Leveraging Network and Vulnerability metrics Using RedSeal



Similar documents
Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

Improving Network Security Change Management Using RedSeal

Optimizing Network Vulnerability

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

2011 Forrester Research, Inc. Reproduction Prohibited

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Total Protection for Compliance: Unified IT Policy Auditing

Preemptive security solutions for healthcare

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

FIVE PRACTICAL STEPS

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Leveraging a Maturity Model to Achieve Proactive Compliance

WHITEPAPER PROACTIVE SECURITY INTELLIGENCE RETURN ON INVESTMENT

CORE Security and GLBA

Attack Intelligence: Why It Matters

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Real-Time Security for Active Directory

Field Research: Security Metrics Programs

Symantec Control Compliance Suite. Overview

Continuous Network Monitoring

The Value of Vulnerability Management*

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Application Security Testing as a Foundation for Secure DevOps

RSA ARCHER OPERATIONAL RISK MANAGEMENT

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

WhiteHat Security White Paper. Evaluating the Total Cost of Ownership for Protecting Web Applications

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

Best Practices for Building a Security Operations Center

Strategies for assessing cloud security

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Gaining the upper hand in today s cyber security battle

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Dive Deeper into Your Sales Metrics: 4 Ways to Discover Hidden Sales Treasure. Rich Berkman Qvidian

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

McAfee epolicy Orchestrator

How To Create An Insight Analysis For Cyber Security

The Path Ahead for Security Leaders

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Extreme Networks Security Analytics G2 Vulnerability Manager

IBM Security Intelligence Strategy

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Solutions Brochure. Security that. Security Connected for Financial Services

Obtaining Enterprise Cybersituational

How To Protect Your Network From Attack From A Network Security Threat

I D C A N A L Y S T C O N N E C T I O N

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

How To Buy Nitro Security

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

What is Penetration Testing?

The Trellis Dynamic Infrastructure Optimization Platform for Data Center Infrastructure Management (DCIM)

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

INCREASING THE STRATEGIC VALUE OF PPM THE KEY TO BUSINESS-DRIVEN PPM SUCCESS BUSINESS-DRIVEN WHITE PAPER SERIES

PCI DSS Top 10 Reports March 2011

HP Fortify Software Security Center

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

IBM Security QRadar Vulnerability Manager

Information security governance has become an essential

Continuous Diagnostics & Mitigation:

AD Management Survey: Reveals Security as Key Challenge

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Risk Management Frameworks

SIEM and DLP Together: A More Intelligent Information Risk Management Strategy

Metrics that Matter Security Risk Analytics

Proving Control of the Infrastructure

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

IBM Security QRadar Risk Manager

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

What s Holding Back the Cloud?

Third-Party Risk Management for Life Sciences Companies

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Vulnerability Management

Transcription:

SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888) 845-8169 www.redsealnetworks.com

2 SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Contents Executive Summary: 3 Misguided Security Measurement: Blinded by Complexity 3 What s Your Number?: A Good Metric Is Hard to Find 4 Network Security Performance Management: Outcome-Oriented Metrics 5 The Solution: RedSeal Proactive Security Intelligence 6 Conclusions: 7

Transforming IT Security Management Via Outcome-Oriented Metrics SOLUTION BRIEF 3 Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability Metrics Using RedSeal Executive Summary: This solution brief will outline the acute need for today s IT security practitioners to implement more quantitative methods to identify and trend outcome-oriented metrics that provide continuous visibility into their effectiveness at maintaining protection of critical assets, policy compliance and mitigation of risks. In addition to outlining existing challenges impeding more widespread adoption of security metrics, the paper specifically details the manner in which RedSeal s proactive security intelligence solutions deliver unprecedented measurement of the ability to control access and prevent vulnerability exposure despite changing network conditions and more advanced threats. By leveraging powerful automation to identify, track and analyze truly relevant indicators of optimal security and facilitating more straightforward communication of security posture across the entire organization, RedSeal offers a highly efficient and practical manner of evolving security metrics concepts into real-world techniques. Misguided Security Measurement: Blinded by Complexity Despite the fact that management of IT security has evolved into a primary objective not only for IT security managers, but also executive leaders motivated by high-profile data breaches, regulatory requirements and other drivers including shareholder demands most organizations still lack methods of quantitative analysis to measure the effectiveness of their network security at protecting critical assets. Unlike many other areas of business, where metrics enable executives to effectively manage, IT security has not full adopted metrics as a standard method for management. This is often due to the fact that gathering the necessary metrics has proven too costly or technically infeasible. In fact, many organizations today still measure success of critical asset protection by invoking the least actionable metric imaginable the frequency with which their www.redsealnetworks.com

4 SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics networks have been breached a practice that lingers despite most security experts contention that strategy informed by analysis of past failure provides limited value. As noted by Forrester Research Analyst Edward Ferrara in his 2011 research summary Information Security Metrics, today s overly reactive analysis models must quickly evolve to show [how] the information security effort provides quality, efficiency, and a correlation to cost reduction and profit improvement. CISO s require new methods for demonstrating security infrastructure s value directly to impact on those assets and processes most important to their organization success, said Ferrara. Only when practices have matured to this point, said the expert, will security management truly begin to realize security metrics widely espoused benefits. What s Your Number?: A Good Metric Is Hard to Find Armed with the recognition that they ve lacked sufficient methods to understand and measure the performance of security infrastructure, and other key programs including vulnerability management and aided by the continued maturation of security management and risk assessment capabilities forward-thinking practitioners have increasingly sought to embrace a more quantitative approach. Yet, despite widespread support for adoption of metrics-driven strategies, the same factors that have long served as obstacles to more effective security management, namely pervasive infrastructure complexity and data overload, have prevented most organizations from making the leap. According to the Forrester Research report Best Practices: Security Metrics, published in 2008, the other major stumbling point of early security measurement initiatives has been their inability to analyze the right trends: [CISOs] struggle with picking the right security metrics and translating the operational measurements into meaningful metrics for business. Years later, in the 2011 report Required Characteristics of Security Metrics, Gartner analysts emphasize that most of today s security metrics programs still fall short for similar reasons, including: Management officials continued insistence on using metrics that address tactical issues, and failure to recognize indicators closely tied to their organizations unique demands. Metrics have typically focused on outcomes that transcend the real-world capabilities of IT security processes, driving even less efficient strategy and spending. Using loosely-defined measurements such as high, medium and low won t provide the level of granularity necessary to effectively trend low metrics and improve performance.

Transforming IT Security Management Via Outcome-Oriented Metrics SOLUTION BRIEF 5 To empower truly valuable insight and provide the actionable intelligence necessary to isolate trends in critical performance, security metrics must be business relevant, controllable, quantitative, and have low overhead, Gartner asserts. Security leaders need to employ those metrics that allow them to prove the logic of their decisions and show value over time, Gartner contends: Good metrics must be objective and bear a clear relationship to the real business of the enterprise, and its goals. Network Security Performance Management: Outcome-Oriented Metrics As industry experts uniformly acknowledge, enterprises must focus their initial efforts on the identification and trending of IT security metrics that clearly demonstrate the ability of infrastructure to protect their most valued IT systems and data. Using indicators that highlight their ability to maintain continuous control over access to critical assets and the exposure of proven vulnerabilities, among other factors, enterprises can begin to effectively incorporate quantitative validation of their truly relevant security program efficiencies. By leveraging metrics that provide detailed visibility into the ability of all network infrastructure to properly translate security and compliance policies into real-world protection, enterprises can appreciate significant benefits, including: The ability to continuously measure and demonstrate significant benefits, including: progress in risk reduction, including the impact on security of ongoing network change and the effectiveness of subsequent remediation. Improved management of investments in security controls and processes that ensure resources are focused on issues that matter most to protecting the organization over time. Clearer communication of risk across all aspects of management to validate decision making and demonstrate the ROI of existing and future spending. As noted in Gartner s Required Characteristics of Security Metrics report, security management can t defend that continued investment and business process disruption are a cost of doing business anymore, with most of today s leaders being asked to better illustrate and prove the effectiveness of their efforts in a clearer, more quantifiable manner. The ability to embrace and convey metrics is already crucial to both the real and perceived success of security leadership in every vertical, and every area of the globe, the analysts maintain; properly developed and reported metrics enable key decision makers inside and outside of IT to see the value of the security and risk program, as well as its practices and initiatives. www.redsealnetworks.com

6 SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics RedSeal provides security performance dashboards for tracking the security metrics that matter most to your organization. In this screen shot a variety of vulnerability risk metrics communicate the effectiveness of remediation efforts. The Solution: RedSeal Proactive Security Intelligence RedSeal s proactive security intelligence solutions are the only products on the market today that empower measurement of key indicators that clearly demonstrate the real-world effectiveness of security infrastructure to maintain critical network protection and policy compliance. With RedSeal, organizations benefit from an onboard metrics engine that allows security management to tie metrics and measurement to the specific demands of their organization highlighting effectiveness, identifying gaps in protection and allowing strategies informed by quantitative assessment of trends in access and vulnerability exposure. RedSeal s advanced security performance reporting capabilities arm today s security, audit and risk management leaders with outcome-oriented data and the automated assessment capabilities necessary to: Chart the ability of existing programs, processes and defenses to effectively respond to changing demands on security infrastructure and ensure remediation of risks. Maintain continuous compliance with internal and mandated policies to prevent failed audits and ensure that time and resources invested into compliance result in larger improvements. Communicate and demonstrate clearly to management, business partners and auditors that security and vulnerability management programs are being validated continuously.

Transforming IT Security Management Via Outcome-Oriented Metrics SOLUTION BRIEF 7 From the trending of truly relevant information regarding the exposure of critical assets to real-world attacks to presenting results in a wide array of easyto-comprehend dashboard visualizations and online reports, RedSeal allows organizations to embrace the concept of security metrics as widely envisioned by industry analysts and other proponents. RedSeal empowers IT security management to utilize hard data in defining their top-down priorities and communicating requirements to other areas of the organization, offering tangible proof of real-world program effectiveness to achieve security infrastructure objectives around protection, policy compliance and return on investment. RedSeal correlates network access with vulnerabilities to determine risk exposure the likelihood of exploitation. In this screen shot the number of exposed and vulnerable hosts is tracked over time, providing valuable insight into the effectiveness of a vulnerability management program. Conclusions: The process of applying more quantitative data analysis to IT security infrastructure management has finally matured to the point where practitioners can leverage available solutions to rapidly build their internal programs. As noted by analysts at IDC in their Worldwide IT Security Products Forecast for 2011-2014, organizations are looking for ways of optimizing their security infrastructure to cost effectively deal with real threats using technologies that provide the knowledge and intelligence allowing IT professionals to better coordinate people, products, and policy. RedSeal s proactive security intelligence solutions are the only products on the market today that empower enterprise management with the in-depth analysis and proven metrics to continuously measure security performance allowing them to make more informed decisions regarding critical risks and derive greater ROI from their security investments. www.redsealnetworks.com

8 SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics About RedSeal: RedSeal Networks develops proactive security intelligence software that enterprise organizations depend on to visualize their security effectiveness, maintain continuous compliance with regulations and protect their most critical assets and data. Unlike systems that measure the impact of attacks once they already occur, RedSeal isolates gaps in security infrastructure before they are discovered by hackers analyzing the cumulative ability of security devices to control access and vulnerability exposure across the entire enterprise and providing critical metrics necessary for optimal management of real-world IT risk and exposure. For more information on RedSeal products please visit the company s web site at www.redsealnetworks.com or contact RedSeal representatives directly at (888) 845-8169.

Transforming IT Security Management Via Outcome-Oriented Metrics SOLUTION BRIEF 9 www.redsealnetworks.com

WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888) 845-8169 www.redsealnetworks.com Copyright 2011 RedSeal Networks, Inc. All rights reserved. RedSeal and the RedSeal logo are trademarks of RedSeal Networks, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information