Alcatel-Lucent Services

Transcription

1 SOLUTION DESCRIPTION Alcatel-Lucent Services Security

2 Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or business transformation. The increasing number of threats and vulnerabilities, and evolving security technologies and regulatory compliance requirements have many companies looking for a trusted advisor to help them manage risk. Alcatel-Lucent s security solution delivers extensive knowledge, expertise and security technologies to protect network and system infrastructures and information. This solution helps enterprises, service providers and governments understand and address their security requirements, identify vulnerabilities, reduce risks, and defend against and respond to attacks. The Alcatel-Lucent security solution is comprised of both services and products. Alcatel-Lucent s Security Consulting services are built on a foundation of industry standards and best practices, and help customers improve their security policies, practices and use of technologies. Leading-edge technologies, ranging from Alcatel-Lucent s VPN Firewall Brick and Vital software portfolios, as well as features embedded in Alcatel-Lucent s OmniSwitch IP Networking portfolio, and strategic alliance partnerships deliver superb price/ performance with productivity-enhancing features that simplify security management. Alcatel-Lucent, as a global partner, understands complex security requirements and issues inherent in next-generation networks and services, and can help customers safeguard the future of their businesses. Security Consulting and Integration D E F I N I T I O N A N D D E L I V E R A B L E S Alcatel-Lucent security consulting and integration services help organizations identify, manage and mitigate risks, while maximizing the benefit of their security investments. Alcatel- Lucent certified security professionals have the firsthand knowledge and industry experience to understand customers challenges, develop their security strategies, and augment their in-house capabilities. These services are especially beneficial for customers deploying new architectures where security risks require special design considerations and hardening of solutions. Increasing Internet activity, along with the use of VoIP and broadband services, wireless connections and other new technologies drive these security requirements. Alcatel-Lucent security consulting and integration services can be customized to meet customers needs in several areas. S E C U R I T Y A S S E S S M E N T S E R V I C E S Security Assessment services review your policies, practices and systems to identify threats and vulnerabilities within your organization and/or infrastructure (e.g., network, applications, services or policies). This may be accomplished via a traditional risk assessment or policy gap analysis, or through different forms of testing to discover vulnerabilities, from design and architecture reviews to vulnerability assessments and penetration tests. We provide you with a summary of all findings and/or testing results, as well as prioritized recommendations for a mitigation strategy. This information proves useful when you are defining future security requirements or initiatives. (Some or all of the activities may apply, depending on the type of assessment desired.) Review your security policies and understand their current application through interviews and audits Perform applicable security testing Assess the current security technical architecture through network device hardening and conformance to policy Conduct vulnerability testing Reproduce real-world attack scenarios to identify and exploit vulnerabilities (penetration testing) Perform policy gap analysis for existing policies, practices, standards or procedures documents based on industry standards as a framework Analyze inputs to identify and prioritize network and organizational vulnerabilities (Some or all of these activities may apply, depending on the type of assessment desired.) Network scanning results and interview summaries Documentation of baseline security posture Policy document inventory summary Prioritized threat matrix Tailored mitigation recommendations Security Strategy, Policy and Compliance Services Security Strategy, Policy and Compliance services help you develop your security strategy, from defining your overall security program policies and standards, to guiding the implementation of your security policies and procedures with your staff. Additionally, we can help you address compliance readiness or remediation needs to help you achieve compliance and meet your business goals. Review your security policies and understand their current application through interviews and/or audits 2 Alcatel-Lucent Security

3 Identify gaps between applicable standards (e.g., ISO 27001, ISO 17799, ITU-T X.805) or compliance requirements (e.g., NERC CIP, Sarbanes-Oxley, Basel II, PCI), and your current security posture Document security policy findings and security requirements Formulate and document security policies Plan, design, implement and maintain an incident response program and operational processes for handling incidents A baseline understanding of your environment with documented security policies and high-level recommendations for security improvement If applicable, a compliance readiness report, including a gap analysis with recommendations for remediation A well-formed incident response policy and functional architecture based on industry best practices, as well as process documents Security Architecture Design and Integration Services Security Architecture Design and Integration services develop security architectures and detailed designs based on your business drivers, security policies and industry best practices. The services also deliver the implementation and testing of security network and/or IT architecture solutions. Analyze business drivers and security requirements Create security architecture using best-in-class security components and policies to include segmentations, logical controls, functionality Develop design documentation, including detailed specifications on equipment/appliance design and requirements (including hardening), traffic flow/ controls, and management, monitoring and alarm functions Develop security implementation, integration and test plans Perform all security implementation and testing activities, with minimal impact to operations in migration scenarios Verify the security components' implementation and hardening, and perform acceptance testing procedures Detailed security architecture showing diagrams, services, interfaces and IP address mapping List of recommended security components (equipment, appliance and applications) Detailed security design documentation, including device configurations and deployment guidelines Implementation, integration and testing results documentation Updated as-built design documents for services, architecture and configurations Acceptance document and issue-tracking report Recommendations for further security component enhancements, if any Business Continuity/Disaster Recovery (BCDR) Services Business Continuity/Disaster Recovery (BCDR) services plan for and enable the secure continuity of operations. Specific activities may include business impact analysis, risk assessment, gap analysis, BCDR plan design and development, and plan testing/maintenance. Identify deviation from BCDR policies and industry best practices Identify impacts of potential risks to the networks and other aspects of the business, and quantify impacts in financial terms Identify BCDR vulnerabilities and recommend improvements Develop a BCDR plan tailored to your business needs Design an incident command structure to plan site incident management and recovery teams, as well as executive and customer communications Thoroughly test your BCDR plan and train your staff Complete report of all findings, best practices and recovery planning suggestions Complete analysis package, including rating and ranking of risks, threats and vulnerabilities Documented BCDR plan Documented templates for your site incident management and recovery teams planning and use, as well as training and awareness materials Documented BCDR test exercise plan and testing results Tailored mitigation recommendations Threat Management Services Threat Management services provide a full range of capabilities to prevent, detect and respond to security incidents. Our experts identify broad threats, and then analyze the specific vulnerabilities and corrective measures that are appropriate for your environment. Customized reporting based on 24/7 security monitoring, incident response and crisis management expertise can help you improve overall security reporting, visibility and management. These services leverage Alcatel-Lucent s experience as the co-founder and operator of the Computer Emergency Response Team Industry, Services and Tertiary (CERT-IST). Alcatel-Lucent delivers vulnerability monitoring, alerts and real-time advisories, as well as assistance for incident handling, for CERT-IST members. Alcatel-Lucent Security 3

4 Analyze broader threat activities, and assess which vulnerabilities are applicable to your environment and the potential service impact Provide 24/7 monitoring and customized reporting Perform trending and analysis of logs and security threat activities Provide event notification and recommendations for mitigation strategies or corrective measures Handle escalations for incident handling and crisis management as needed Vulnerability assessment and scanning reports Attack simulation and service impact analysis Real-time advisories Security event notification through log file correlation and analysis Customized reporting through web portal Security Consulting and Integration Methodology Alcatel-Lucent s people, knowledge assets and methodology deliver superior results for security solutions: Unparalleled experience and global expertise with more than 25 years in high-security wireline, wireless, voice and data Highly-skilled consultants, including 85+ CISSP/ ISO experts and Master Recovery Planner credentials 1,000+ security engagements spanning service providers, enterprises, and government Pioneering research and industry leadership, including security patents and key roles in leading advisory and standards bodies related to security Multivendor, end-to-end capabilities with experience across more than 450 products of 100 best-in-class vendors Alcatel-Lucent Security Products VPN Firewall Brick Portfolio Portfolio of fully integrated IP services security appliances for security resource management Centralized management through the Alcatel-Lucent Security Management Server Fully redundant: no single point of failure Plug-and-play: flexible deployment options Distributed architecture approach High performance and QoS solution Layer 2 and Security Zone Concept RBR routing, VoIP patented technology Highly secure solution Features and OS parity VitalAAA for AAA Servers High-performance access policy management for WWAN, WLAN, switched, dialed, DSL, VPN and other controlled network access applications Provides authentication, authorization and accounting (AAA) services for network access elements Access user information stored in local databases and directories Track, manage and limit active sessions Our Methodology Manages End-to-End Complexity to Deliver Superior Security Solutions Risk Assessment Business Impact Analysis Gap Analysis Threat Prevention and Management Security Monitoring Crisis and Incident Management Vulnerability Assessment Penetration Testing Secure Architecture Review Compliance Readiness Hardening and Remediation Deploy Security Systems/Elements Business Continuity Plan Testing Security Policy and Program Development Security Architecture and Design Security Policy and Integration Business Continuity Planning 4 Alcatel-Lucent Security

5 Provides a single, cohesive access policy for the entire network from a single platform Save usage data to virtually any database or file format desired Interfaces with other AAA systems for roaming Single management point for managing access policies for all network access media Compressive reporting, logging and error, fault and alarm management Integration with existing HR and customer care systems Excellent performance on low-end hardware Complete training and professional services Solid standards compliance VitalQIP DHCP/DNS IP Address Management Software IP address management software to enhance profitability and productivity Configuring network nodes with IP address, mask, gateway, etc. Monitoring address usage to ensure efficient deployment Configuring DNS servers with each node s name and IP address A consistent, accurate IP name and address inventory High availability for clients/subscribers Ability to manage diverse DHCP/DNS infrastructure Scalable IP management architecture Easy-to-navigate GUI OmniVista 2770 Quarantine Manager A network management application providing network quarantine security by improving and simplifying network protection through a unified network management and security platform. Converging network management and network security Prevents network access by noncompliant users Ability to isolate noncompliant user based on IPS/IDS intrusion notification Isolate noncompliant users, either at edge, core, branch or wireless Supervision and management tools for network managers Open solution: interfaces with any third-party devices IDS/IPS Syslog One-touch solution to deploy and operate Complete automation or manual operation Access Guardian A comprehensive set of security features embedded in Alcatel-Lucent s OmniSwitch IP Networking portfolio. Switches provide auto-sensing authentication Host integrity (NAC) - switches enhance various NAC enforcement methods (MNAP, etc.) sflow-enabled switches provide visibility to network patterns and security threats Role-based access - wire-speed ACL and QoS policies aid in limiting user traffic to appropriate areas Switches enabled with Quarantine Manager disable intruders at the network edge Solution Customer Benefits The Alcatel-Lucent security solution helps you balance the risk, cost and quality concerns associated with protecting your infrastructure, services and information. Alcatel-Lucent provides customized solutions, from serving as a trusted security advisor to managing your security so you can focus on your core business. Choose Alcatel-Lucent s security solution to help: Mitigate risk and liability Protect corporate reputation/brand, and build trust with end users and business partners Manage threats proactively, and prevent network downtime and/or security incidents Enable compliance with regulatory or business partner/ customer requirements, thereby avoiding financial penalties due to fines, violations of service level agreements, etc. Accelerate the secure use of new technologies with proven expertise Obtain an independent, third-party review of the effectiveness of security measures used to protect your infrastructure, services and sensitive data as well as mitigation strategies Enhance staff productivity and build security operations expertise with shared resources and facilities (which also optimizes OPEX/CAPEX) Gain strong escalation capabilities for computer incident response and crisis management Alcatel-Lucent Security 5

6 Alcatel, Lucent, Alcatel-Lucent and Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein Alcatel-Lucent. All rights reserved (04)