TECHNOLOGY INTEGRATION GUIDE

Similar documents
INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

TECHNOLOGY INTEGRATION GUIDE

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Empowering Enterprises to Continuously Monitor IT Compliance and Mitigate Risk Proactively

Reference Guide. Skybox View Revision: 11

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Symantec Security Information Manager Version 4.7

NetBrain Workstation 6.0

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

Tufin Orchestration Suite

Device Adapter Capabilities Report

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Net LineDancer Update Notice

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

Analysis of the Global Vulnerability Management Market Platform Convergence Intensifies Competition but Creates Opportunity in Growth Technology

Security Policies Tekenen? Florian Buijs

List of Supported Systems & Devices

How To Manage A Network Security System

Extreme Networks Security Vulnerability Assessment Configuration Guide

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

High End Information Security Services

Restorepoint Plug-in Guide. Version 4.0

Using the Tenable Solution to Audit and Protect Firewalls, Routers, and Other Network Devices May 14, 2013 (Revision 1)

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

2016 Firewall Management Trends Report

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

NERC CIP VERSION 5 COMPLIANCE

Configuration Audit & Control

ArcSight Supports a Wide Range of Security Relevant Products

VMware Integrated Partner Solutions for Networking and Security

Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY

M A R K E T A N A L Y S I S

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Supported Devices (Event Log Sources)

Trusted Geolocation in The Cloud Technical Demonstration

Metrics Suite for Enterprise-Level Attack Graph Analysis

BeyondInsight Version 5.6 New and Updated Features

Securing Networks with PIX and ASA

Juniper Secure Analytics

TRIPWIRE LOG CENTER HIGH PERFORMANCE LOG AND SECURITY EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Privileged Identity Management for the HP Ecosystem

Juniper Secure Analytics

RESUME. Multiple years of hands on experience design, analyze, implement, and setup with OSPF, ISIS, EIGRP, BGP and RIP.

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

AL RAFEE ENTERPRISES Solutions & Expertise.

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Cyber Security RFP Template

VULNERABILITY MANAGEMENT

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Effective Use of Security Event Correlation

Network Configuration Manager

ACL Compliance Director FAQ

TCS Managed Security Services

IBM. Vulnerability scanning and best practices

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

nfx Cinxi One SIEM Partner Guide Revision: H2CY10

SonicWALL PCI 1.1 Implementation Guide

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER

CloudPassage Halo Technical Overview

CTS2134 Introduction to Networking. Module Network Security

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

Enabling Security Operations with RSA envision. August, 2009

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

QRadar SIEM 6.3 Datasheet

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

Best Practices for PCI DSS V3.0 Network Security Compliance

ControlFabric Interop Demo Guide

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

PRESIDIO MANAGED SERVICES OVERVIEW

Managing Vulnerability Assessment

Fortinet FortiGate App for Splunk

Nessus 5.2 HTML5 User Guide. September 5, 2014 (Revision 48)

About the VM-Series Firewall

Securing your IT infrastructure with SOC/NOC collaboration

Nessus 5.2 Enterprise User Guide. September 5, 2014 (Revision 9)

Splunk and the SANS Top 20 Critical Security Controls. Mapping Splunk Software to the SANS Top 20 CSC Version 4.1

MANAGED SERVICES. Remote Monitoring. Contact US: millenniuminc.com

CloudPassage Halo Technical Overview

SolarWinds Maintenance Benefits

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

FISMA / NIST REVISION 3 COMPLIANCE

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Transcription:

TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and its security posture. By combining all this information, RedSeal optimizes the value of each individual solution, prioritizes security issues by putting them in the context of your network, and shortens remediation cycles. NETWORK DEVICES AND INFRASTRUCTURE * indicates Layer 2 support Routers Alcatel-Lucent 7750SR-c12/OS 11.0.R4 SR-OS 11.0.R4 Arista* EOS 4.2.7 4.11.4 Cisco* IOS 11.0-15 Cisco* IOS-XR 3.8 4.2 Cisco * NX-OS 5.1, 6.x, 7.x Cisco VPN-3000 4.x H3C* Comware 5.20.106 HP* ProCurve #K.15.12.0012 Huawei* VRP5 5.120 Juniper* JunOS 8.5 10.4 + 11 & 12 Open Source Linux Router IP tables, routes, netstat, IP address Load Balancers A10* ACOS 2.7.1 Brocade* IronWare BigIron/FastIron 8.0, ServerIronXL 7.5 Cisco CSS 11501/11050/ 11150 Citrix* NetScaler 9.2 F5* BIG-IP 10.2, 11.0 11.3 Radware 4408 with Alteon software 26.x or 28.x Riverbed SteelApp SteelApp Traffic Manager 9.1 (Stingray) 1 REDSEAL OCT 2015

Firewalls Check Point File, OPSEC R65, R70, R71, R75, R76, R77 Cisco* FWSM v2, v3, v4 Cisco* PIX v6.3, v7, v8 Cisco ASA v8 Cisco Catalyst 6400 ACE A2 (3.1) Cisco ACE Software appliance A4 (2.1a) Dell (SonicWALL) Sonic_OS 5.9.x.x Fortinet Fortigate FortiOS 4.x, 5.x Juniper* ScreenOS 6.x Juniper* JunOS 8.5 10.4, plus 11 & 12 McAfee Firewall Enterprise 7, 8.1.2, 8.2.0, 8.2.1, 8.3 McAfee (Stonesoft) NGFW 5.7.0 Palo Alto Networks* PAN-OS 4.x, 5.x, 6.x Wireless Controllers Aruba* ArubaOS 6.1.3 Cisco Wireless Controller 7.4 Cisco* Aironet IOS 11.0-15 Virtualized/Cloud Infrastructure AWS VPC N/A AWS Config N/A VMware vshieldedge VMware 5.5.0 Configuration Management Databases (CMDB) 1 BMC Network Automation BladeLogic 8.2.0 Cisco Security Manager 4.3.0 EMC Ionix Voyence N/A HP Network Automation Opsware 7.6, 9.0, 9.1 Infoblox NetMRI 6.4.1, 6.9 Open source RANCID N/A SolarWinds NCM (Orion) 5.5.2, 6.0, 7.0.2, 7.1.1, 7.3 Tripwire Tripwire Enterprise 8.1, 8.1, 8.2 1 Specific device support varies with each CMDB vendor. Please refer to RedSeal s Data Import Plugins Guide available from the RedSeal Support Portal for additional considerations on integration with CMDB systems. RedSeal also supports importing device configurations that have been saved to a file. Refer to documentation from specific device vendors for additional information on using this methodology. 2

SECURITY SOLUTIONS Vulnerability Scanners Alert Logic (Critical Watch) FusionVM 4 DDI Frontline 5.0 BeyondTrust REM Security Management Console 3.7.9 & 3.8 BeyondTrust eeye Retina 3.8 & 5.16 McAfee Vulnerability Manager 7.0.1 & 7.5 Outpost24 OUTSCAN, HIAB (hacker-in-a-box) 3.2.7 Open source nmap 6.25 Qualys QualysGuard 7.6 Rapid7 NeXpose 4.12 Symantec Vulnerability Manager 10.0.5 Tenable Nessus 4.6.2.1 & 4.8, 6.0 Tripwire (ncircle) IP360 6.8.9, 6.9, & 7.3.x Security Management Cisco Enterprise 4.3.0 McAfee epo 4.5, 4.6, 5.1 Tenable Security Center CV 4.6.2.1, 4.8, 5.0 Governance/Risk/Compliance (GRC) LockPath Keylight 4.1 RSA Archer 5.3 Symantec CCS Suite 11 Security Information and Event Management (SIEM) HP ArcSight ESM McAfee ESM 9.2 Splunk 6.1 3

REDSEAL INTEGRATES AND OPTIMIZES SECURITY SOLUTIONS Overview RedSeal s cybersecurity analytics platform creates a complete inventory of all of the Layer 3 devices and infrastructure in your network, including routers, load balancers and firewalls, along with cloud-based and virtualized devices. It imports configuration data to build a digital model of your network, including all connectivity and access paths between any two points on it. RedSeal correlates the model with vulnerability scan data to put security issues in context. With this, RedSeal is able to prioritize your network s most critical security issues (based on access/downstream access), so you can address them first. RedSeal makes your compliance initiatives as well as your own policies more efficient and effective. You can set up a policy in RedSeal, then monitor and prove compliance quickly and continuously. RedSeal has key controls for PCI, NIST 800-53. NERC CIP and HIPAA. Importing and analyzing device configurations RedSeal uses a variety of communications methods to collect device configurations and security data. The following methods are supported, but may be specific to a particular device or solution: CVS (Concurrent Version System) FTP HTTP(S) Java Database Connector (JCBC) SCP SFTP (Secure FTP) SSH Telnet Windows File Share Configuration management databases (CMDB) RedSeal can get information from an existing CMDB to build the model of your network without having to access devices directly. Because RedSeal analyzes configuration settings, it helps identify any network devices not currently known or managed within the CMDB. Network devices (routers, load balancers, firewalls, wireless controllers) RedSeal can also directly access and analyze devices whose configurations are missing or incomplete. It analyzes the configuration files of your network security devices on multiple levels: Finds connected devices or hosts not otherwise known or identified Runs a series of vendor-specific industry best practices on all network devices Verifies the integrity of firewall rulesets, including identifying redundant or unused rules RedSeal can also import configuration data that has been saved to a file, so that direct access on the network is not required. For more information on importing from a file, refer to RedSeal s Plugins Guide available from the RedSeal Support Portal, which gives more detail on what devices and file formats are available with this option. 4

Cloud infrastructure (public and private) RedSeal enables you to unify your physical and cloud network security. It supports Amazon s popular Virtual Private Cloud (Amazon VPC), through either the AWS SDK or AWS Config. This integration with AWS allows RedSeal to analyze your cloud infrastructure and its connection to your physical network, including risk, policy compliance, and industry best practices. Virtualized infrastructure and datacenters RedSeal provides the ability to include details about virtualized environments in its model of your network. This includes processing ACL settings from virtual environments, modeling those environments, and factoring them into policy compliance and risk analysis. Vulnerability management solutions RedSeal incorporates vulnerability scan data from the industry s leading products and calculates every possible access path between all hosts. Using assigned (default or user defined) asset values and potential lateral movement or downstream risk, RedSeal s patented algorithms provide a list of the most critical actions you need to take to improve your network security. Governance, risk, and compliance (GRC) solutions RedSeal can access data from GRC solutions, as well as provide data to a GRC solution. Sample integrations include: McAfee epo: RedSeal imports host information from epo. epo collects data from RedSeal including host attack risk, critical asset access and downstream risk which enables improved prioritization and policy setting. RSA Archer: RedSeal imports asset and group values, which are then used in RedSeal s risk metrics calculations and reports. RedSeal can also be configured to send data to SIEM solutions that enhances the context of the data these products provide to their customers. Security information and event management solutions (SIEM) RedSeal can be configured to send data via syslog to external systems. The information that can be exported includes: Detailed host information, including risk metrics, compromised hosts, hosts reachable from untrusted zones, or hosts that have access to your most critical assets Results from RedSeal device best practice checks Anomalies in the network model (e.g. dangling subnets, duplicate IPs) Policy status summary for each policy you have defined (e.g. PCI, internal) 5 Symantec: Control Compliance Suite (CCS) collects information from RedSeal, including host risk exposure, vulnerability status, and device best practice violations. LockPath: RedSeal enables faster remediation by sending prioritized vulnerability and risk information to LockPath s Keylight Security Manager, which routes it to the appropriate workgroup. Specific SIEM solutions that RedSeal integrates with include: HP ArcSight: RedSeal exports data directly into ArcSight ESM using the standard CEF communication format. Splunk: RedSeal exports data to a Splunk dashboard, including comparisons to industry best practices, vulnerabilities and downstream risk. McAfee ESM: RedSeal exports data via syslog IBM QRadar: RedSeal exports data via syslog REDSEAL 888.845.8169 redseal.co 940 Stewart Dr., Sunnyvale, CA 94085

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information