GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide. EnCase Cybersecurity. Complement Guide
|
|
- Mitchell Craig
- 8 years ago
- Views:
Transcription
1 GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide EnCase Cybersecurity Complement Guide
2 GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide To truly secure an enterprise, a comprehensive approach to network security requires a defense-in-depth approach; multiple layers of defense placed throughout the network to address potential vulnerabilities and to monitor major ingress and egress points. Each of the security components, or processes, feeds reactive intelligence to the other components/processes. The result is continuous updating to the enterprise security posture and a defense in depth strategy. In addition to self-contained malware identification, audit, response and data preservation capabilities, EnCase Cybersecurity adds value to other security technologies through its ability to audit information on endpoint devices and provide meaningful response capabilities to a comprehensive network security plan. This document provides insight into the products and solutions that contribute to a comprehensive approach to network security, and how EnCase Cybersecurity software adds value to existing security investments and initiatives. This document answers the following questions: In what areas can EnCase Cybersecurity complement existing investments in enterprise security? What products (by name) does EnCase Cybersecurity complement? There are an overwhelming number of products on the market today that solve one or more security processes in some way. Therefore, this document references only those solutions typically associated by the industry and vendor specification, for each respective section.
3 Block/ Quarantine These technologies are designed to actively block or take corrective action against known bad or sensitive data based on pre-defined rules and criteria (firewalls, AV, DLP, IPS, NAC) or passively prevent the reading of sensitive data (encryption). AV scanners generally also contain a response component in the form of user notification and removal of the binary that was a known piece of malware. Enterprise Firewalls Intrusion Prevention Systems (IPS) Enterprise Antivirus Fortinet Check Point Juniper Endpoint Protection Cisco ASA 5500 McAfee Network Security Platform TippingPoint IPS Endpoint Protection NitroGuard IPS Sourcefire McAfee VirusScan Enterprise Endpoint Protection Trend Micro OfficeScan Sophos Kaspersky Anti- Virus A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria. EnCase Cybersecurity can be used to audit firewall policies by scanning the network endpoints for sensitive or malicious data that should be blocked by the firewall. An Intrusion prevention system (IPS) is a network security device that monitors network and/ or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. EnCase Cybersecurity can determine if unknown threats have successfully averted the defenses of an intrusion prevention system and verify whether the responses of an IPS have been successful in protecting a targeted host. This is accomplished via a connection (either direct or through a SIM) to the IPS, allowing EnCase to collect information from the affected machine at the time the alert is generated and to perform subsequent scans to ensure the malicious data was in fact blocked. Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. EnCase Cybersecurity is able to find and remediate both rootkits and covert malware, such as iterations of polymorphic malware. Operating at the kernel level, the software can identify data the operating system is blind to and is able to destroy hidden processes and hooks used by rootkits and other types of covert malware. It complements existing antivirus and malware protection systems by identifying and remediating covert processes that signaturebased detection tools are ill-equipped to address. EnCase Cybersecurity Entropy Near Match Analysis, application descriptors, hash sets, machine profiles and Snapshot technology enable an enterprise to quickly identify and remediate malicious code not yet detectable by antivirus solutions nor ranked by reputational methods of detecting suspicious data. These zero-day exploits and worms commonly slide under the detection of antivirus systems because they do not match known signatures. EnCase complements existing antivirus software by providing a means to quickly identify these covert threats, their scope and source and remediate machines that have been compromised. After determining that a security event took place, EnCase Cybersecurity can analyze computers across an enterprise to find other machines compromised by worms, zero-day exploits or trojans that share any similarity with an identified piece of malware through Entropy Near Match Analysis. This technology can also be used to find iterations of polymorphic malware if a single iteration has been identified.
4 GUIDANCE SOFTWARE Continued Block/ Quarantine Network Access Control Data Loss Prevention and Content Scanners Encryption File, Disk & Cisco Juniper Websense McAfee SmartFilter RSA/EMC VERICEPT Verdasys Varonis PGP Disk PC Guardian Encryption+ PGP mail EFS BestCrypt Utimaco BitLocker Drive Encryption WinMagic Network Access Control (NAC) tools use a set of protocols to define and implement a policy that describes how to secure access to a network by devices when they initially attempt to access the network. When a computer connects to the network, it is not permitted to access anything unless it complies with a set standard, including anti-virus protection level, system update level and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the standard is met, the computer is able to access network resources and the Internet, within the policies defined within the NAC system. EnCase Cybersecurity can be used to in conjunction with NAC technology to detect if any malware has been introduced to a computer via USB or other local means before allowing a computer to computer to connect to the network, as NAC technology has no visibility into risk presented by unstructured data. EnCase Cybersecurity can automatically verify not only the integrity of static files on a system, but also the running processes on that system. It can gather additional information apart from configuration settings such as data from the registry, file system and network settings to identify if a machine s integrity has been compromised. Content Scanners and Data Loss Prevention (DLP) tools identify, monitor, and protect data in use (e.g., endpoint actions) and data in motion (e.g., network actions), through deep content inspection and with a centralized management framework. The systems are designed to detect and prevent the unauthorized use and transmission of confidential information. Once an event has been identified by one of these systems, EnCase Cybersecurity can analyze the user s machine, providing crucial information (Internet history, Web cache, keyword search) to validate whether a policy violation took place. EnCase Cybersecurity can be used to scan network endpoints for sensitive or unauthorized data, complementing technologies that specialize in the analysis of data in motion. Once sensitive or unauthorized data is identified that poses a risk to the organization, EnCase Cybersecurity is able to remotely collect and wipe that data, mitigating the risk that the data could be compromised from that endpoint. EnCase Cybersecurity can be used to audit DLP technology policies by scanning the network endpoints for data that should be blocked by the DLP. In addition, EnCase Cybersecurity can ensure a clean house in advance of implementing data-in-motion DLP to reduce the chance of an employee having sensitive business data to begin with. Subsequent audits ensure the data-in-motion DLP is configured properly. Encryption technologies transform information (referred to as plaintext) using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. EnCase Cybersecurity allows security analysts to determine whether encrypted data exists on computers in the enterprise that could be a violation of corporate policy. As encryption technologies are also used by malicious entities to hide information and tools that could be used for unauthorized activities, EnCase Cybersecurity lets you analyze encrypted data on both stand-alone and domain-authenticated systems through partnerships with several leading encryption providers. EnCase Cybersecurity lets security analysts view and analyze mounted encrypted volumes as logical drives if opened by the suspect during the time of investigation. EnCase Cybersecurity validates encryption is working by verifying the randomness of the allegedly encrypted file(s).
5 Alert Alerting technologies either scan network traffic for malicious activity and policy violations using pre-defined criteria or scan endpoint configuration settings to detect anomalies. Some detection technologies gather and correlate alerts from point solutions to reduce false positives and triage suspected network intrusions based on the alerts grabbed from other detection technologies. Other technologies are primarily used to keep track of past threats and the actions that were taken to correct those threats. Intrusion Detection Systems (IDS) Vulnerability assessment and management Network Intrusion Detection Systems (NIDS) Snort IBM ISS TippingPoint Host-based Intrusion Detection Systems (HIDS) Zone Alarm Cisco CSA Host IDS BigFix Sourcefire N-Stalker Web Application 2009 Tenable Nessus Proventia Network Enterprise Scanner Retina SAINT An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic EnCase Cybersecurity can be used to respond to events through an automated process, or to respond manually. It can be integrated with an existing IDS solution for an automated, real-time incident response process, known as a Snapshot, which is triggered when an alert is received. Immediate analysis from the source and target machine reveal details of known, unknown and hidden processes, TCP network socket information, open files, device drivers, services and more - revealing whether machines have been compromised and virtually eliminating false positives. Subsequent automated Snapshots are triggered shortly after the event to show attack results in times slices, so you know whether the event actually occurred, and if so, its impact and origin. You can also use the same Snapshot capability to quickly isolate and respond to security incidents manually. After confirming that a security event took place, EnCase Cybersecurity can be used to analyze computers across your entire enterprise to find other machines compromised by the same or similar worm, zero-day exploit or trojan. Vulnerability scanners and vulnerability assessment tools are designed to actively search for and map systems for weaknesses in an application, computer or network. Typically these technologies scan and look for active IP addresses, open ports, open shares, unused user accounts, running operating systems, running applications, etc. to identify and report on potential vulnerabilities discovered based on canned criteria and vulnerability tests. Some scanners can also remotely deploy missing patches and service packs. Some specific application scanners, such as web application security scanners, can detect vulnerabilities by actually performing common attacks. Before or after performing application vulnerability scans, EnCase Cybersecurity can be used to verify common library files that applications depend on are not feeding misinformation to the application and ultimately the application scanner. An example of this is using EnCase Cybersecurity to verify DLLs that are relied upon by various applications to execute and run are known good DLLs and not DLLs injected with malicious data. EnCase Cybersecurity assesses from a host point of view as opposed to a network point of view to audit for unauthorized or malicious programs running or unauthorized communications taking place. It also allows the user to identify unknown or hidden programs that may be zero-day exploits. As network vulnerability scanners rely on the endpoint (host) response to identify running services, applications and configuration settings, this information can be misleading or incorrect if the machine is compromised.
6 GUIDANCE SOFTWARE Continued Alert Configuration Management and Assessment Tools Security Information Management Tools (SIM) TripWire SolarWinds Orion NCM Novell Arcsight Security Information Manager NetIQ Security Manager NetForensics Intellitactics LogLogic Configurations Management and Assessment Tools enable the process of identifying and defining the Configuration Items in a system (such as registry settings), recording and reporting the status of Configuration Items and Requests For Change, and verifying the completeness and correctness of Configuration Items. EnCase Cybersecurity can automatically verify not only the integrity of static files on a system, but also the running processes on that system. It can gather additional information apart from configuration settings such as data from the registry, file system and network settings to identify if a machine s integrity has been compromised. EnCase Cybersecurity can be configured to audit against configuration settings unique to any given organization as defined by an XML database in an automated fashion. Security information management (SIM) is the industry-specific term in computer security referring to the collection of data from disparate security technologies, network tiers, and event logs turning security data into prioritized, actionable information for trend analysis. SIM products generally comprise software agents running on the computers that are to be monitored, communicating with a centralized server acting as a security console, sending it information about security-related events, which displays reports, charts, and graphs of that information, often in real time. EnCase Cybersecurity can be used to respond to various types of alerts and validate whether a security event actually happened. Although the SIM tool does advanced correlation across many systems to generate the alert, it still does not validate from the target host perspective whether an event did take place and the extent of the compromise. EnCase Cybersecurity enables you to take that final response step after an event has been identified by accepting alerts generated by SIM tools and automatically taking a Snapshot of the affected systems volatile data at the moment the alert is generated and subsequent Snapshots to see how the machine state changes over time from that point. If a malicious process is detected, EnCase Cybersecurity can be used to return that machine to a trusted state, and to sweep the rest of the network for the same or similar threat that set off the original alert. EnCase Cybersecurity can be used to schedule regular scans against past threats to not only ensure the same threat isn t reintroduced to the network, but also to ensure no threats similar to past threats are introduced into the network.
7 Audit & Response EnCase Cybersecurity allows an organization to take definitive action against incidents identified by alerting technologies and against sensitive data that is identified in unauthorized locations. EnCase Cybersecurity can also identify and respond to malware or policy violations that slip past blocking and alerting technologies. Audit, Response and Recovery EnCase Cybersecurity EnCase Cybersecurity complements and augments existing information security tools that aim either to block or quarantine data such as firewalls, intrusion prevention systems, antivirus, or data loss prevention tools or that trigger or correlate alerts, such as intrusion detection systems, configuration management, or SIM and SIEM tools. EnCase Cybersecurity provides: The ability to identify and analyze undiscovered threats, such as polymorphic or metamorphic malware, packed files, and other advanced hacking techniques that evade traditional network- or host-based defenses. Powerful investigative capabilities so that an organization can search across its network for sensitive or confidential data, such as credit card numbers, account numbers, or intellectual property Risk mitigation by wiping sensitive or confidential data from unauthorized locations, and removing malware and malware artifacts from hard drives, RAM, and the Windows Registry on laptops, desktops, and servers Visibility into endpoint risk, leveraging disk-level forensic access of data on endpoints, with the ability to compare endpoints against a trusted baseline and/or an included hash database (both whitelist and blacklist) EnCase Cybersecurity Complements and Augments both and Reactive Security Technologies Proactive Block/Quarantine Audit Firewall Fortinet Check Point Juniper Capabilities: Rule based, this first line defense blocks unauthorized access Limitations: Phishing and common web site attacks easily circumvent; no help vs. insider threat IPS TippingPoint McAfee Sourcefire Capabilities: Blocks data associated with known attack methods Limitations: Morphing threats evade this signature-based tech AV McAfee Trend Micro Capabilities: Identifies and blocks known malware Limitations: Cannot detect or block unknown malware; is signature-based NAC Cisco Juniper Capabilities: prevents access to network unless user meets pre-defined criteria Limitations: Cannot protect against malware introduced via USB or optical drive; no visibility into unstructured data DLP Websense RSA/EMC Capabilities: IDs pre-defined content; alerts (claims blocking) Limitations: Requires complex policies that are easily circumvented; rarely used to block Encryption Ultimaco WinMagic PGP Capabilities: May stop unauthorized users from accessing data Limitations: Can be used to hide data; disk-based encryption does not protect running systems Triage suspicious or sensitive data Identify internal/ external threats Collect IP/PII Wipe IP/PII Remediate malicious data Reactive Alert Response IDS IBM ISS Snort TippingPoint Capabilities: Alert on data associated with known attack methods Limitations: Morphing threats evade this signature-based tech; cannot respond to alerts effectively VA/VM BigFix Sourcefire Tenable Capabilities: Alert on known application or network specific vulnerabilities Limitations: Cannot detect unknown vulnerabilities (application or network configuration); cannot respond to alerts effectively Config. Mgmt. TripWire SolarWinds Novell Capabilities: Alert on OS and network device settings that are not configured properly Limitations: Has no visibility into unstructured data; cannot respond to alerts effectively SEIM/SIM ArcSight RSA Cisco Capabilities: Correlate data from a variety of alerting technologies Limitations: Cannot collect data or respond to alerts effectively Alert response Triage suspicious data Identify threats Analyze risk Remediate malicious code
8 Our Customers Guidance Software s customers are corporations and government agencies in a wide variety of industries, such as financial and insurance services, technology, defense contracting, pharmaceutical, manufacturing and retail. Our EnCase customer base includes more than 100 of the Fortune 500 and over half of the 50, including: Allstate, Chevron, Ford, General Electric, Honeywell, Mattel, Northrop Grumman, Pfizer, UnitedHealth Group, Viacom and Wachovia. About Guidance Software (GUID) Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase platform provides the foundation for government, corporate and law enforcement organizations to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as responding to ediscovery requests, conducting internal investigations, responding to regulatory inquiries or performing data and compliance auditing - all while maintaining the integrity of the data. There are more than 35,000 licensed users of the EnCase technology worldwide, and thousands attend Guidance Software s renowned training programs annually. Validated by numerous courts, corporate legal departments, government agencies and law enforcement organizations worldwide, EnCase has been honored with industry awards and recognition from eweek, SC Magazine, Network Computing, and the Socha-Gelbmann survey. For more information about Guidance Software, visit Guidance Software, Inc. All Rights Reserved. EnCase and Guidance Software are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners. ECS BR
EnCase Cybersecurity. Network-enabled Incident Response and Endpoint Data Control through Cyberforensics. GUIDANCE SOFTWARE EnCase Cybersecurity
GUIDANCE SOFTWARE EnCase Cybersecurity EnCase Cybersecurity Network-enabled Incident Response and Endpoint Data Control through Cyberforensics Supplied and supported in the UK and Ireland by Phoenix Datacom
More informationEnCase Enterprise For Corporations
TM GUIDANCE SOFTWARE EnCASE ENTERPRISE EnCase Enterprise For Corporations An Enterprise Software Platform Allowing Complete Visibility Across your Network for Internal Investigations, Network Security,
More informationEnCase Analytics Product Overview
GUIDANCE SOFTWARE EnCase Analytics EnCase Analytics Product Overview Security Intelligence through Endpoint Analytics GUIDANCE SOFTWARE EnCase Analytics EnCase Analytics Key Benefits Find unknown and undiscovered
More informationEnCase Endpoint Security Product Overview
GUIDANCE SOFTWARE EnCase Endpoint Security EnCase Endpoint Security Product Overview Detect Sooner. Respond Faster. Recover Effectively. GUIDANCE SOFTWARE EnCase Endpoint Security EnCase Endpoint Security
More informationGUIDANCE SOFTWARE EnCase Portable. EnCase Portable. A Data Collection and Triage Solution that Anyone can Use
GUIDANCE SOFTWARE EnCase Portable EnCase Portable A Data Collection and Triage Solution that Anyone can Use TM GUIDANCE SOFTWARE EnCase Portable EnCase Portable Who Can Use EnCase Portable Police Officers
More informationEnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection
GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationGuidance Software Whitepaper. Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity
Guidance Software Whitepaper Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity 60% [of organizations] plan to automate incident remediation within 24 months
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationEnCase Cybersecurity In Action
GUIDANCE SOFTWARE EnCase Cybersecurity In Action EnCase Cybersecurity In Action EnCase Cybersecurity has transformed the way enterprises expose, analyze, and respond to advanced endpoint threats and errant
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationGuidance Software Whitepaper. Best Practices for Integration and Incident Response Automation Using EnCase Endpoint Security
Guidance Software Whitepaper Best Practices for Integration and Incident Response Automation Using EnCase Endpoint Security 60% [of organizations] plan to automate incident remediation within 24 months
More informationSECURITY BEGINS AT THE ENDPOINT
SECURITY BEGINS AT THE ENDPOINT ENCASE ENDPOINT SECURITY In 2008, Guidance Software released its first endpoint security solution, EnCase Cybersecurity, leveraging the enterprise-proven EnCase platform
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationGuidance Software Whitepaper. Point-of-Sale Systems Endpoint Malware Detection and Remediation
Guidance Software Whitepaper Point-of-Sale Systems Endpoint Malware Detection and Remediation Executive Summary Point-of-Sale (POS) device vulnerabilities and fraud at storefront and retail sites have
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationEnCase ediscovery. Automatically search, identify, collect, preserve, and process electronically stored information across the network.
TM GUIDANCE SOFTWARE EnCASE ediscovery EnCase ediscovery Automatically search, identify, collect, preserve, and process electronically stored information across the network. GUIDANCE SOFTWARE EnCASE ediscovery
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationDescription of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014
Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that
More informationWhitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY
Whitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY 60% [of organizations] plan to automate incident remediation within 24 months - SANS Endpoint
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationIntegrated Protection for Systems. João Batista Joao_batista@mcafee.com Territory Manager
Integrated Protection for Systems João Batista Joao_batista@mcafee.com Territory Manager 2 McAfee Overview Proven Expertise And what it means to you Proof of Expertise Impact of Expertise 1 17 100 300
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationGUIDANCE SOFTWARE Product Line. Reveal Risk, Empower Response, and Take Control with Comprehensive Data Visibility
GUIDANCE SOFTWARE Product Line Reveal Risk, Empower Response, and Take Control with Comprehensive Data Visibility #1 Market Share Leader in Endpoint Detection and Response (EDR) Competitive Landscape by
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationHope is not a strategy. Jérôme Bei
Hope is not a strategy Jérôme Bei Press Highlights Conficker hits German Government! 3000 Clients down! Datatheft at German Telekom: 17.000.000 Customer Records lost! About 1.000.000 pieces of Malware
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationInformation Technology Solutions
Managed Services Information Technology Solutions A TBG Security Professional Services Offering LET TBG MANAGE YOUR INFRASTRUCTURE WITH CONFIDENCE: TBG S INTEGRATED IT AUTOMATION FRAMEWORK PROVIDES: Computer
More informationSecurity Controls Implementation Plan
GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 Table of Contents Executive Summary 3 Introduction 3 Security Controls Implementation
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationSymantec Security Information Manager Version 4.7
Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationHow are we keeping Hackers away from our UCD networks and computer systems?
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationwhitepaper The Benefits of Integrating File Integrity Monitoring with SIEM
The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationThe Value of QRadar QFlow and QRadar VFlow for Security Intelligence
BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity
More informationVulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper
Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...
More informationProven LANDesk Solutions
LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationTechnical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems
Symantec Endpoint Protection.cloud Employing cloud-based technologies to address security risks to endpoint systems White Paper: Endpoint Protection.cloud - Symantec Endpoint Protection.cloud Contents
More informationStop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats
Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Jody C. Patilla The Johns Hopkins University Session ID: TECH-107 Session Classification: Intermediate Objectives Get more out
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationIntrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC
Intrusion Detection and Intrusion Prevention Ed Sale VP of Security Pivot Group, LLC Presentation Goals Describe IDS and IPS Why They Are Important Deployment and Use Major Players The IT Security Camera
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationMcAfee Server Security
Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationWHITE PAPER. Best Practices for Securing Remote and Mobile Devices
WHITE PAPER Best Practices for Securing Remote and Mobile Devices Table of Contents Executive Summary 3 The Rise of Mobile and Remote Computing 3 Risks from Remote Computing 3 Risks for Mobile Workers
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationHow To Protect Your Virtual Infrastructure From Attack From A Cyber Threat
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security
More informationIBM Endpoint Manager Product Introduction and Overview
IBM Endpoint Manager Product Introduction and Overview David Harsent Technical Specialist Unified Endpoint IBM Endpoint Manager and IBM MobileFirst Protect (MaaS360) Any device. Identify and respond to
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More information