Symantec Critical System Protection (SCSP) Overview. February 2010
|
|
- Morgan Goodwin
- 8 years ago
- Views:
Transcription
1 Symantec Critical System Protection (SCSP) Overview February 2010
2 Agenda What are the challenges? What is Critical System Protection? How does CSP work? How does CSP work with other Symantec products? Why Symantec Critical System Protection? 2
3 Pain Points for Server Security Mission-critical systems with minimal downtime for patching Maintain high availability and high performance Meet compliance requirements for systems with sensitive data Protect against abuses of privileged accesses Many OS platforms (Windows, Unix, Linux) General Purpose File & Print Servers DMZ Web Servers Data Center Application, Database, Mail Servers Varies Varies Varies 3
4 Internal Threats External Threats Server Protection Challenges: System and Threat Complexity User / Admin Account hacking Database Server Application exploits Back door attacks File Server Mail Server Application Server O/S Exploits Authorized User exploits Web Server Print Server Auditing tampering Configuration changes User rights escalation Point Of Sales Terminals Legacy Server Symantec Critical System Protection 4
5 Agenda What are the challenges? What is Critical System Protection? How does CSP work? How does CSP work with other Symantec products? Why Symantec Critical System Protection? 5
6 SCSP for Server Security Patch Mitigation for missioncritical systems with minimal downtime Protect while maintaining high availability and high performance (no scanning) Meet compliance requirements for systems with sensitive data Protect against abuses of privileged accesses Support many OS platforms (Windows, Unix, Linux) General Purpose File & Print Servers DMZ Web Servers Data Center Application, Database, Mail Servers 6
7 What is Critical System Protection? Security Known/Unknown Threat Protection Insider Abuse Prevention Patch Mitigation Compliance Real-time Monitoring and Auditing Logging and Event Reporting Real-time Compliance Enforcement Policy-based approach Proactive enforcement High availability and performance Symantec Critical System Protection 7
8 Multi-layer protection with SCSP IIS Exchange Symantec Critical System Protection
9 Symantec Critical System Protection Multi-layer protection for critical systems Close back doors (block ports) Limit network connectivity by application Restrict traffic flow inbound and outbound Network Protection (Host IPS) Exploit Prevention (Host IPS) Restrict apps & O/S behaviors Protect systems from buffer overflow Intrusion prevention for day-zero attacks Application control Symantec Critical System Protection 5.2 Lock down configuration & settings Enforce security policy De-escalate user privileges Prevent removable media use System Controls (Host IPS) Auditing & Alerting (Host IDS) Monitor logs and security events Consolidate & forward logs for archives and reporting Smart event response for quick action SCSP Product Overview 9
10 SCSP Agent Platform Support (Jan. 10) Platform Microsoft Windows Client Edition Windows XP Windows 2000 Prevention Windows 2000, 2003 and 2008, including 64-bit versions, Windows 2008 SP2 and R2 Windows NT Solaris Not Applicable Solaris 8, 9, 10* *includes x86, x86 VM, 64-bit & Global Zones Linux SuSE Linux Professional SuSE Linux Enterprise Server 8, 9,10 RedHat Enterprise Linux 3**, 4**, 5 includes 32-bit & 64-bit support VMWare ESX 3.5 Host Server Edition Detection Windows 2000, 2003 and 2008, including 64-bit versions, Windows 2008 SP2 and R2 Windows NT Solaris 8, 9, 10* *includes x86, x86 VM, 64-bit & Local Zones SuSE Linux Enterprise Server 8, 9,10 RedHat Enterprise Linux 3**, 4**, 5 includes 32-bit & 64-bit support VMWare ESX 3.5 Host AIX Not Applicable Future release AIX 5L (5.1, 5.2, and 5.3) HP-UX Not Applicable Future release HP-UX 11i v1 (11.11)**, v2 (11.23)** and v3 (11.31)** HP Tru64 Unix V5.1B ** Also includes IDS support for Itanium 2 Detection in v5.2 can monitor unsupported platforms via the Remote Edition Virtual Agents - i.e. zlinux, Vista, AS400, Debian, Ubuntu, etc. SCSP agents also support use within VMWare guest operating systems running via VMWare Server, VMWare Workstation and VMWare ESX 3.x SCSP supports VMWare ESX 3.5 Host for IDS including HIDS policy pack and HIPS driver is included without HIPS policy pack. SCSP Product Overview 10
11 SCSP Architecture Symantec Critical System Protection Architecture Event Logging Servers SCSP Agents HTTPS SCSP Agents Desktops & Laptops Scalability = 5K-8K agents/server Policy Management Agent Registration Asset Data Agent Management Policy Configuration Policies Real-time Monitoring Event Logging Operational State Users and Roles HTTPS JDBC Event Data Management Console Reporting Management Server SQL Data Store SCSP Product Overview 11
12 Agenda What are the challenges? What is Critical System Protection? How does CSP work? How does CSP work with other Symantec products? Why Symantec Critical System Protection? 12
13 SCSP s Roles in PCI Compliance Monitor Audit System and Application File, Configuration and Registry Monitoring (PCI Req 10) System and Application Event and Text Log Monitoring (PCI Req 10) Host based Real-time Detection and Prevention Broad OS and application coverage Secure Respond Network Protection Server Host Firewall (PCI Req 1) System and Application Exploit Prevention & System Controls (PCI Req 7 & 11) Block changes from unauthorized users/apps Run actions in response to events (PCI Req 7 & 11) SCSP Product Overview 13
14 Event Detection (IDS) Layer Host System System Operations How it Works Core OS Daemons crond RPC LPD Printer Application Daemons Web Mail Client Office IE Browser System, Application & Security Events Settings Files System & Text Logs Create/Modify/Delete Settings Create/Modify/Delete Files Symantec collectors gather events & compare them to IDS rule sets (custom or library) Send alert to mgmt console Interactive Programs Upon a match, take action Record event in local SCSP log SCSP Product Overview 14
15 Pre-Configured Windows Detection (IDS) Policies SCSP Product Overview 15
16 Phased approach to trusting IDS & IPS Install SCSP with IPS off and IDS monitoring for security events and user auditing Enable IPS policy in IDS/log only mode Configure as desired using Event Wizard Incrementally enable portions of IPS policy in enforcement mode for Maximum protection from day zero threats SCSP Product Overview 16
17 Vulnerability Trends Zero-day Key Definition: A zero-day vulnerability is one for which there is sufficient public evidence to indicate that the vulnerability has been exploited in the wild prior to being publicly known. From July 1st - December 31st 2006, Symantec documented 12 zero-day vulnerabilities, a significant increase over the previous two reporting periods H dropped to 6 documented zero-day vulnerability attacks - but these are still risks Attacks with no protection No patches No Anti-virus signatures No pre-built Firewall rules No attack (Network IPS) signatures SCSP Product Overview 17
18 Network protection technologies are insufficient to stop attacks Unknown threat exploiting published vulnerability Enterprise Perimeter Datacenter Perimeter Host FW Sasser INFECTED Network Firewall Welchia Blaster Conficker Windows vulnerabilities on unpatched systems Appliance with packet filtering (Network IPS) COMPROMISED Host N-IPS INFECTED Malicious Insider Standard security solutions protect against known attacks and protect known vulnerabilities, missing New threats New vulnerabilities Insiders SCSP Product Overview 18
19 Exploits Across Your Network Targeting Critical Servers Database Server Disgruntled Employee/ Insider Attack Intentional Misconfiguration or Back Door Attack Corporate Server Infrastructure Servers Exploit Toolkit Zero-Day Worm Outside Attacker Ignorant Employee Unintentional misconfiguration Application Server Regular Employee Copied data or Infected files File Server Corporate Network Web Server Internet Targeted Hacking Attacks Hacker 19
20 Sample Day-zero Exploit: RPC Vulnerability by Blaster RPC Service RPC Service RPC Service Inbound Connect (Port 135) Create Outbound Connect (Port 4444) Run Script to Download File Insert File into Root Directory Open Backdoor for Remote Access Modify Registry Keys Open Connections to Infect Others Files Memory (Buffer Overflow) Registry (Win only) Named Pipes Network Control OS Calls Devices Windows 2000/XP/2003 Kernel CSP Protected System with Out-of-the-box Strict Policy SCSP Product Overview 20
21 Hacker Attacks Application Servers Hacker Targeted Hacking Attacks Web Server SCSP Security Features Prevents inappropriate inbound connections Identifies multiple failed login attempts Blocks installation of unapproved executables Detects and blocks access to locked down files/directories Benefits Automatically secures against inappropriate access Improves protection against data loss Easily provides detailed forensic data reports Symantec Critical System Protection 21
22 Insider Abuse SCSP Security Features Disgruntled Employee/ Insider Attack Monitors/audits changes by administrators Prevents unauthorized network communication Intentional Misconfiguration or Back Door Attack Identifies system user rights changes Prevents unauthorized application installation Benefits Reduces risk of inappropriate access Database Server Minimizes overhead in tracking breach activities Increases effectiveness of policy enforcement Symantec Critical System Protection 22
23 Outside Attacks SCSP Security Features Servers OS/Application Exploit Toolkit Servers Outside Attacker Zero-Day Worm Blocks inbound network worm attacks Buffer overflow detection identifies/prevents vulnerability attacks Prevents file downloads Mitigates registry and program changes Benefits Dramatically reduces worm damage and cleanup Reduces network performance impact Improves protection against data loss Symantec Critical System Protection 23
24 Mis-configured Systems SCSP Security Features Ignorant Employee Unintentional misconfiguration Audits for new application installations Monitors key files and configurations for changes Identifies Active Directory changes Blocks attacks on known/unknown vulnerabilities Benefits Minimizes application failures Reduces patching requirements Application Server Eliminates accidental and unintentional configuration problems Symantec Critical System Protection 24
25 Enforcing Policy SCSP Security Features Prevents use of USB devices on key systems Regular Employee Copied data or Infected files via System Devices Locks down and monitors system and application configurations Identifies changes to user rights Blocks access to restricted files by unauthorized applications and/or users Benefits Proactively prevents critical security or compliance violations before they occur File Server Automates corrective actions to policy violations Cost savings via single solution for both realtime and bulk event logging Symantec Critical System Protection 25
26 Exploit prevention (HIPS) layer Host Programs Normal Resource Access Core OS Daemons crond Application Daemons How it Works Files Read/Write Data Files RPC LPD Printer Mail Web Client Office Browser Symantec Critical System Protection creates a shell around each program and daemon/service that defines acceptable behavior Registry Network Read Only Configuration Information Usage of Selected Ports and Devices Interactive Programs Devices SCSP Product Overview 26
27 Out of the box HIPS protection for the most commonly attacked applications OS Protection RedHat & SuSE Linux core OS protection Solaris core OS protection Microsoft Windows core OS protection Web & Application servers Apache web server Microsoft SQL Server Microsoft Internet Information Server Mail servers Postfix server Sendmail server Microsoft Exchange Desktop Applications Microsoft Outlook & Outlook Express Microsoft Office applications All others -> Default standard daemon/service Default standard desktop application policies SCSP Product Overview 27
28 VMWare ESX 3.5 Host Protection Challenges VMWare ESX Host is a RHEL kernel and increasingly subjected to vulnerabilities and attacks. A malware can potentially use the host as launching pad for attacks to the guest OS. Host Guest Guest Guest SCSP Benefits Provides Host IDS to monitor user, system and resource activities and report on realtime intrusions Protects ESX host with its IPS policies to provide firewall protection, device control, configuration and system lock down, admin access control and file system protection Provides protection so you can comfortably put PCI Server in virtualization Symantec Critical System Protection 28
29 What s new in SCSP 5.2.4? GA: Feb 3, 2010 FEATURE DESCRIPTION BENEFIT Expanded Platform Support Interoperability with Storage Foundation High Availability File Monitoring Enhancements Agent: Win2008 R2, Win2008 SP2, unified Windows agent install, VMWare ESX 3.5 IDS and IPS Manager: Win2008 R2 and SP2, SQL bit and 64-bit Pre-defined Policy Pack for use in Storage Foundation HA deployments Increased ability to track changes to a user definable value above the 100K file size limit Add ability to monitor subdirectories with wildcard option Monitor Windows Extended File Attributes and alternative data streams Additional platform support for broader and more effective protection in the environment Enhanced high availability support for critical systems by protecting clustered hosts against configuration drift Reduce unplanned downtime due to security vulnerabilities and patches Increased effectiveness in monitoring potentially harmful or inappropriate file changes for PCI compliance VMWare ESX 3.5 Host Protection WebUI for Management A new HIDS policy pack based on VMWare hardening guide is provided HIPS support through custom RHEL policies until next release SCSP Management Console can now be accessed from a web browser Advanced protection across virtualized environments Provides flexibility for administrative access Enables integration into central web portal for Symantec SCSP Product Overview 29
30 Agenda What are the challenges? What is Critical System Protection? How does CSP work? How does CSP work with other Symantec products? Why Symantec Critical System Protection? 30
31 Complete Server Infrastructure Protection: SCSP + SEP Compliance Prevention Detection Remediation Establish protection policies Report on policy violations Real time monitoring of configuration and access controls Block known malware Reduce unknown vulnerability exploits Lock down file systems Enforce user/admin access controls Limit device access Based on: Signature Behavioral Reputation Policy File changes Configuration changes Buffer Overflow Thread Injection Malware removal Recommended actions Real-time event log aggregation Real-time data correlation Critical System Protection 31
32 Complete Server Infrastructure Protection SCSP + SEP Servers Device and Application Control Host Intrusion Prevention Network Protection System Lockdown & Hardening Monitoring, Auditing, and Alerting Antispyware Antivirus Symantec Protection Suite Server Edition Performance Risk Mitigation Policy-based Protection Insider Abuse Prevention Workflow Compliance & Enforcement Multi-OS VALUE Single Console, Increased Visibility, Protection, Control, and Manageability Reduced Cost, Complexity, & Risk Exposure Multiple Technologies Optimized for a variety of Scenarios and Platforms 32
33 SCSP - SEP Server Compatibility Java Based Consoles - Policy Management - Agent Management - Roles and Administration - Launch Reports -View Alerts Separate SEP and SCSP consoles with similar Symantec look & feel HTTPS to Apache HTTP to IIS for Reports SEPM Apache Tomcat SSL Port 8443 or Port 443 JDBC & ODBC SQL Data base JDBC SCSP Manager Apache Tomcat SSL Port 4443, 8006 and 8081 SQL Data Store - Policies - Events & Logs - Security Content - Reporting Data* - State Information - Updates and Patches* *SEPM only Separate databases, no overlap or conflicts for either embedded or external SQL SEP and SCSP management servers can coexist on the same server systems Clients retrieve all policies, content, and packages and submit all state information to IIS Servers IIS port 80 (or SSL) Desktops Apache Tomcat SSL Port 443 Clients retrieve all policies and submit all state information to Tomcat Laptops Symantec Endpoint Protection and Critical System Protection Clients If using SSL for SEP serveragent communications, then change either the SCSP or SEP agent port to a new value (before deploying) No Installation or port changes required for agents unless SSL is used by both deployments. SCSP Product Overview 33
34 Protection + Intelligence = Value Critical System Protection Security Information Manager VALUE Host Intrusion Prevention Network Protection Aggregate Normalize Prioritize Increased Protection, Control, and Manageability System, Device, Application Control Auditing and Alerting Correlate Remediate Reduced Cost, Complexity, and Risk Exposure 34
35 Viewing SCSP events on SSIM SSIM has a collector for SCSP SSIM Event Tab Pre defined out of the box queries for CSP Maps across multiple buckets Including compliance queries Create custom queries 35
36 Correlate SCSP Events with SSIM Rules Pre defined out of the box rules CSP events map to EMR Custom rules based on CSP data Cross correlate rules of different type 36
37 Data Center High Availability Challenges and Solutions Challenges Configuration drift causes downtime Configuration inconsistencies (hosts) can cause failover errors Solutions with SCSP Lock Down and Monitor Configurations Monitor and alert on configuration changes Lock down systems from inadvertent admin accesses Avoid Unplanned Downtime Vulnerability exploits and attacks can lead to unplanned patching downtimes Untested emergency patches may cause failures and impact availability Provide Zero-Day Vulnerability Protection Lock down critical resources before patches are available or applied More time to test and deploy patches during planned downtimes Tested for interoperability between SFHA and SCSP by Symantec SCSP Product Overview 37
38 SCSP Enhances High Availability Systems Reliable Availability Ensures reliable failover Restrict operational disruptions Facilitate risk mitigation Minimize system downtime Comprehensive Protection Protect against mis-configurations Mitigate confidentiality breaches Monitor system policy compliance Dependable Asset Integrity Monitor configuration changes Block access to restricted files Restrict infrastructure exploits Intro to Storage Foundation & High Availability Solutions for Windows 38
39 SCSP 5.2.4: Interoperability with Symantec Storage Foundation HA SFHA is installed in a large number of database servers for storage management and optimization. SCSP is used to protect database servers which processes mission-critical data. Includes SCSP IPS policy pack to monitor critical configuration files of SFHA and to enforce configuration lockdown, access control, and other protection policies without interfering with SFHA. Tested on Solaris 10 with SFRAC for Oracle HRAC database. SCSP Product Roadmap 39
40 Control Compliance Suite (CCS) and CSP Attach Plays CSP Protects critical servers from external and internal threats Provides real-time monitoring, auditing and enforcement to meet compliance CCS Identifies critical host systems not yet patched Provides reports as auditable evidence of compliance CCS DPE bundle available today! Data integration on roadmap Exceed your Security Quota with CCS - Internal Use Only
41 Agenda What are the challenges? What is Critical System Protection? How does CSP work? How does CSP work with other Symantec products? Why Symantec Critical System Protection? 41
42 SCSP Summary Host-based protection of critical assets Host Intrusion Prevention & Host Intrusion Detection High performance, low-latency agent Proactive protection protects against 0-day attacks Comprehensive OS and application log monitoring Lowers cost of administering asset protection through simple, centralized policy creation and management Symantec supplied, customizable policies Intuitive, clean interface Adds protection to systems that are difficult to lock down or cannot have patches immediately applied Prevent vulnerability exploits even without a patch Ensure applications only access intended resources Prevent and report unauthorized administrator actions SCSP Product Overview 42
43 Symantec Critical System Protection Top Advantages Broadest platform coverage with a single console Highly effective protection with minimal performance impact Comprehensive out-of-the-box policies and templates Superior ease of use and stability over other solutions Complementary layer of protection to other Symantec solutions Backed by World Class Service and Sales Support Symantec Critical System Protection 43
44 Thank you! Ivy Lui
45 Backup slides Screenshots and Details SCSP Product Overview 45
46 SCSP Master Dashboard SCSP Product Overview 46
47 SCSP Detection Dashboard SCSP Product Overview 47
48 SCSP HIDS Policies SCSP Product Overview 48
49 SCSP HIPS Policies SCSP Product Overview 49
50 SCSP Real-time Event Monitoring SCSP Product Overview 50
51 SCSP Top 10 Event Report SCSP Product Overview 51
52 SCSP Recent Event Summary Report SCSP Product Overview 52
53 Windows Out-of-the-Box Prevention Policies A starting point for customers. Each policy is built on the same core components (BCDs, PBR, macros, etc). The only difference is which options are defined by default. Easily move from policy one to another by just adjusting options. Core Strict Core OS protection with maximum application compatibility Instant hardening of commonly attacked processes/applications + Buffer Overflow (BO) protection All unspecified programs* are treated as safe, except for BO protection and inbound network controls Recommended policy for server deployments Strict OS and application control BO & Network lockdown no inbound access, outbound limited to ports 80, 135, 389 & 443 Unspecified programs* are confined (cannot write critical system files nor system executables) Limited Execution Limits execution of non-server applications Same functions as Strict, except all interactive processes are denied except those in whitelist * Unspecified programs are handled by Default process sets 53
54 HIPS Configuration Comparison System Process Traditional IPS/Firewall Monolithic Policy Priority Denies System Process SCSP Modular Policy Global Policies/rules are in a sequential list, with each system call being checked against the whole policy list. Allows Denies Processes are assigned to a Process Set; then only the corresponding Process Set rules are scanned Process Set X General Services Application X Actual response is dependent on rule order. To add to a policy, the user must understand exactly how resulting rule sequence will execute To control a new application, the user need only be concerned with the new process (rule) set SCSP Product Overview 54
55 HIPS Operational Comparison Traditional IPS/Firewall Monolithic Policy System Process Priority Denies Priority Denies System Process SCSP Modular Policy Global Every process call check starts at the top and work sequentially down the entire list Allows Denies Allows As a process starts, it is assigned to a Process Set. From that point on, process calls are checked against a limited set of policies Process Set X #3 #2 #1 General Services Application X As the policy is customized, the list grows leading to slower and slower performance. Denies As the policy is customized, performance impact is small - only affected with changes to call related rules in Global, General or the app specific process sets New app, but unrelated Network IPS policies work the same way, adding extra impact reassembling & scanning every packet into/out of the system SCSP Product Overview 55
56 PCI Firewall Requirement (Req. 1) Primarily focused on network firewall features SCSP augments network firewalls with host based protection, so not all features are required on the host SCSP protects against additional attacks from within the network security perimeter and ensures inappropriate application communications are controlled SCSP Product Overview 56
57 PCI Monitoring Requirements (Req. 10) SCSP provides both host lockdown (IPS) and monitoring to audit all of these items SCSP s host based prevention capabilities can monitor and control access to audit tools and data. This includes locking audit data to access/use by only authorized users and applications Real-time IPS lockdown limits access and changes to system audit logs not possible with log collection tools IPS events provide immediate notification about abnormal system behavior and access. Events can trigger , SNMP and/or log based alerting SCSP Product Overview 57
58 PCI Data Restriction Requirements (Req. 7) SCSP can limit user access to files and registry keys based on application and user/group SCSP IPS policies can block access to files/registry keys by any user include root or administrator accounts, but allow specific applications to still access and/or modify files SCSP s default IPS policies block changes to applications and system files. Customers can specify acceptable patch/system management tools (and users), as well as lock down their implementations of sensitive applications/content SCSP Product Overview 58
59 PCI Data Restriction Requirements (Req. 11) SCSP s IPS feature includes a firewall to control application traffic SCSP s behavioral IPS can detect and block threats that network technologies can miss including insider abuse or abuse of insider accounts Host based protection is needed to detect all changes Note: once a week may meet PCI, but is not enough to prevent hacking SCSP s IDS and IPS policies protect and monitor key system and application files SCSP meets and exceeds the minimum PCI recommendations by providing exploit prevention and configurable auditing to monitor access and usage on the system in real-time SCSP can identify which users and applications were used to modify files using either IPS or IDS file auditing policies SCSP Product Overview 59
Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationBest Practices in Virtualization & Cloud Security with Symantec DCS
Best Practices in Virtualization & Cloud Security with Symantec DCS Nathaphon K. Technical Consultant Symantec Data Center Security 1 Would You Would You Ever Leave Ever Leave Your Doors Your Doors Unlocked?
More informationSYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5
SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5 Advanced protection and hardening for advanced threats. Data Sheet: Security Management Symantec Data Center Security: Server Advanced 6.5 Solution Overviewview
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationTrend Micro. Advanced Security Built for the Cloud
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
More informationData Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec
The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationData Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec
The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSymantec Protection Suite Small Business Edition
Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business is an easyto-use, all-in-one suite that secures your critical business assets and information against today s complex
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationEnd to End Security do Endpoint ao Datacenter
do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:
More informationThe Challenge of a Comprehensive Network Protection. Introduction
Index Introduction...3 Corporate Network Security Management Challenge...5 Multi-layers and heterogeneous network...5 Roaming Clients...5 Control of unproductive and restricted applications...5 Securing
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationSymantec Endpoint Protection Analyzer Report
Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...
More informationHost-based Protection for ATM's
SOLUTION BRIEF:........................................ Host-based Protection for ATM's Who should read this paper ATM manufacturers, system integrators and operators. Content Introduction...........................................................................................................
More informationVirtualization Journey Stages
Deep Security 7.5 Todd Thiemann Sr. Dir. of Datacenter Security Marketing Trend Micro Harish Agastya Director of Datacenter Security Marketing Trend Micro Classification 11/12/2010 1 Virtualization Journey
More informationBEST PRACTICES FOR SCSP POCS. Best Practices for Critical System Protection Proof of Concepts. Version 1.0
BEST PRACTICES FOR SCSP POCS Best Practices for Critical System Protection Proof of Concepts Version 1.0 1 1. UNDERSTANDING SERVER RISK... 4 1.1. HOW TO PROTECT YOURSELF: DEVELOPING SERVER HARDENING CONFIGURATIONS...
More informationTechnology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption
Technology Blueprint Protect Your VoIP/SIP Servers Insulating your voice network and its servers from attacks and disruption LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationIntegrated Protection for Systems. João Batista Joao_batista@mcafee.com Territory Manager
Integrated Protection for Systems João Batista Joao_batista@mcafee.com Territory Manager 2 McAfee Overview Proven Expertise And what it means to you Proof of Expertise Impact of Expertise 1 17 100 300
More informationSymantec Endpoint Protection
The next generation of antivirus technology from Overview Advanced threat protection combines AntiVirus with advanced threat prevention to deliver an unmatched defense against malware for laptops, desktops,
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationRedefining Endpoint Security: Symantec Endpoint Protection Russ Jensen
Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Sr. Presales Engineer, CISSP, MCSE Key Ingredients for Endpoint Protection Antivirus World s leading AV solution Most (44) consecutive
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationTotal Defense Endpoint Premium r12
DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious
More informationSymantec Protection Suite Small Business Edition
Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business Edition is an easyto-use, all-in-one suite that secures your critical business assets and information against today
More informationReining in the Effects of Uncontrolled Change
WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationCisco Security Agent (CSA) Network Admission Control (NAC)
Cisco Security Agent (CSA) Network Admission Control (NAC) Pascal Delprat Security Consultant Cisco France Vincent Bieri Marketing Manager, Security EMEA Technology Marketing Organisation 1 Agenda CSA
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationSymantec Protection Suite Small Business Edition
Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business Edition is an easy-to-use, all-in-one suite that secures your critical business assets and information against
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred
DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationAdjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006
Adjusting Prevention Policy Options Based on Prevention Events Version 1.0 July 2006 Table of Contents 1. WHO SHOULD READ THIS DOCUMENT... 4 2. WHERE TO GET MORE INFORMATION... 4 3. VERIFYING THE OPERATION
More informationSymantec Security Information Manager Version 4.7
Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationSecurity and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser
Security and Billing for Azure Pack Presented by 5nine Software and Cloud Cruiser Meet our Speakers Symon Perriman VP of Business Development 5nine Software symon@5nine.com @SymonPerriman Paul Zinn Senior
More informationData Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex
More informationeguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life
Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows
More informationCA Anti-Virus r8.1. Benefits. Overview. CA Advantage
PRODUCT BRIEF: CA ANTI-VIRUS CA Anti-Virus r8.1 CA ANTI-VIRUS IS THE NEXT GENERATION IN COMPREHENSIVE ANTI-VIRUS SECURITY FOR BUSINESS PCS, SERVERS AND PDAS. IT COMBINES PROACTIVE PROTECTION AGAINST MALWARE
More informationNew possibilities in latest OfficeScan and OfficeScan plug-in architecture
New possibilities in latest OfficeScan and OfficeScan plug-in architecture Märt Erik AS Stallion Agenda New in OfficeScan 10.5 OfficeScan plug-ins» More Active Directory support» New automated client grouping
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationFeatures Business Perspective. www.eset.com
Features Business Perspective www.eset.com Endpoint Protection Antivirus / Antispyware Auto-Scan of Removable Media Host-based Intrusion Prevention System (HIPS) Client Antispam Cross-platform Protection
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSymantec Endpoint Protection 12.1.5 Datasheet
Symantec Endpoint Protection 12.1.5 Datasheet Data Sheet: Endpoint Security Overview Malware has evolved from large-scale massive attacks to include Targeted Attacks and Advanced Persistent Threats that
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationIBM Endpoint Manager for Core Protection
IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,
More information15. juli 2013. Norman Enterprise Security NESEC
Norman Enterprise Security NESEC Agenda What is NESEC Product overview Pricing Campaigns Migration Collaterals Norman Enterprise Security What is NESEC? An agile solution suite that reduces complexity
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationTechnology Blueprint. Protect Your Servers. Preserve uptime by blocking attacks and unauthorized changes
Technology Blueprint Protect Your Application Servers Preserve uptime by blocking attacks and unauthorized changes LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security Connected
More informationUNDERSTANDING AND DEPLOYING HOST-BASED INTRUSION PREVENTION TECHNOLOGY
UNDERSTANDING AND DEPLOYING HOST-BASED INTRUSION PREVENTION TECHNOLOGY SESSION 1 Agenda Defining Host-Based Intrusion Prevention Host-Based Intrusion Prevention Components and Capabilities Cisco Security
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationPCI DSS 3.0 Compliance
A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments
More informationEndpoint Security for DeltaV Systems
DeltaV Systems Service Data Sheet Endpoint Security for DeltaV Systems Essential protection that consolidates endpoint and data security. Reduces the time and effort spent deploying and managing security
More informationSymantec IT Management Suite 7.5 powered by Altiris
Symantec IT Management Suite 7.5 powered by Altiris IT flexibility. User freedom. Data Sheet: Endpoint Management Overview technology enables IT to make better decisions, be more flexible, improve productivity,
More informationSymantec Critical System Protection Planning and Deployment Guide
Symantec Critical System Protection Planning and Deployment Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationApplication Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions
Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions 1 Agenda What is Application Whitelisting (AWL) Protection provided by Application
More informationNessus and Antivirus. January 31, 2014 (Revision 4)
Nessus and Antivirus January 31, 2014 (Revision 4) Table of Contents Introduction... 3 Standards and Conventions... 3 Overview... 3 A Note on SCAP Audits... 4 Microsoft Windows Defender... 4 Kaspersky
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationIBM Internet Security Systems
IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationAdvanced Administration for Citrix NetScaler 9.0 Platinum Edition
Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced
More informationWindows XP End-of-Life Handbook for Upgrade Latecomers
s Why Windows XP End-of-Life Handbook for Upgrade Latecomers s Why Introduction Windows XP end of life is April 8, 2014. Do you have Windows XP systems but can t upgrade to Windows 7 or Windows 8, or can
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationTivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time
1 Tivoli Endpoint Manager Increasing the Business Value of IT, One Endpoint at a Time Endpoint Management Cost Today s Endpoint Management Challenges Drive IT Costs Up More than 50% of end users change
More informationInstalling and Administering VMware vsphere Update Manager
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationHow To Protect Your Computer From A Malicious Virus
Trusted protection from malware and email-borne threats for multiplatform environments Overview safeguards enterprise assets and lowers risk by providing unmatched protection against threats for laptops,
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationSECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)
WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term
More informationCA Host-Based Intrusion Prevention System r8.1
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More informationSymantec Critical System Protection Installation Guide
Symantec Critical System Protection Installation Guide Symantec Critical System Protection Installation Guide The software described in this book is furnished under a license agreement and may be used
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationThe Clock is Ticking on Windows Server 2003 Support
A Trend Micro White Paper April 2015 The Clock is Ticking on Windows Server 2003 Support >> How Trend Micro can secure your end of life servers while enabling a safe transition Contents Introduction...3
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationData Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor
Essential server management: Discover, provision, manage, and monitor Overview Complexity with physical and virtual machine proliferation increases the challenges involved in managing servers. Server administrators
More information