AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
|
|
- Douglas Turner
- 8 years ago
- Views:
Transcription
1 AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide
2 USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM, and OSSIM are trademarks or service marks of AlienVault, Inc. All other registered trademarks, trademarks or service marks are the property of their respective owners. Revision to This Document Date July 1, Revision Description Original document. Updated Table 2 with new URLs added in USM 5.1. USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 2 of 12
3 Contents Contents Introduction... 4 AlienVault USM Components... 4 USM Sensor... 4 USM Server... 5 USM Logger... 6 USM Deployment Types... 6 USM Deployment Examples... 7 Simple Deployment Example: USM All-in-One... 7 Simple Deployment Example: USM All-in-One and a Remote Sensor... 8 Complex Deployment Example: Individual USM Components... 9 Firewall Permissions USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 3 of 12
4 Introduction Introduction This guide is for use by AlienVault Unified Security Management (USM) 4.x and 5.x customers who must decide where to deploy the USM appliances on their network. It describes what the USM components are, how they work, as well as the URLs and port numbers that they need to access. AlienVault USM Components USM provides a single monitoring solution that combines several critical security technologies into a single appliance. Its modular architecture allows components to exist at any level of the network, thereby increasing system visibility and performance. All USM products include these three core components available as hardware or virtual appliances: USM Sensor - Deployed throughout the network to collect logs and monitor network traffic. Provides the five essential USM security capabilities for complete visibility. USM Server - Aggregates and correlates information that the Sensors gather. Provides single pane-of-glass management, reporting, and administration. (See USM Server.) USM Logger - Securely archives raw event log data for forensic research and compliance mandates. (See USM Logger.) Note: USM All-in-One (AIO) combines the Server, Sensor, and Logger components onto a single system. USM Sensor The USM Sensor deploys throughout the network, including any remote sites your organization has. It is referred to as the frontline security module of the USM platform. The USM Sensor combines five essential security capabilities that the AlienVault USM platform provides. This greatly expands situational awareness, creating visibility into deployed assets; vulnerabilities on those assets; attack targets and vectors; and services. USM Sensors specifically perform the following data aggregation tasks: Collects logs from network devices and hosts. Collects data on network traffic from mirrored ports. Performs asset discovery. Conducts vulnerability scanning. Collects intrusion detection data. Generates NetFlows. USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 4 of 12
5 AlienVault USM Components USM Sensors then translate ( normalize ) all received data into uniform format that they can act on. To normalize the raw data from disparate data sources, the USM Sensor uses individual plugins. Plugins parse the data and convert it into a readable format with multiple fields, which are called events in AlienVault USM. Finally the USM Sensor sends the normalized events to the USM Server where correlation and risk assessment occur. Data Aggregation and Detection Normalization Send to USM Server Figure 1. USM Sensor workflow USM Server The USM Server communicates with every component, and provides a single point for management, reporting, and administration. This management includes the following core functionality: Collects information forwarded by USM Sensors. Evaluates each event against USM default and customer specified policies. Performs risk assessment on every event. Correlates events to identify threat patterns. Generate alarms for evaluation and appropriate response. Stores events in a local database for assessment and reporting. USM Server correlates events by observing patterns based on logical operators such as OR and AND. It also cross-correlates events with existing vulnerability data. After the USM Server correlates events, it performs risk analyses and, if the risk for an event rises above 1, it triggers an alarm. See correlation on the AlienVault Documentation Center. Figure 2 shows the workflow of the USM Server. By default, the USM Sensor sends normalized events to the USM Server correlation engine, where risk assessment occurs. Organizations can configure policies to filter events, so that the USM Server analyzes only those events that are most important to the company. After correlation, the USM Server stores the events in the database for a short period. This allows for more correlation and incident response, if needed. Optionally, it can also forward events and alarms to another USM Server or a USM Logger. Event Collection Policy Evaluation Risk Assessment Correlation SQL Storage Event Forwarding (Optional) Figure 2. USM Server workflow USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 5 of 12
6 USM Deployment Types USM Logger The USM Logger acts as the secure data archive of the USM solution. It performs simple, but critical tasks: Stores security events and alarms as flat files on the system. Digitally signs and time-stamps it for integrity. Organizations can use this later for log validation an important feature for compliance. Stores events for long-term retention, analysis, and reporting with a 7:1 compression ratio. Indexes on full text in hourly runs, and offers fast log retrieval. (See note.) Users can access Logger data through the USM web interface to run reports, analyze trends, and conduct forensic research. Note: Full-text indexes are based on text-based columns (VAR, CHAR, or TEXT) and help speed up queries and DML operations on data in those columns, omitting defined stop words. Figure 3 shows the workflow of the USM Logger. USM Logger receives normalized events and alarms from USM Server. It then signs and archives them on the disk. Event Collection Log Signature Disk Storage Figure 3. USM Logger workflow USM Deployment Types AlienVault USM can generally be deployed in two ways: Simple Deployment All AlienVault USM components (Sensor, Server, and Logger) are deployed in a single appliance called USM All-in-One. Such deployment is useful for smaller environments as well as testing and demo purposes. Complex/Distributed Deployment AlienVault USM components are deployed onto its own appliance and are separated. In distributed deployment, AlienVault USM comes in two flavors, USM Standard and USM Enterprise, such as USM Standard Server, USM Standard Sensor, USM Enterprise Server, or USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 6 of 12
7 USM Deployment Examples USM Enterprise Logger. The USM Enterprise deployment is only available on hardware appliances. Enterprise Server ships with two devices, one device is the Enterprise Server and the other is the Enterprise Database. The AlienVault USM Standard and USM Enterprise product lines offer increased scalability and performance by provisioning dedicated systems for each component. Table 1. AlienVault USM Deployment Types USM All-in-One USM Standard USM Enterprise User Type Small organizations Mid-size organizations Large organizations Environment Single-tier deployment Multi-tier deployments & distributed environment Multi-tier deployments & distributed environment Virtual Appliance x x Hardware Appliance x x x See datasheets on alienvault.com for details. USM Deployment Examples You can deploy AlienVault USM appliances in small organizations, where a single USM All-in-One is sufficient; in mid-size organizations, where one or more USM Remote Sensors connect to a USM AIO; or in large organizations, where USM Sensor, USM Server, and USM Logger are separate physically but work as a single unit. Below are some examples with graphical illustrations. Simple Deployment Example: USM All-in-One In this example, a USM AIO is deployed behind the company firewall. The Sensor component on the AIO collects log from the office network, wireless network, DMZ network, as well as the firewalls. It also monitors the network traffic through the connected routers. The routers have port mirroring enabled. USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 7 of 12
8 USM Deployment Examples Figure 4. Simple deployment example: USM AIO Simple Deployment Example: USM All-in-One and a Remote Sensor This example is very similar to the previous one, but this company has a remote office that s on a different subnet. In this case, the best practice is to deploy a USM Remote Sensor at the remote office, and deploy the USM AIO on the main network. This way the remote sensor can collect logs and monitor traffic specific to the subnet, then send them to the AIO for correlation and risk assessment. USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 8 of 12
9 USM Deployment Examples Figure 5. Simple deployment example: USM AIO and a remote sensor Complex Deployment Example: Individual USM Components In this complex example, each office subnet has a remote sensor deployed to collect logs and monitor traffic. On the main network, instead of using the USM AIO, each USM component is installed on its own appliance to increase scalability and performance. All USM Sensors connect to the USM Server, where correlation and risk assessment occur. The USM Server forwards the events and alarms to the USM Logger for long-term storage. USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 9 of 12
10 Firewall Permissions Figure 6. Complex deployment example: individual USM components Firewall Permissions The USM components need to access certain URLs and port numbers to function correctly. If your company operates in a highly secure environment, you will need to change some permissions on your firewall(s) for USM to work. Table 2 summarizes the URLs and port numbers that the USM needs access to, while Table 3 lists the port numbers used by the USM components to communicate with each other. Table 2. URLs and port numbers used by USM Server URL Port Number AlienVault Features in Use USM versions data.alienvault.com 80 AlienVault product and feed update 4.x and 5.x feed.openvas.org, openvas.org 80, 873 Vulnerability Assessment 4.x maps-api-ssl.google.com 443 Asset Location 4.x and 5.x messages.alienvault.com 443 Message Center 5.x USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 10 of 12
11 Firewall Permissions Server URL Port Number AlienVault Features in Use USM versions otx.alienvault.com 443 Open Threat Exchange 5.1 and above reputation.alienvault.com 443 Open Threat Exchange 4.x and 5.x support.alienvault.com 20, 21 AlienVault Doctor 4.x and 5.x telemetry.alienvault.com 443 Telemetry Data Collection 5.x tractorbeam.alienvault.com 22, 443 Remote Support 5.x 80 AlienVault API 4.x and 5.x *The AlienVault API tries to access every 5 minutes to ensure that the system has Internet connection. Table 3. Port numbers used by the USM components for internal communication USM Components Package Name Listening Port Description Server, Sensor alienvault-firewall 22 alienvault-snmpd 161, 162 alienvault-vpn <VPN_PORT> When VPN is enabled, the alienvault-vpn package will add a rule to open the specified port. By default it is alienvault-ha 873, 694, 3306, 4949, 9390, 3000 When High Availability (HA) is enabled, the alienvault-ha package will add rules to open these ports between the two nodes as well as on the virtual IP. Server alienvault-mysql 3306 ossim-server 40001, 40002, 40004, alienvault-apache2 80, 443 ossim-framework 40003, 40011, 3128, 555(udp) alienvault-ntop 3000 USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 11 of 12
12 Firewall Permissions USM Components Package Name Listening Port Description Sensor alienvault-ossec 1514(udp) ossim-agent 514(udp), 4949, 9390 USM 4.x-5.x Deployment Planning Guide, rev. 1 Page 12 of 12
Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration
Module 1: Overview This module provides an overview of the AlienVault Unified Security Management (USM) solution. Upon completing this module, you will meet these objectives: Describe the goal of network
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationAlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationAlienVault. Unified Security Management 5.x Configuring a VPN Environment
AlienVault Unified Security Management 5.x Configuring a VPN Environment USM 5.x Configuring a VPN Environment, rev. 3 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationAlienVault Unified Security Management (USM) 4.15-5.x. Configuring High Availability (HA)
AlienVault Unified Security Management (USM) 4.15-5.x Configuring High Availability (HA) USM v4.15-5.x Configuring High Availability (HA), rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The
More informationAlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard
AlienVault Unified Security Management (USM) 5.1 Running the Getting Started Wizard USM v5.1 Running the Getting Started Wizard, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationAlienVault. Unified Security Management 5.x Configuration Backup and Restore
AlienVault Unified Security Management 5.x Configuration Backup and Restore USM 5.x Configuration Backup and Restore Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationHow to send emails triggered by events
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationDeploying HIDS Client to Windows Hosts
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationSuricata IDS. What is it and how to enable it
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationMonitoring VMware ESX Virtual Switches
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationUnified Security Management and Open Threat Exchange
13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the
More informationUser Management Guide
AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationDevice Integration: CyberGuard SG565
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationIntrusion Detection in AlienVault
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts
AlienVault Unified Security Management (USM) 4.x-5.x Deploying HIDS Agents to Linux Hosts USM 4.x-5.x Deploying HIDS Agents to Linux Hosts, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. AlienVault,
More informationHow to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)
Complete. Simple. Affordable How to configure High Availability (HA) in AlienVault USM Copyright 2015 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM,
More informationDevice Integration: Checkpoint Firewall-1
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationAssets, Groups & Networks
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationQRadar Security Intelligence Platform Appliances
DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management
More informationUnified Security Management (USM) 5.2 Vulnerability Assessment Guide
AlienVault Unified Security Management (USM) 5.2 Vulnerability Assessment Guide USM 5.2 Vulnerability Assessment Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationSIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security
SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness
More informationDevice Integration: Cisco Wireless LAN Controller (WLC)
Complete. Simple. Affordable Device Integration: Cisco Wireless LAN Controller (WLC) Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM,
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationThe Purview Solution Integration With Splunk
The Purview Solution Integration With Splunk Integrating Application Management and Business Analytics With Other IT Management Systems A SOLUTION WHITE PAPER WHITE PAPER Introduction Purview Integration
More informationPassive Logging. Intrusion Detection System (IDS): Software that automates this process
Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion
More informationCisco Remote Management Services for Security
Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock
More informationDevice Integration: Citrix NetScaler
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationHow To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
More informationSYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationDiscover Security That s Highly Intelligent.
Discover Security That s Highly Intelligent. AlienVault delivers everything you need to detect, defend against, & respond to today s threats in minutes. About AlienVault Founded in 2007 and headquartered
More informationConfiguring Security for FTP Traffic
2 Configuring Security for FTP Traffic Securing FTP traffic Creating a security profile for FTP traffic Configuring a local traffic FTP profile Assigning an FTP security profile to a local traffic FTP
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationMcAfee Security Information Event Management (SIEM) Administration Course 101
McAfee Security Information Event Management (SIEM) Administration Course 101 Intel Security Education Services Administration Course The McAfee SIEM Administration course from McAfee Education Services
More informationSonicWALL Global Management System Reporting Guide Standard Edition
SonicWALL Global Management System Reporting Guide Standard Edition Version 2.8 Copyright Information 2004 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described
More informationQRadar Security Management Appliances
QRadar Security Management Appliances Q1 Labs QRadar network security management appliances and related software provide enterprises with an integrated framework that combines typically disparate network
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationFlow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.
Flow Publisher v1.0 Getting Started Guide Get started with WhatsUp Flow Publisher. Contents CHAPTER 1 Welcome Welcome to Flow Publisher... 1 About Flow Publisher... 2 Deploying Deploying Flow Publisher...
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More informationRSA Security Analytics Security Analytics System Overview
RSA Security Analytics Security Analytics System Overview Copyright 2010-2015 RSA, the Security Division of EMC. All rights reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks
More informationFind the needle in the security haystack
Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop
Planning a data security and auditing deployment for Hadoop 2 1 2 3 4 5 6 Introduction Architecture Plan Implement Operationalize Conclusion Key requirements for detecting data breaches and addressing
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationAlienVault. Unified Security Management (USM) 4.8-5.x Initial Setup Guide
AlienVault Unified Security Management (USM) 4.8-5.x Initial Setup Guide Contents USM v4.8-5.x Initial Setup Guide Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault, AlienVault
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationSonicWALL Global Management System Reporting Guide Standard Edition
SonicWALL Global Management System Reporting Guide Standard Edition Version 2.9.4 Copyright Information 2005 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described
More informationA Prevention & Notification System By Using Firewall. Log Data. Pilan Lin
A Prevention & Notification System By Using Firewall Log Data By Pilan Lin 1 Table Of Content ABSTRACT... 3 1 INTRODUCTION... 4 2. Firewall Log data... 6 2.1 How to collect log data... 6 3. Prevention
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More informationNetflow Collection with AlienVault Alienvault 2013
Netflow Collection with AlienVault Alienvault 2013 CONFIGURE Configuring NetFlow Capture of TCP/IP Traffic from an AlienVault Sensor or Remote Hardware Level: Beginner to Intermediate Netflow Collection
More informationNetwork Monitoring Comparison
Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationMucho Big Data y La Seguridad para cuándo?
Mucho Big Data y La Seguridad para cuándo? Juan Carlos Vázquez Sales Systems Engineer, LTAM mayo 9, 2013 Agenda Business Drivers Big Security Data GTI Integration SIEM Architecture & Offering Why McAfee
More informationSimplify Your Network Security with All-In-One Unified Threat Management
Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,
More informationSymantec Security Information Manager 4.8 Release Notes
Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes The software described in this book is furnished under a license agreement and may be used
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationBest Practices & Deployment SurfControl Mobile Filter v 5.0.2.60
Best Practices & Deployment SurfControl Mobile Filter v 5.0.2.60 rev2.1, January 2006 Pre-Installation Guide Notice 2006 SurfControl. All rights reserved. SurfControl, SurfControl E-mail Filter, SurfControl
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationWHAT IS LOG CORRELATION? Understanding the most powerful feature of SIEM WWW.ALIENVAULT.COM
WHAT IS LOG CORRELATION? Understanding the most powerful feature of SIEM WWW.ALIENVAULT.COM IT S ALWAYS IN THE LOGS. 84% of Organizations that had their security breached in 2011, had evidence of the breach
More informationPanorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.
provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. View a graphical summary of the applications on the network, the respective users, and
More informationUnified Security Management vs. SIEM
GET STARTED» Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence The purpose of this document is to provide an overview of the changing security landscape,
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationForcepoint Stonesoft Management Center
Datasheet Forcepoint Stonesoft Management Center EFFICIENT, CENTRALIZED MANAGEMENT OF FORCEPOINT STONESOFT NEXT GENERATION FIREWALLS IN DISTRIBUTED ENTERPRISE ENVIRONMENTS FORCEPOINT STONESOFT MANAGEMENT
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationObserver Analysis Advantages
In-Depth Analysis for Gigabit and 10 Gb Networks For enterprise management, gigabit and 10 Gb Ethernet networks mean high-speed communication, on-demand systems, and improved business functions. For enterprise
More informationUnified network traffic monitoring for physical and VMware environments
Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers
More informationSecuring your IT infrastructure with SOC/NOC collaboration
Technical white paper Securing your IT infrastructure with SOC/NOC collaboration Universal log management for IT operations Table of contents Executive summary 2 IT operations: Handle IT incidents and
More informationNetwork Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationKevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM
Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationUsing SolarWinds Log and Event Manager (LEM) Filters and Alerts
Using SolarWinds Log and Event Manager (LEM) Filters and Alerts Introduction... 1 Definitions... 1 LEM Components and Architecture... 2 LEM Alerts A Peek Under the Hood... 3 Troubleshooting Agents and
More informationUnified Threat Management
Unified Threat Management QUICK START GUIDE CR35iNG Appliance Document Version: PL QSG 35iNG/96000-10.04.5.0.007/250121014 DEFAULTS Default IP addresses Ethernet Port IP Address Zone A 172.16.16.16/255.255.255.0
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationSonicWALL Global Management System Reporting User Guide. Version 2.5
SonicWALL Global Management System Reporting User Guide Version 2.5 Copyright Information 2003 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within,
More information