Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Transcription

1 IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of the entire routed infrastructure. - Today s distributed, ever changing IT environments require complete visibility into the network in order to maintain security, compliance and availability. Lumeta IPsonar is the industry s most widely deployed network discovery solution for large, geographically distributed organizations. Lumeta s patented, award winning network assurance technology discovers and maps every IP asset, host and node on the network, giving CIOs, CSOs and CISOs a clear view of risks and policy violations arising from network changes. Such changes include the addition of new devices, modifications in remote access, changes resulting from IT consolidations, and infrastructure updates. Over a dozen U.S. federal government agencies, five of the ten largest pharmaceutical companies, three of the five largest energy companies, and many other industry leading organizations rely on Lumeta to maximize the value and efficacy of IT investments in vulnerability management, information protection and control, IP address management, IT asset management, and compliance. IPsonar provides: - Discovery of all ingress and egress points on the network, including rogue/unauthorized Internet connectivity. - Accurate inventory of attached devices for vulnerability scanning. - Confirmation that all assets are under security management. - Clear understanding of entire routed infrastructure. - Inventory of all SSL certificates, including issuer, signing authority and expiration date. - Discovery of potentially vulnerable (open) TCP ports for more targeted vulnerability scanning and patch management. - Lightweight discovery/scanning techniques avoiding detection by IDS/IPS systems. - Device profiling allowing for credential-less identification of attached end-points. - Lumeta Network Index allowing for best-practices based scoring (risk metrics) of IPsonar results.

2 IPsonar s credential-less and agent-less approach minimizes disruption to operations and scales to handle the largest networks. IPsonar is lightweight and safe for use on large networks even during production hours, operating at the level of network noise and using only properly formed packets to elicit benign responses. IPsonar s patented network leak detection solution reveals unauthorized connections between the enterprise and another network, between segregated subnets, as well as unwanted connectivity between the network and the Internet, determining whether connectivity is outbound, inbound or both. IPsonar s network leak detection capabilities are unparalleled in the industry, with the unique ability to find unknown connections into other organizations, such as legacy partner connections or divestiture connectivity. Network leak detection provides intelligence for active network defense, enabling cybersecurity response before costly downtime or material weaknesses wreak havoc on the enterprise. IPsonar allows users to set policy guidelines based on regulatory requirements or internal guidelines, and to automate the measurement of the true state of the network against those policies. IPsonar also provides real-time alerting on policy violations that break risk thresholds, even where the violation occurs on an asset or connection that was previously unmanaged or unknown, enabling a proactive approach to network security and management. IPsonar s powerful dashboards can be configured to present the most relevant data more effectively. For instance, dashboards can be created for IT audit and regulatory preparation or for executive management reporting. 2 Lumeta IPsonar Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks With a bi-directional open API, and configurable custom attributes, Lumeta IPsonar provides users the ability to seamlessly integrate active network discovery data into existing IT and Security lifecycle, leveraging IPsonar s network discovery reporting and powerful network mapping engines as a front end to operational network visualization. Lumeta IPsonar is delivered on an appliance-based system, including sensors, scan servers and reporting servers. The number of systems required and licensing costs depends on the size, complexity and segmentation of the network to be scanned. Lumeta IPsonar can also be run as a service. Lumeta offers an extensive suite of professional services, training and educational certifications.

3 3 The Phases of IPsonar Discovery IPsonar actively scans the network to collect all data related to Network, Host, Leak, Services, Perimeter, and Layer 2 Discovery. IPsonar also uses intensive Device Profiling techniques to identify the type, vendor, model, operating system, and version of devices on the network. MAC addresses that are collected and associated with IPs are matched to their respective MAC vendors. Users can accurately visualize what is on the network, drill down to analyze potential areas of risk, and identify appropriate corrective actions. Network Discovery Organizations must understand the entire network during times of change, assuring that all assets are under management to avoid intrusion and service outages. IPsonar Network Discovery is the best tool to identify and measure relationships between known and previously unknown network assets,including routers, switches, and firewalls. Applies multi-protocol discovery to penetrate deep into the network, identifying forwarding and filtering devices Traces and visualizes data paths through a network, to discover if assets communicate properly Flags stealth assets that do not respond to direct queries, pinpointing resources that may not be under management Isolates the impact of firewall and router access control lists (ACLs), assuring they are operating in compliance to policy Presents a route-based network topology from an application connectivity perspective via the IPsonar Map Host Discovery Unknown IP addresses exist in every large network, often undiscovered until an outage, breach, or audit issue. IPsonar Host Discovery identifies all devices on the network, helping IT executives align areas of visibility with areas of responsibility. Conducts a census of all IP addresses using multi-protocol discovery, identifying the true perimeter of the network Flags addresses unrecognized by official network inventories for remediation Enables organizations to harden defenses around the network perimeter and secure zones to enforce policies Leak Discovery Leaks are devices with unauthorized inbound or outbound connectivity to the Internet or sub-network, for example, unsecured routers exposed to the Internet or open links to former business partners. The larger and more complex a network is, the more likely it is that unknown leaks exist. IPsonar Leak Discovery is crucial in the proactive fight against leaks, revealing all unauthorized connections and identifying whether access is outbound, inbound, or both. Pinpoints forwarding and filtering devices through which addresses leak, enabling IT staff to assure these resources are in compliance with security policies Identifies inbound and outbound leakers to and from secure zones, such as those developed to protect customer data or carry sensitive communications Spots hard-to-find leaks such as unauthorized Cable/DSL routers, multi-homed servers, and NAT/PAT proxies that covertly forward network traffic Identifies resources a hop beyond the network, showing the organizations to which they are connected Enhanced Perimeter Discovery The perimeter of the network is usually assumed to be edge device(s) on the network, like the routers and firewalls that are known to allow access to the outside world e.g. the internet, an adjacent company s network, etc. and IPsonar has always checked the behavior of those devices. Yet while we tend to believe that we know the perimeter of our network based on our address space, layout, and firewall placement, with today s increasingly sophisticated mobile and wireless devices, anyone who places a multi-homed device on the network can change the known perimeter. Identifies devices on the network that have the ability to pass traffic out of the network perimeter and into unauthorized or even dangerous networks For each identified egress point, detects and alerts on the complete context of the network conversation, including details on the device or host and the addresses and networks connected to Discover devices and hosts on the network that are not compliant with network traffic policy Identify network vulnerabilities that put the organization at risk An IPsonar network map showing a device with a number of Outbound and Inbound Network Leaks.

4 4 Service Discovery IPsonar probes discovered devices for services that they provide by scanning for the known ports that provide those services. The IPsonar default service discovery port set includes common, well-known ports such as FTP, Telnet, and HTTP, along with potentially-vulnerable ports like known virus or file sharing ports. Service discovery using the IPsonar-provided ports will expose devices that are open to traffic on those ports, or blocking them, and users can add their own ports of concern to the list, helping to discover possible device vulnerabilities based on services. For example, IPsonar may discover devices that are being used to access file sharing services, which may not be desired in your environment. Identifies ports that are either open, closed, or gave mixed responses. Displays port status for each device scanned and discovered Displays individual port status for devices having multiple IP addresses, e.g. routers, switches Layer 2 Discovery, i.e. Host Topology Discovery In addition to identifying and mapping the network at the IP address level, IPsonar takes the next step in discovering and mapping the layer 2 devices. IPsonar does this by probing the discovered devices for potential layer 2 switches, then probing those switches further for details about their connected devices. IPsonar can also detect and map the presence of some unmanaged hubs in a layer 2 network topology. Identifies devices that are operating as layer 2 devices, e.g. switches. Polls layer 2 devices for layer 2 ports, devices, MACs, etc. Identifies and displays VLAN layout in a layer 2 nework. Graphically shows the layer 2 and layer 3 network relationship. vendors, dozens of devices types, and hundreds of common operating systems and OS versions, all regularly refreshed through a live update feature. Customers can also enhance or customize this library easily to suit their individual infrastructure. Uses multiple scanning techniques to collect data from devices on the network, then selects the best source to determine device attributes, placing a confidence level on each attribute based on how accurate the methodology and returned value might be. Extracts information from standard packets (ICMP, TCP, and UDP packets); no application-layer transactions nor installed agents required Flags improperly secured wireless access points for remediation improving security without requiring staff to scan airwaves or deploy antennae-based monitors Determines which operating systems and versions network devices are running Graphically represents devices, vendors, etc. to clearly represent all device categories Allows users to easily add new fingerprints that are known to identify devices, enhancing and customizing the device information that IPsonar provides. Identifies Internet services and proprietary IP applications active on hosts and devices, pinpointing resources for which tested ports are active. Flags improperly secured wireless access points for remediation improving security without requiring staff to scan airwaves or deploy antennae-based monitors Determines which operating systems and versions network devices are running. Extracts information from standard packets (ICMP echo requests and high-port UDP packets); no application-layer transactions. Facilitates consolidation by noting devices that run network-based services, such as printers and storage appliances. Device Profiling IPsonar provides rich data on all networked devices, delivering a uniquely comprehensive data set on all devices at the network and transport levels, in addition to providing application-layer visibility. Detailed device information obtained by active network discovery gives users a real-time glimpse into device type information, vendor, model number, Operating System, and version, all of which can be easily integrated into to other IT and security lifecycle tools, such as network management systems. The product ships with a pre-configured library of more than 800 Copyright Lumeta Corporation, All rights reserved

5 Lumeta offers the industry s most comprehensive and proven network discovery & visibility solutions. Lumeta IPsonar provides comprehensive network visibility for active network defense. 5 Scalable to the World's Largest Networks with Multi-tier Enterprise Architecture Because it is a network appliance, Lumeta's IPsonar requires no installation or disruption to operations in order to completely scan a network - no matter how far-flung or numerous the resources are. IPsonar is made to handle large data sets as easily as it does small data sets. Thus, IPsonar is a true enterprise application, able to work efficiently in both large and small deployments. IPsonar's three-tiered architecture is proven at the world's most complex networks and has been used to scan the entire Internet: Sensors. Accurate, complete network scanning is achieved through the use of network entry points called Sensors. These entry points are portable, providing flexibility to address even the most fast-changing networks. Scan Servers. These resources are positioned at appropriate points in the network to assure that business applications and even the lowest-speed network links are unaffected by IPsonar network traffic. Multiple scans can be run simultaneously. Report Servers. Functioning as the data repository, Report Servers separate report from scanning to further reduce IPsonar s operational footprint. A single remote Report Server can support multiple Scan Servers. IPsonar uses a pre-loaded, hardened configuration to simplify and assure security. Communication between IPsonar appliances is via HTTPS (SSL) and available in several configurations, so no changes to firewalls or network access control are required. The user interface supports signed digital certificates. The number of systems required, and software-licensing costs depend on the size, complexity and segmentation of the network to be scanned. Lumeta IPsonar can also be run as a service. Lumeta offers an extensive suite of professional services, training and educational certifications. Integration With a bi-directional open API, and configurable custom attributes, Lumeta IPsonar provides users the ability to seamlessly integrate active network discovery data into existing IT and Security lifecycle, leveraging IPsonar s network discovery reporting and powerful network mapping engines as a front end to operational network visualization. Lumeta s IPsonar fully integrates its data into third-party applications, providing organizations with the information needed to ensure complete network availability, security, and compliance. IPsonar s open API is designed to enable integration with any application and the solution s network discovery results are fully extensible to a range of third-party solutions and easily translated into actionable information. Copyright Lumeta Corporation, All rights reserved