manages updates to application, OS, agents, and reporting packages via automatic update service Lowest cost maintenance model CA Update Server Updates Log Manager Chicago Log Manager San Francisco Automatic Update Service Application Updates Operating System Updates Reporting Packages New York Log Manager Updates Log Manager Log Manager Log Manager London
9 Out-of-Box Compliance Reporting...on enterprise IT activity Compliance Packs PCI, SOX, HIPAA, GLBA reports available outof-box FISMA, NIST, ISO, BASEL II reports via update service Report Categories Identity Mgmt Resource Access System Access Configuration Mgmt Host Security Network Security Operational Security System Operations
10 Multi-dimensional Analysis...with interactive drill-down & filtering Ad-hoc, multi-dimensional investigations Interactive reporting provides quick answers pressing questions Categorized views enables high levels of interaction with data Asset and identity groupings brings business relevance Drag-and-drop building of custom views/dashboards
11 Control Violation Alerting...for quick identification & remediation Violation Alerting Active notification when potential control violations is discovered in IT logs Examples Use of vendor default accounts Audit policy changes Reset of security logs Multiple failed resource access Membership additions to privileged groups
12 Agent-less Log Collection Simplifies & expedites deployment Agent-less collection from virtually all log sources No need to install remote agents for most log sources Syslog Tibco Remote File OPSEC LEA ODBC WinRM Windows Server WMI CA Enterprise Log Manager ELM Agent (Windows)
13 Optional Agent-based Log Collection...with centralized management & update Tiered collection for enhanced scalability Mid-tier agent can collect and filter prior to Log Manager High volume node can filter locally saving bandwidth Secure, reliable log collection Authenticated event sources Guaranteed log delivery Encrypted log transport Central Management Configurations New integrations Code updates Server Remote Agent Server Log Manager Remote Agent ODBC SNMP Syslog Remote Agent OPSEC WMI Remote File
14 Distributed Log Collection...with filtering at remote sites Primary Data Center Log Manager Log Transfer Distributed Query 25 EPS Log Manager Log Manager 25 EPS 5000 EPS 5000 EPS ELM Agent Server 100 EPS ELM Agent Server 100 EPS Remote Site 3 Remote Site 3 Remote Site 3
15 Any-Log Capability...for complete log collection and search Unstructured and custom log capture Logs from undefined and custom sources can now be collected without pre-processing or parsing Match feature finds the answer through volumes of raw events Parsing wizard enables key custom logs to be normalized and classified quickly Critical logs can now flow directly into out-of-box reports
16 A Sampling of the 400+ out-of-the-box Reports Identity Management Reports Account Management by Account Account Management by Host Account Management by Log Name Account Management by Action Account Creations by Account Account Creations by Host Account Creations by Business Critical Hosts Account Creations by Log Name Account Deletions by Account Account Deletions by Host Account Deletions by Log Name Password Changes by Account Password Changes by Host Password Changes by Log Name Group Management by Performer Group Management by Host Group Management by Log Name Group Management by Action Group Creation by Performer Group Creation by Host Group Creation by Log Name Group Deletion by Performer Group Deletion by Host Group Deletion by Log Name Group Membership Changes by Account Group Membership Changes by Group Group Membership Changes by Host Group Membership Changes by Log Name Resource Access Reports Resource Access by Account Resource Access by Host Resource Access by Log Name Resource Access by Action Resource Access by Resource Name Resource Access by Business Critical Hosts System Access Reports System Access by Account System Access by Host System Access by Log Name System Access by Action SU Access by Account System Access at Night by Account System Access on Weekends by Account System Access by Default Account System Access by Disabled Accounts System Access by Business Critical Hosts Network Security Reports Firewall Activity by Source Address Firewall Activity by Destination Address Firewall Activity by Source Port Firewall Activity by Destination Port Firewall Activity by Firewall Firewall Activity by Log Name Firewall Activity by Result Host Security Reports Virus Activity by Host Virus Activity by Virus Name Vulnerabilities by Host Vulnerabilities by Vulnerability Name Configuration Management Reports Configuration Audit Failures by Host Configuration Audit Failures by Audit Name Configuration Change by Host Configuration Change by Log Name Investigation Reports Investigate User by Category Investigate Host by Category Operational Security Reports System Startup/Shutdown by Host Security Log Cleared by Host SIM Operations Reports Collection Monitor by Log Manager Alert Monitor by Alert Name Alert Monitor by Host Check ELM Support page for the most current list:
17 A Sampling of the 100+ Supported Log Sources out-of-the-box Sources Categories Sources Categories Web Server/Application Server Example Security Management Systems/Antivirus Examples Virtualization Example Access Management Anti-X/Endpoint Protection Business Management/Enablement Certificate Management Compliance Management Content Management Databases Data Center Management Data Loss Prevention Data Transport Service Directory Firewall Identity Management Intrusion Detection and Prevention Systems Log Management Mail Server Network Device Network Management Network Services and Utilities Operating Systems Proxy Server Secure Application Gateway Security Management Systems Security Content Management Security Management Systems/Antivirust Service Assurance Manager Storage Management Unified Communications Unified Computing Virtualization Web Server/Application Server Wireless Access Point Apache Web Server Microsoft IIS McAfee Vulnerability Manager ISS Internet Scanner SunONE Web Server RedHat JBoss Application Server Oracle WebLogic Server McAfee epolicy Orchestrator Microsoft Forefront security Office Communications Server Microsoft Forefront for SharePoint Server Microsoft Office SharePoint Server Trend Micro Control Manager IBM Proventia Management Site Protector Microsoft Operations Manager Cisco Security Agent VMware ESX Server VMware ESXi MS Hyper-V Microsoft System Center Virtual Machine Manager VMWare vcenter Server Citrix XenApp Citrix Xen Server Check ELM Certification Matrix for the most current list:
18 ELM 12.5 What s New? Note: ELM 12.5 went GA in Dec 10
19 CA ELM 12.5 Key Features Marquee Use Case Customer Needs Features Log Correlation Incident Tracking Detect risky behavior and suspicious actions through complex patterns of IT activity logs in near realtime. Advanced pattern matching log correlation engine 200+ unique, out-of-box correlation rules Intuitive log correlation rule interface to customize existing rules or define new rules Enhanced incident management interface with help desk and event management integration Minor features: Feature Type Details Data Integrity & Tamper Detection Hierarchical Tagging of Reports & Queries New Feature Enhancement Digitally sign event logs for tamper-proofing Tamper Detection to find changes made to logs Arrange reports in a hierarchical manner such that the control objectives are arranged within the respective Regulation with reports mapped to those objectives
20 Log Correlation Overview Supported Rule Templates: Simple Rule Counting Rule State Transition Rule Correlation Content: 200+ correlation rules supporting needs around: Compliance Threat Management Infrastructure Management Ease to create new or modify existing rules. Rule test Out-of-the-box Correlation Content
21 Log Correlation Sample Correlation Use Cases Failed Logins: Multiple failed logins from the same user account (or identity) to any host or application that has been followed by a successful login to that host or application within a specified time period Failed Resource Access: Multiple failed resource access attempts from the same user account (or identity) on any set of resources within a specified time period Privilege Escalation & Misuse: A user account (or identity) was first added to privileged group, and then that same user account (or identity) experienced a failed login attempt within a specified time period SoD: A user account (or identity) who submitted a certain purchase order was also the same user (or identity) that approved that same purchase order. Rogue Users: A user account was created on an identity-managed system but outside of the IAM (user provisioning) framework. This can be detected by failing to correlate the account creation log generated by the managed system with the account creation log on the user provisioning system. Network Security: Multiple dropped firewall events from the same source IP address to any destination IP address occurred within a specified time period, followed by an accept by firewall.
22 Incident Tracking Overview Incident Management: Incident notification templates Easy to update & merge incidents Incident Notification Methods: Create Helpdesk Tickets Send Generate SNMP traps (v2 & v3) Execute Business Process Incident Dashboard: Out-of-the-box dashboards Easy to customize See Incident History Priority, Status, Description, Remediation can be changed and saved.
23 Incident Tracking Standard controls to view/edit incident details View a list of all incidents, Update/Merge/Close Incidents View a list of event related to a given incident
24 Data Integrity Overview Digital Signature: Digitally sign log data using industry standard hash algorithm SHA-256. Tamper Detection: Detect tamper to log data by validating event log databases to prove that no tampering has occurred. ELM 12.5 supports the following methods to validate archives: Validate Now: On demand method to allow user to run validation test on log data on a given ELM server node in the federation Scheduled job: A scheduled job to run periodically to check for tampering of log data and notify user if tampering is detected Log Archive Import: Validate log data integrity when log archives are imported on ELM Server from an external storage system or another ELM Server.
25 Compliance Dashboards ELM provides a high Level activity compliance summary dashboard for PCI, SOX, HIPPA, etc.
26 Miscellaneous Enhancements Hierarchical Report Tags ELM 12.5 provides color-coded dials that can be used in dashboards & reports
27 Upgrade Strategy ELM customers can seamlessly upgrade to CA ELM r12.5. Following upgrade paths are supported: ELM 12.0 SP3 ELM 12.5 ELM 12.1 ELM 12.5 Product upgrade via subscription service is done directly from product Web UI and NO professional service engagement is required. Progress bar showing upgrade progress in real time for each component
28 CA Access Control/PUPM Integration - Overview - Use case - Screenshots
29 Integration Overview Integration Highlights Out-of-the-Box Content for CA Access Control (62 Reports, 211 Queries) View ELM Reports from AC UI (available AC r12.5+) User Session Tracking Effective User ID Monitoring High volume, scalable log collection (5000 events/sec sustained per ELM Server) Primary Method of Collection: Version Method of Collection Value CA Access Control r12 SP1+ Tibco log sensor Scalable Agentless Collection that is easy to configure. (Takes 10 min to configure ELM log collection for 100 AC end points) Backward Compatibility to enable AC r8 migration to new AC releases (r12 SP1+) Version Method of Collection Value CA Access Control R8.0 SP1, r12 CA Access Control R8.0 SP1, r12 Selogrd log sensor Audit irecorder Migrate AC UNIX customers using selogrd-selogrcd for collecting AC logs over to ELM agentlessly. Backward compatibility to enable Windows AC end points to send logs to ELM Server directly.
30 AC-ELM Integration Architecture Security Administrator Manage Policies Policy Reports Privileged Account Management Access Policy Deployment Policy Reports Access Request CA Access Control Enterprise Manager IT User Audit Reports Access Filtering Policy Agent-based Log Collection Agent-less Log Collection CA Enterprise Log Manager Active Directory Enterprise LDAP Database Web Server Router Switch Storage App server Custom Application Database Web Server Storage App server Custom Application Virtualization Linux Unix Windows
31 Key Use Cases Access Control Generate user activity reports mapped to specific compliance requirement Report on shared account activity by mapping shared account activity to specific user Report on end-to-end user sessions Report on Keyboard logs Report and investigate user activity from AC UI PUPM (specific) Report of user activity performed by target system between password checkout and checkin.
32 Access Control Reports
33 thank you
LogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationLogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.
LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationHow To Manage A Virtual Data Center With Cisco Unix And Cca Security And Security (Cisco) Software (Cpan)
TECHNOLOGY BRIEF Securing the Unified Virtual Data Center with CA Technologies and Cisco Solutions May 2010 securing the unified virtual data center with CA Technologies and Cisco solutions Alok Ojha and
More informationSymantec Security Information Manager 4.7.4 Administrator Guide
Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement
More informationManageEngine (division of ZOHO Corporation) www.manageengine.com. Infrastructure Management Solution (IMS)
ManageEngine (division of ZOHO Corporation) www.manageengine.com Infrastructure Management Solution (IMS) Contents Primer on IM (Infrastructure Management)... 3 What is Infrastructure Management?... 3
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationCorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014
CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014 Agenda 1. About CorreLog 2. Log Management vs. SIEM 3. The
More informationEnforcive / Enterprise Security
TM Enforcive / Enterprise Security End to End Security and Compliance Management for the IBM i Enterprise Enforcive / Enterprise Security is the single most comprehensive and easy to use security and compliance
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationComprehensive Monitoring of VMware vsphere ESX & ESXi Environments
Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments Table of Contents Overview...3 Monitoring VMware vsphere ESX & ESXi Virtual Environment...4 Monitoring using Hypervisor Integration...5
More informationEoin Thornton Senior Security Architect Zinopy Security Ltd.
RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationHow To Protect Your Virtual Infrastructure From Attack From A Cyber Threat
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security
More informationCA Virtual Assurance/ Systems Performance for IM r12 DACHSUG 2011
CA Virtual Assurance/ Systems Performance for IM r12 DACHSUG 2011 Happy Birthday Spectrum! On this day, exactly 20 years ago (4/15/1991) Spectrum was officially considered meant - 2 CA Virtual Assurance
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationJuniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy
Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy Customer Challenges Dispersed Threats IT Overload IT information overload Flood of logged events from many point network
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationMcAfee Security Information Event Management (SIEM) Administration Course 101
McAfee Security Information Event Management (SIEM) Administration Course 101 Intel Security Education Services Administration Course The McAfee SIEM Administration course from McAfee Education Services
More informationVMware Integrated Partner Solutions for Networking and Security
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security Networking and Security are complex, dynamic areas, and VMware recognizes
More informationSecurity Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success
Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success Copyright 2008 EMC Corporation. All rights reserved.
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationGovernment of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM)
Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM) Date: July 12, 2012 TABLE OF CONTENTS 1 SECURITY INFORMATION AND EVENT
More informationSOFTNIX LOGGER Centralized Logs Management
SOFTNIX LOGGER Centralized Logs Management STANDARD, RELIABLE, SECURITY Softnix Logger Our goal is not only regulate data follow by cyber law but also focus on the most significant such as to storage data
More informationServer & Application Monitor
Server & Application Monitor agentless application & server monitoring SolarWinds Server & Application Monitor provides predictive insight to pinpoint app performance issues. This product contains a rich
More informationCA Enterprise Log Manager
CA Enterprise Log Manager Overview Guide r12.1 SP1 This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationManaged Services OVERVIEW
Managed Services OVERVIEW overview 24/7 Support Services Tailored for large and small businesses MANAGED SERVICES 3 MONITORING AND ALERTING SERVICE 4 SUMMARY 4 DESCRIPTION 4 MONITORING 4 ALERTING 4 RESPONSIBILITY
More informationGMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management
GMI CLOUD SERVICES Deployment, Migration, Security, Management SOLUTION OVERVIEW BUSINESS SERVICES CLOUD MIGRATION Founded in 1983, General Microsystems Inc. (GMI) is a holistic provider of product and
More informationNetwork Configuration Manager
Network Configuration Manager AUTOMATED NETWORK CONFIGURATION & CHANGE MANAGEMENT Download a free product trial and start in minutes. SolarWinds Network Configuration Manager (NCM) simplifies managing
More informationIntro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security
More informationMonitorIT Overview July 2012
Contents Product Overview.3 I. End-to-End Performance Monitoring and Reporting II. Virtual Environment Monitoring III. Virtual Desktop Infrastructure Monitoring IV. Application Monitoring V. Physical Server
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationAn Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009
An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success September, 2009 Changing Threats and More Demanding Regulations External attacks Malicious insiders
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationsimplify monitoring Environment Prerequisites for Installation Simplify Monitoring 11.4 (v11.4) Document Date: January 2015 www.tricerat.
simplify monitoring Environment Prerequisites for Installation Simplify Monitoring 11.4 (v11.4) Document Date: January 2015 www.tricerat.com Legal Notices Simplify Monitoring s Configuration for Citrix
More informationOpManager MSP Edition
OpManager MSP Edition Product Overview (6.5) June 2007 Agenda MSP Edition Architecture And Features About OpManager MSP Demo (https://mspdemo.opmanager.com) MSP Edition Architecture And Features Scalable
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationSolarWinds Log & Event Manager
Corona Technical Services SolarWinds Log & Event Manager Training Project/Implementation Outline James Kluza 14 Table of Contents Overview... 3 Example Project Schedule... 3 Pre-engagement Checklist...
More informationBest of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye
Best of Breed of an ITIL based IT Monitoring The System Management strategy of NetEye by Georg Kostner 5/11/2012 1 IT Services and IT Service Management IT Services means provisioning of added value for
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationWhere can I install GFI EventsManager on my network?
Installation Introduction Where can I install GFI EventsManager on my network? GFI EventsManager can be installed on any computer which meets the minimum system requirements irrespective of the location
More informationInstalling and Administering VMware vsphere Update Manager
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationSapphireIMS 4.0 BSM Feature Specification
SapphireIMS 4.0 BSM Feature Specification v1.4 All rights reserved. COPYRIGHT NOTICE AND DISCLAIMER No parts of this document may be reproduced in any form without the express written permission of Tecknodreams
More informationGFI Product Manual. Administrator Guide
GFI Product Manual Administrator Guide The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind, either express or implied,
More informationGFI Product Manual. Administrator Guide
GFI Product Manual Administrator Guide The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind, either express or implied,
More informationAdopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures
Whitesheet Navigate Your Way to Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an American federal law that requires organizations that handle personal health information
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationWHITEPAPER. PHD Virtual Monitor: Unmatched Value. of your finances. Unmatched Value for Your Virtual World WWW.PHDVIRTUAL.COM
WHITEPAPER PHD Virtual Monitor: Taking control of your finances. Unmatched Value Unmatched Value for Your Virtual World WWW.PHDVIRTUAL.COM PHD Virtual Monitor: Unmatched Value PHD Virtual Monitor VMTurbo
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationWhitepaper. Business Service monitoring approach
Whitepaper on Business Service monitoring approach - Harish Jadhav Page 1 of 15 Copyright Copyright 2013 Tecknodreams Software Consulting Pvt. Ltd. All Rights Reserved. Restricted Rights Legend This document
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationAssuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices
The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationBecoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013
Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information
More informationSapphireIMS Business Service Monitoring Feature Specification
SapphireIMS Business Service Monitoring Feature Specification All rights reserved. COPYRIGHT NOTICE AND DISCLAIMER No parts of this document may be reproduced in any form without the express written permission
More informationHP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet
Data sheet HP Intelligent Management Center Enterprise Software Platform Key features Highly flexible and scalable deployment options Powerful administration control Rich resource management Detailed performance
More informationALERT LOGIC LOG MANAGER & LOGREVIEW
SOLUTION OVERVIEW: ALERT LOGIC LOG MANAGER & LOGREVIEW CLOUD-POWERED LOG MANAGEMENT AS A SERVICE Simplify Security and Compliance Across All Your IT Assets. Log management is an infrastructure management
More informationConsolidated Monitoring, Analysis, and Automated Remediation For Hybrid IT Infrastructures
Consolidated Monitoring, Analysis, and Automated Remediation For Hybrid IT Infrastructures Goliath Performance Monitor Quick Start Configuration Guide v11.5 (v11.5) Document Date: April 2015 www.goliathtechnologies.com
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationSecospace elog. Secospace elog
Secospace elog Product Overview With the development of networks, security events continually occur on hosts, databases, and Web servers. These range from Trojans, worms, and SQL injections, to Web page
More informationVPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink rvandenbrink@metafore.ca
VPNSCAN: Extending the Audit and Compliance Perimeter Rob VandenBrink rvandenbrink@metafore.ca Business Issue Most clients have a remote access or other governing policy that has one or more common restrictions
More informationTIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage
TIBCO LogLogic HIPAA Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationCyber Security RFP Template
About this document This RFP template was created to help IT security personnel make an informed decision when choosing a cyber security solution. In this template you will find categories for initial
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationWHITE PAPER OCTOBER 2014. CA Unified Infrastructure Management: Solution Architecture
WHITE PAPER OCTOBER 2014 CA Unified Infrastructure Management: Solution Architecture 2 WHITE PAPER: CA UNIFIED INFRASTRUCTURE MANAGEMENT: SOLUTION ARCHITECTURE ca.com Table of Contents Introduction 3 The
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationNetwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure
Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social 01 Product Overview Netwrix Auditor
More informationSolarWinds Network Performance Monitor
SolarWinds Network Performance Monitor powerful network fault & availabilty management Fully Functional for 30 Days SolarWinds Network Performance Monitor (NPM) makes it easy to quickly detect, diagnose,
More informationEnforcive /Cross-Platform Audit
Enforcive /Cross-Platform Audit Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA)
More informationDeveloping Value from Oracle s Audit Vault For Auditors and IT Security Professionals
Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals November 13, 2014 Michael Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer
More informationProactive Network Performance Monitoring
Proactive Network Performance Monitoring No other tool is as flexible and robust as Goliath Performance Monitor We have been using Goliath Performance Monitor for many years. We have looked at other tools
More informationService Offerings. Ensuring IT Resources are available, reliable, scalable & manageable always.
Service Offerings Ensuring IT Resources are available, reliable, scalable & manageable always. SNICare has divided its end-to-end offering into three main segments which covers all the aspects of the IT
More informationMonthly Fee Per Server 75/month 295/month 395/month Monthly Fee Per Desktop/Notebook/ 15/month 45/month 55/month
SERVICE COVERAGE AND FEE SCHEDULE Base Package Fees Monthly Fee Per Server 75/month 295/month 395/month Monthly Fee Per Desktop/Notebook/ 15/month 45/month 55/month Live Desk Services Live Desk Telephone
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationGFI Product Manual. Deployment Guide
GFI Product Manual Deployment Guide http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of
More informationVULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM
VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM 2 REDUCE COSTS. IMPROVE EFFICIENCY. MANAGE RISK. MaxPatrol from Positive Technologies provides visibility and control of security compliance across your entire
More informationSystem Management. 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
System Management Jonathan Cyr System Management Product Line Manager Udi Shagal Product Manager SiteScope Sudhindra d Tl Technical Lead Performance Manager 2010 Hewlett-Packard Development Company, L.P.
More informationGoliath Performance Monitor Prerequisites v11.6
v11.6 Are You Ready to Install? Use our pre-installation checklist below to make sure all items are in place before beginning the installation process. For further explanation, please read the official
More informationRES ONE Automation 2015 Task Overview
RES ONE Automation 2015 Task Overview Task Overview RES ONE Automation 2015 Configuration Tasks The library Configuration contains Tasks that relate to the configuration of a computer, such as applying
More informationThis document contains the following topics:
Release Notification BMC Discovery Solution Version 8.1.00 December 18, 2009 This document describes the products and components contained in version 8.1.00 of BMC Discovery Solution. If you have any questions,
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationNavigate Your Way to PCI DSS Compliance
Whitepaper Navigate Your Way to PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) is a series of IT security standards that credit card companies must employ to protect cardholder
More informationRequired Software Product List
Symantec ($3.2 million, 35% weight) AdVantage AdvisorMail AntiVirus (Endpoint Protection) AntiVirus Enterprise Edition App Center Application HA Asset Management Suite Backup Exec Certificate Intelligence
More informationSubject: Request for Information (RFI) Franchise Tax Board (FTB) Security Information and Event Management (SIEM) Project.
chair John Chiang member Jerome E. Horton member Ana J. Matosantos August 27, 2012 To: Potential Vendors Subject: Request for Information (RFI) Franchise Tax Board (FTB) Security Information and Event
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationmbits Network Operations Centrec
mbits Network Operations Centrec The mbits Network Operations Centre (NOC) is co-located and fully operationally integrated with the mbits Service Desk. The NOC is staffed by fulltime mbits employees,
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationFUNCTIONAL OVERVIEW www.amdosoft.com
Business Process Protectors Business Service Management Active Error Identification Event Driven Automation Error Handling and Escalation Intelligent Notification Process Reporting IT Management Business
More informationReview: McAfee Vulnerability Manager
Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010 Threats and vulnerabilities are a way of life for IT admins.
More informationEMC Data Protection Advisor 6.0
White Paper EMC Data Protection Advisor 6.0 Abstract EMC Data Protection Advisor provides a comprehensive set of features to reduce the complexity of managing data protection environments, improve compliance
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More information