INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE



Similar documents
TECHNOLOGY INTEGRATION GUIDE

TECHNOLOGY INTEGRATION GUIDE

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Empowering Enterprises to Continuously Monitor IT Compliance and Mitigate Risk Proactively

Reference Guide. Skybox View Revision: 11

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

Symantec Security Information Manager Version 4.7

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

NetBrain Workstation 6.0

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Tufin Orchestration Suite

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Security Policies Tekenen? Florian Buijs

Net LineDancer Update Notice

Restorepoint Plug-in Guide. Version 4.0

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

Device Adapter Capabilities Report

Using the Tenable Solution to Audit and Protect Firewalls, Routers, and Other Network Devices May 14, 2013 (Revision 1)

Extreme Networks Security Vulnerability Assessment Configuration Guide

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

List of Supported Systems & Devices

How To Manage A Network Security System

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

ArcSight Supports a Wide Range of Security Relevant Products

M A R K E T A N A L Y S I S

High End Information Security Services

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

2016 Firewall Management Trends Report

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Metrics Suite for Enterprise-Level Attack Graph Analysis

BeyondInsight Version 5.6 New and Updated Features

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

VMware Integrated Partner Solutions for Networking and Security

Configuration Audit & Control

Trusted Geolocation in The Cloud Technical Demonstration

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

Juniper Secure Analytics

G-Cloud 5 Service Definition Lot 4 Specialist Cloud Services Datacentre Architecture Design and Deployment

Securing Networks with PIX and ASA

Juniper Secure Analytics

TRIPWIRE LOG CENTER HIGH PERFORMANCE LOG AND SECURITY EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Cyber Security RFP Template

Supported Devices (Event Log Sources)

Privileged Identity Management for the HP Ecosystem

Network Configuration Manager

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

nfx Cinxi One SIEM Partner Guide Revision: H2CY10

VULNERABILITY MANAGEMENT

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

ACL Compliance Director FAQ

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

NERC CIP VERSION 5 COMPLIANCE

Extreme Networks Security Risk Manager Adapter Configuration Guide

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

IBM. Vulnerability scanning and best practices

ControlFabric Interop Demo Guide

Enabling Security Operations with RSA envision. August, 2009

Critical Watch aims to reduce countermeasure deployment pain by doing it all for you

Best Practices for PCI DSS V3.0 Network Security Compliance

10 Key Steps for a Sustained DDoS Protection Plan. Stephen Gates Chief Technology Evangelist - Corero

TCS Managed Security Services

Splunk and the SANS Top 20 Critical Security Controls. Mapping Splunk Software to the SANS Top 20 CSC Version 4.1

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

AL RAFEE ENTERPRISES Solutions & Expertise.

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

RESUME. Multiple years of hands on experience design, analyze, implement, and setup with OSPF, ISIS, EIGRP, BGP and RIP.

Joshua Beeman University Information Security Officer October 17, 2011

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Vulnerability Management

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

What is Security Intelligence?

- Introduction to PIX/ASA Firewalls -

ForeScout Technologies Is A Leader Among Network Access Control Vendors

Analysis of the Global Vulnerability Management Market Platform Convergence Intensifies Competition but Creates Opportunity in Growth Technology

Managing Vulnerability Assessment

Securing your IT infrastructure with SOC/NOC collaboration

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

State of the Market for Security Information Event Management and Log File Management Solutions

QRadar SIEM 6.3 Datasheet

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

How to Grow and Transform your Security Program into the Cloud

CloudPassage Halo Technical Overview

Network Security and Vulnerability Assessment Solutions

DiamondStream Data Security Policy Summary

Fortinet FortiGate App for Splunk

About the VM-Series Firewall

CloudPassage Halo Technical Overview

CTS2134 Introduction to Networking. Module Network Security

Vulnerability Assessment Using Nessus

Transcription:

TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and its security posture. By combining all this information, RedSeal optimizes the value of each individual solution, prioritizes security issues by putting them in the context of your network, and shortens remediation cycles. NETWORK DEVICES AND INFRASTRUCTURE Routers Alcatel-Lucent 7750SR-c12/OS 11.0.R4 SR-OS 11.0.R4 Arista EOS 4.2.7 4.11.4 Cisco IOS 11.0-15 Cisco IOS-XR 3.8 4.2 Cisco NX-OS 5.1 Cisco VPN-3000 4.x HP H3c Comware 5.20.106 HP ProCurve #K.15.12.0012 Juniper JunOS 8.5 10.4 + 11 & 12 Load Balancers A10 ACOS 2.7.1 Brocade IronWare BigIron/FastIron 8.0, ServerIronXL 7.5 Cisco CSS 11501/11050/ 11150 Citrix NetScaler 9.2 F5 BIG-IP 10.2, 11.0 11.3 Radware 4408 with Alteon software 26.x or 28.x Riverbed SteelApp SteelApp Traffic Manager 9.1 (Stingray) Firewalls Check Point File, OPSEC R65, R70, R71, R75, R76, R77 Cisco FWSM v2, v3, v4 Cisco PIX v6.3, v7, v8 Cisco ASA v8 Cisco Catalyst 6400 ACE A2 (3.1) Cisco ACE Software appliance A4 (2.1a) Fortinet Fortigate FortiOS 4.x, 5.x Juniper ScreenOS 6.x Juniper JunOS 8.5 10.4, plus 11 & 12 McAfee Firewall Enterprise 7, 8.1.2, 8.2.0, 8.2.1, 8.3 McAfee (Stonesoft) NGFW 5.7.0 Palo Alto Networks PAN-OS 4.x, 5.x, 6.x

Wireless Controllers Manufacturer Device name/os Versions support Aruba ArubaOS 6.1.3 Cisco Wireless Controller 7.4 Cisco Aironet IOS 11.0-15 Virtualized/cloud infrastructure AWS VPC N/A AWS Config N/A VMware vshieldedge VMware 5.5.0 CONFIGURATION MANAGEMENT DATABASES (CMDB) Manufacturer Name/OS Versions supported BMC Network Automation BladeLogic 8.2.0 Cisco Security Manager 4.3.0 EMC Ionix Voyence N/A HP Network Automation Opsware 7.6, 9.0, 9.1 Infoblox NetMRI 6.4.1, 6.9 Open source RANCID N/A SolarWinds NCM (Orion) 5.5.2, 6.0, 7.0.2, 7.1.1, 7.3 Tripwire Tripwire Enterprise 8.1, 8.1, 8.2 Note: Specific device support varies with each CMDB vendor. Please refer to RedSeal's Data Import Plugins Guide available from the RedSeal Support Portal for additional considerations on integration with CMDB systems. Note: RedSeal also supports importing device configurations that have been saved to a file. Refer to documentation from specific device vendors for additional information on using this methodology. 2 4/7/2015

SECURITY SOLUTIONS Vulnerability Scanners DDI Frontline 5.0 BeyondTrust REM Security Management Console 3.7.9 & 3.8 BeyondTrust eeye Retina 3.8 & 5.16 McAfee Vulnerability Manager 7.0.1 & 7.5 Open source nmap 6.25 Qualys QualysGuard 7.6 Rapid7 NeXpose 4.12 Symantec Vulnerability Manager 10.0.5 Tenable Nessus 4.6.2.1 & 4.8 Tripwire (ncircle) IP360 6.8.9, 6.9, & 7.3.x Security Management Cisco Enterprise 4.3.0 McAfee epo 4.5, 4.6, 5.1 Governance/Risk/Compliance (GRC) LockPath Keylight 4.1 RSA Archer 5.3 Symantec CCS Suite 11 Security Information and Event Management (SIEM) HP ArcSight ESM McAfee ESM 9.2 Splunk 6.1 3 4/7/2015

RedSeal Integrates and Optimizes Security Solutions OVERVIEW RedSeal s cybersecurity analytics platform creates a complete inventory of all of the Layer 3 devices and infrastructure in your network, including routers, load balancers and firewalls, along with cloud-based and virtualized devices. It imports configuration data to build a model of your network, including all connectivity and access paths between any two points on it. RedSeal correlates the model with vulnerability scan data to put security issues in context. With this, RedSeal is able to prioritize your network s most critical security issues (based on access/downstream access), so you can address them first. RedSeal makes your compliance initiatives as well as your own policies more efficient and effective. You can set up a policy in RedSeal, then monitor and prove compliance quickly and continuously. RedSeal has key controls for PCI, NIST 800-53. NERC CIP and HIPAA. IMPORTING AND ANALYZING DEVICE CONFIGURATIONS RedSeal uses a variety of communications methods to collect device configurations and security data. The following methods are supported, but may be specific to a particular device or solution: CVS (Concurrent Version System) FTP HTTP(S) Java Database Connector (JCBC) SCP SFTP (Secure FTP) SSH Telnet Windows File Share Configuration Management Databases (CMDB) RedSeal can get information from an existing CMDB to build the model of your network without having to access devices directly. Because RedSeal analyzes configuration settings, it helps identify any network devices not currently known or managed within the CMDB. Network devices (routers, load balancers, firewalls, wireless controllers) RedSeal can also directly access and analyze devices whose configurations are missing or incomplete. It analyzes the configuration files of your network security devices on multiple levels: Finds connected devices or hosts not otherwise known or identified Runs a series of vendor-specific industry best practices on all network devices Verifies the integrity of firewall rulesets, including identifying redundant or unused rules RedSeal can also import configuration data that has been saved to a file, so that direct access on the network is not required. For more information on importing from a file, refer to the RedSeal Plug-ins guide available on the RedSeal Support Portal, which gives more detail on what devices and file formats are available with this option. Cloud infrastructure (public and private) RedSeal enables you to unify your physical and cloud network security. It supports Amazon s popular Virtual Private Cloud (Amazon VPC), through either the AWS SDK or AWS Config. This integration with AWS allows RedSeal to analyze your 4 4/7/2015

cloud infrastructure and its connection to your physical network, including risk, policy compliance, and industry best practices. Virtualized infrastructure and datacenters RedSeal provides the ability to include details about virtualized environments in its model of your network. This includes processing ACL settings from virtual environments, modeling those environments, and factoring them into policy compliance and risk analysis. VULNERABILITY MANAGEMENT SOLUTIONS RedSeal incorporates vulnerability scan data from the industry s leading products and calculates every possible access path between all hosts. Using assigned (default or user defined) asset values and potential lateral movement or downstream risk, RedSeal s patented algorithms provide a list of the most critical actions you need to take to improve your network security. GOVERNANCE, RISK, AND COMPLIANCE (GRC) SOLUTIONS RedSeal can access data from GRC solutions, as well as provide data to a GRC solution. Sample integrations include: McAfee epo: RedSeal imports host information from epo. epo collects data from RedSeal including host attack risk, critical asset access and downstream risk which enables improved prioritization and policy setting. RSA Archer: RedSeal imports asset and group values, which are then used in RedSeal s risk metrics calculations and reports. Symantec: Control Compliance Suite (CCS) collects information from RedSeal, including host risk exposure, vulnerability status, and device best practice violations. LockPath: RedSeal enables faster remediation by sending prioritized vulnerability and risk information to LockPath s Keylight Security Manager, which routes it to the appropriate workgroup. RedSeal can also be configured to send data to SIEM solutions that enhances the context of the data these products provide to their customers. SECURITY INFORMATION and EVENT MANAGEMENT SOLUTIONS (SIEM) RedSeal can be configured to send data via syslog to external systems. The information that can be exported includes: Detailed host information, including risk metrics, compromised hosts, hosts reachable from untrusted zones, or hosts that have access to your most critical asses Results from RedSeal device best practice checks Anomalies in the network model (e.g. dangling subnets, duplicate IPs, etc.) Policy status summary for each policy you have defined (e.g. PCI, internal, etc.) Specific SIEM solutions that RedSeal integrates with include: HP ArcSight: RedSeal exports data directly into ArcSight ESM using the standard CEF communication format. Splunk: RedSeal exports data to a Splunk dashboard, including comparisons to industry best practices, vulnerabilities and downstream risk. McAfee ESM: RedSeal exports data via syslog IBM QRadar: RedSeal exports data via syslog 5 4/7/2015

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information