Endpoint Security Risk Management: Control Without Compromise

Transcription

1 Endpoint Security Risk Management: Control Without Compromise A V 2 R P O R T F O L I O G R O U P C O M P A N Y

2 Contents Introduction 3 The Current Information Security Landscape 4 Red Lambda s Assurity SRM : Unified Security Risk Management 5 Features & Benefits 6 Why Red Lambda? 8 A Look to the Future 8

3 Introduction Driven by competitive pressures and a changing climate of accountability, organizational strategies toward information security are changing. Operational responsibilities increasingly span functional units, requiring a move away from disconnected islands of policy toward comprehensive risk management solutions that bridge disparate technologies. As such, there is a growing trend among vendors toward delivering a one-stop-shopping approach to security risk management. However, in order to achieve the uniform policy control promised by these all-in-one solutions, administrators have to rely on one vendor, and relinquish their ability to choose the best point solutions. Successfully managing risk within the context of organizational strategy requires the flexibility to choose the best technologies that meet operational objectives. By integrating security processes across the organization into a single, holistic framework, organizations are able to reduce their exposure to risk efficiently while addressing the demands of compliance and competition. This white paper outlines how Red Lambda s Assurity SRM product can provide organizations with a comprehensive security risk management solution that maximizes return-oninvestment for existing hardware, software and training expenditures, while improving the operational efficiency of risk and compliance processes. 3

4 The Current Information Security Landscape As organizations have become increasingly information-centric, the motivations for threats against these resources have evolved from the casual to the criminal. With each new wave of attack, point solutions have been introduced to address them. In fact, if anything is certain in the security marketplace, it is that threats, and the safeguards that contain them, will continue their steady march forward. for consolidation and integration of security operations could never be greater, yet the security market continues its winnertake-all approach. Even in environments that choose to implement a single-vendor risk management approach, organizations find themselves integrating many different devices, interfaces, and applications together in a process that is anything but simple. Instead of reaping the benefits of reduced complexity and improved efficiency, organizations find themselves locked into a web of compromises. Defense in depth necessitates a layered approach to security across the endpoints, devices and resources in an organization. No single vendor will ever be able to provide all of the bestin-class tools in the risk management equation at the same time. It is clear that a fresh approach to this problem is required to ensure effective risk management and sound compliance practices in real-world environments. Historical Trends of Attack or Misuse, 2006 CSI/FBI Computer Crime and Security Survey Meanwhile, security management has been caught in a quagmire. Organizations are forced to choose between selecting the best tools for their budget and operational needs, and integrated security management solutions are focused on certain platforms or network hardware. Faced with expanding government regulations and competitive pressures, the need We need to move beyond today s scenario, where users struggle to implement NAC as a successful security framework. Just how bad is it? We ve found that 40% of enterprises surveyed had begun NAC deployments, but only 4% actually finished. - Forrester Research, April

5 Red Lambda s Assurity SRM : Unified Security Risk Management Overview Red Lambda s security risk management system, Assurity SRM, has a different approach to proactively managing and protecting endpoints, information and resources. Assurity SRM uses Red Lambda s patent-pending collaborative grid technology to integrate seamlessly with existing devices and tools distributed across an organization, while marshalling unused resources to maximize efficiency. Assurity SRM coordinates these tools and devices into virtual teams, each one focused on collecting, processing, responding or proactively managing the environment to mitigate risk and achieve compliance. Linking threat protection, vulnerability management, network access control, leakage protection and other security controls to a highly-scalable, modular automation framework, Assurity SRM gives organizations the flexibility to select the best point technologies for their specific needs without compromise. The entire risk management process of the organization may be controlled and monitored from a central location, or parceled out across a federation of responsible parties, regardless of the underlying technologies in place. Assurity SRM acts as a pervasive policy abstraction layer, allowing administrators to specify proactive and reactive risk mitigation policies spanning the enterprise without worrying about whether or not the specific components were designed to work together. Security controls may be snapped into the framework via modular wrappers that make the controls available as services on Assurity SRM collaborative grid. By leveraging these security services together as the building blocks of policy workflows, Assurity SRM ensures that the most appropriate technologies are used to address threats, support compliance and mitigate risk. Real-world security management, punctuated by a high level of integration required by its supporting processes, is frequently a web of one-off scripting and complicated management. Well-understood, proven best practices guide most strategic decisions, yet integrating each new element complicates management and creates new dependencies. Because safeguards from different vendors frequently have no way to coordinate to secure information, overlapping controls can misalign security, creating vulnerabilities rather than protecting from threats. The value of access control and threat mitigation technology is that it s flexible and not baked into your infrastructure. This architecture more easily accommodates a centralized or federated policy store for consistent enforcement. Moreover, a software-based solution will operate across heterogeneous environments, ranging from hardware like routers, switches, and security appliances to software like configuration management, Active Directory, and the client security server. - Forrester Research, April 2007 Unfortunately, IT organizations faced with these challenges find themselves trading agility and efficiency for security. Red Lambda s Assurity SRM solution enables organizations to fully leverage their previous security, endpoint and infrastructure investments, readily accommodate future technologies, and make policy decisions and take action unfettered by the limitations of a specific product suite and inappropriate redundancies. 5

6 Features and Benefits Red Lambda s Assurity SRM system provides numerous benefits to organizations seeking to holistically take control of their risk management operations. Namely: Total Security Visibility: Assurity SRM collects, filters, correlates and aggregates security events from devices, tools and endpoints across the organization to monitor and react to threats. Assurity SRM automatically maps network topology, dependencies, and endpoints, and performs vulnerability analysis and relative asset valuations. Combining threat, vulnerability, value and other factors, Assurity SRM quantitatively profiles the security risk posture of the network, and provides full threat analysis with path mapping, vulnerability analysis and automated endpoint security management from a single interface. Assurity SRM modular wrapper library has full support for a wide array of open source and commercial endpoint, network security, logging and vulnerability analysis tools. In addition, Assurity SRM has an integrated, fully-distributed deep packet inspection engine, capable of monitoring traffic, applications, behavior and anomalies across the network. Ubiquitous Network Access Control: As part of its suite of preventative safeguards, Assurity SRM provides fully integrated pre/post-admission network access control (NAC). Its flexible Java architecture provides a seamless end-user experience for Windows, Mac and Linux endpoints over wired, wireless and VPN connections, with or without 802.1x. Administrators may choose from a broad array of Layer 2, 3 & 7 quarantine controls, including VLAN steering, ARP poisoning, dynamic ACLs, firewall & IPS rules, proxy redirection and others. Administrators also have the freedom to deploy any mix of installed agents or agent-less endpoints as required. Endpoint posture assessment supports a variety of popular software, and provides administrators with the ability to add custom applications as required. Multi-vendor VPN support ensures that policies are applied correctly to remote hosts. In addition, existing commercial NAC deployments can be invisibly integrated into Assurity SRM, providing advanced automation and risk management capabilities across platforms. Mitigates Endpoint Information Exposure: Assurity SRM proactively tracks endpoint information exposure, monitors and configures access controls, correlates audit records and maintains encryption. The system proactively manages endpoint information leakage protection (ILP) policy and integrates with best-in-class 3rd part ILP solutions for complete solutions for protecting data in motion and data at rest. Integrated risk analysis incorporates exposure information for more thorough risk visualization. Supports Compliance Requirements: Assurity SRM s underlying collaborative grid maintains secure archives of correlated and aggregated threat, vulnerability, control and policy action information. Users may choose retention periods, encrypted storage and other options in support of the most demanding compliance requirements. Holistic auditing, extensive notification support and automated reporting save time associated with compliance and regulatory processes. 6

7 Features and Benefits Vulnerability & Configuration Management: Assurity SRM provides automated configuration and remediation of endpoint security, including support for popular patch deployment tools, native OS manipulation and other mechanisms. Administrators may also choose to mix in selfremediation processes that transfer responsibility for compliance to the end user for environments desiring that approach. In addition, Assurity SRM supports a large collection of open source and commercial vulnerability analysis tools to take full advantage of existing investments in training and software. Modular Software-based Framework: Assurity SRM is a software-only solution that is designed to harmonize, not replace, existing network hardware, security appliances, software tools and endpoints. Its collaborative grid framework seamlessly coordinates underutilized resources, information and interfaces across an organization to perform the underlying tasks required for security risk management. A modular wrapper-based architecture allows new third party point solutions to be included ad-hoc as needed, and a large library of wrappers for open source and commercial security tools, network hardware and software applications is included. Assurity SRM acts as a policy abstraction layer, coordinating disparate capabilities, and allowing administrators to take a strategic, integrated approach to security risk management. Integrated Risk Management Console: Assurity SRM management console provides dashboard views of all risk, threat, vulnerability, configuration, exposure and network access control information. Central policy administration, asset valuation and the visual workflow designer combine with overlay-driven network visualization, comprehensive reporting and integrated case management to dramatically reduce the cost of managing security risks and meeting compliance requirements. Streamlines IT Operations Workflow & Reduces Costs: Assurity SRM provides an extensive library of pre-defined policy actions that can be selected for rapid deployment. In addition, Assurity SRM includes a visual workflow automation designer, which allows the deployment of complex actions by simply drawing their flow chart. This capability drastically reduces the burden of administration by acting as an abstraction layer between custom actions and the specific devices and tools of the network. Radical Scalability: Assurity SRM underlying foundation is based upon collaborative grid architecture, a unique fusion of the best elements of grid computing and P2P. Unlike other solutions based on dedicated hardware, or client-server architectures, Assurity SRM s underlying collaborative grid architecture is scale-free. This means that Assurity SRM has no practical limit to the size of its deployed environment. With its ability to leverage spare distributed resources, Assurity SRM continues to become more resilient and more capable the more nodes that are deployed. This means no requirement for dedicated hardware, no more monolithic upgrades and best of all, a minimal total cost of ownership (TCO). 7

8 Why Red Lambda? Red Lambda is a leader in the development of collaborative grid technology - a fusion of traditional grid computing and P2P - for use in distributed computing applications, Red Lambda s proprietary cgrid architecture is at the forefront of collaborative grid platforms. Every Red Lambda product leverages cgrid s extreme scalability, resiliency, and computational efficiency, resulting in products that integrate easily into various network environments. Red Lambda was founded by a quorum of experts from network engineering, security, the sciences and software development who believed that there had to be a better way to secure organizations. Instead of trying to build a better mousetrap, the team at Red Lambda focused on solutions that coordinated and harmonized resources, allowing them to be used together to collectively protect against threats, automate workflow and mitigate risk. Red Lambda s proven security solutions have yielded exceptional results, and earned high praise from customers, analysts and reviewers alike. Please visit for case studies, and more information about how we can help you let your network protect your network. A Look To The Future Red Lambda s mission is clear: We are committed to delivering practical, experience-driven security solutions for integrated security management, automation and risk mitigation. The future of yesterday has become the reality of today. Information security is on the cusp of an integration renaissance, during which organizational strategy and security operations will be unified to achieve practical goals and solve real problems. IT administrators need to continue to be able to choose the best technologies for their goals, budget and immediate needs, without losing integrated policy coordination. Aligning business priorities with information security requires a flexible, intelligent solution that works with, not against, existing investments to maximize ROI and minimize TCO. A system focused on proactively mitigating risk as the means to providing tangible value to the enterprise. Red Lambda s Assurity SRM solution is the first fully distributed, modular security risk management framework designed to streamline operations, eliminate vendor compromises, ensure compliance and most importantly, improve security. 8