Extreme Networks Security Analytics G2 Risk Manager

Similar documents
IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager

Extreme Networks Security Analytics G2 Vulnerability Manager

FIVE PRACTICAL STEPS

Extreme Networks Security Analytics G2 SIEM

Security Information & Event Manager (SIEM)

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

IBM Security IBM Corporation IBM Corporation

Managing security risks and vulnerabilities

IBM QRadar Security Intelligence April 2013

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Boosting enterprise security with integrated log management

SANS Top 20 Critical Controls for Effective Cyber Defense

QRadar SIEM 6.3 Datasheet

Safeguarding the cloud with IBM Dynamic Cloud Security

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Attack Intelligence: Why It Matters

What is Security Intelligence?

Security Information & Event Manager (SIEM)

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

IBM Security QRadar Vulnerability Manager

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM QRadar Security Intelligence Platform appliances

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Clavister InSight TM. Protecting Values

THE TOP 4 CONTROLS.

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

IBM Security Intelligence Strategy

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

How To Buy Nitro Security

Strengthen security with intelligent identity and access management

Q1 Labs Corporate Overview

IBM QRadar as a Service

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Cyber Security RFP Template

Delivers fast, accurate data about security threats:

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CA Host-Based Intrusion Prevention System r8.1

Network Performance + Security Monitoring

1 Introduction Product Description Strengths and Challenges Copyright... 5

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

QRadar SIEM and FireEye MPS Integration

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

FIREMON SECURITY MANAGER

IBM SECURITY QRADAR INCIDENT FORENSICS

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Continuous Network Monitoring

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

Payment Card Industry Data Security Standard

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

IBM Tivoli Netcool network management solutions for enterprise

ALERT LOGIC FOR HIPAA COMPLIANCE

Compliance Management, made easy

CORE Security and GLBA

The Sophos Security Heartbeat:

Scalability in Log Management

Best Practices for Building a Security Operations Center

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

The webinar will begin shortly

Trend Micro. Advanced Security Built for the Cloud

IBM Security QRadar QFlow Collector appliances for security intelligence

NERC CIP VERSION 5 COMPLIANCE

Vulnerability Management

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

How To Manage Security On A Networked Computer System

QRadar SIEM and Zscaler Nanolog Streaming Service

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Total Protection for Compliance: Unified IT Policy Auditing

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Introducing IBM s Advanced Threat Protection Platform

The SIEM Evaluator s Guide

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

QRadar Security Intelligence Platform Appliances

Continuous Cyber Situational Awareness

Cisco Security Optimization Service

How To Manage Sourcefire From A Command Console

WHITEPAPER IT EXECUTIVE GUIDE. To Security Intelligence. Transitioning from Log Management and SIEM to Security Intelligence. Q1Labs.

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

PCI DSS Reporting WHITEPAPER

Symantec Advanced Threat Protection: Network

Cloud and Data Center Security

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Alcatel-Lucent Services

I D C A N A L Y S T C O N N E C T I O N

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Transcription:

DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential network traffic patterns with a network topology model, based on security device configurations Quantify and prioritize risk with a policy engine that correlates network topology, asset vulnerabilities and actual network traffic, enabling risk-based remediation and facilitating compliance Centralize network security device management to help reduce configuration errors and simplify monitoring of firewall performance Model threat propagation and simulate network topology changes to help improve security Log Management and Security Information and Event Management (SIEM) have become trusted solutions for network and security operators, enabling them to quickly detect and isolate security incidents and meet specific compliance requirements, as well as a growing number of regulatory mandates. And while the information provided by SIEM is critical for network and compliance security management efforts, it primarily detects exploits as they occur, rather than prioritizing what actions can be taken to prevent them from happening in the first place. Extreme Networks Security Risk Manager is an integral component of a complete security intelligence solution that can help security professionals stay ahead of advanced threats. The ability to proactively quantify risk from vulnerabilities, configuration errors, anomalous network activity and threats can help organizations prevent exploits that target high-value assets and data. Extreme Networks Security Risk Manager correlates network topology information with data from Extreme Networks Security SIEM including asset configurations, vulnerabilities, network events and flow patterns. This provides valuable insights revealing, for example, which assets and vulnerabilities are causing the most risk, so IT staff can prioritize their remediation tasks. It can also help identify firewall and intrusion prevention system (IPS) misconfigurations that may allow attackers into the network and create inefficiencies in devices. Extreme Networks Security Risk Manager automates risk management functions in mission-critical areas, helping security professionals safeguard their organizations against an ever-growing spectrum of attacks, vulnerabilities and compliance mandates. On today s smarter planet, organizations require better visibility into their security policies, postures and practices than ever before, because instrumented, interconnected and intelligent businesses collect and use more information. Automated Risk Management for Greater Control Government regulations, industry guidelines and corporate policies can all dictate specific network traffic and firewall policies that an organization must deploy, monitor, audit and enforce. At a high level, the security objectives are normally pretty clear. These plans exist to achieve the desired security state, but the devil is as usual in the details. Risk Manager Data Sheet 1

The Risk Manager topology viewer enables users to view network devices and relationships, including subnets and links Many network attacks succeed simply due to inconsistent network and security configuration practices, highlighting the need for automated network configuration monitoring and alerts for policy breaches. Other attacks succeed because unpatched vulnerabilities allow unfettered access to systems. Using traditional log management and SIEM solutions, where data typically exists in separate silos, organizations often lack the ability to easily correlate events and assess when network configurations are allowing traffic that is out of policy. Extreme Networks Security Risk Manager offers an integrated, policy-based approach that can greatly improve organizations abilities to assess information security risk through a single console shared with SIEM and Vulnerability Manager. Risk Manager leverages a broad range of risk indicators, including asset, network and security configuration data; network activity data; network and security events; and vulnerability scan results. It also provides other key capabilities that include: Vulnerability Risk Assessment Quantification of risk: Helps assess vulnerabilities and asset configurations, based on industry standards and environmental factors, to help prioritize remediation Correlation of known vulnerabilities with network topology: Helps deliver a prioritized list of vulnerabilities to better assess which systems are most vulnerable to attack and should be remediated first Advanced threat modeling, simulation and visualization: Simulates potential spread of threats through the network by leveraging vulnerability, network topology and connection data Network Security Configuration Detailed configuration audit: Helps improve consistency of firewall rules, including detection of shadowed rules, rule usage and other configuration errors Security-focused network topology model: Enables automated monitoring of configuration rules Configuration change comparison and auditing: Alerts users to risky or out-of-compliance configurations Network Activity Monitoring Advanced monitoring and analysis of network activity: Quickly flags out-of-policy traffic based on security events and network flow data Fast and efficient search of network activity: Greatly reduces forensics efforts Intuitive visualization tool: Provides interactive analysis of current and historical network activity Network Security Event and Configuration Correlation Correlations of firewall accept and deny events with rules: Quantifies rule usage and effectiveness Scheduled or on-demand collection of device configuration data: Provides a historical configuration change record Advanced asset database correlation: Leverages information from a wide variety of network and security events and configuration sources, improving accuracy of results Risk Manager Data Sheet 2

Risk Manager maintains a history of configuration changes and enables users to audit this history across the network. This powerful capability allows users to compare normalized or raw device configurations, over time, across a single device or multiple devices through a single user interface. The collection of device configuration data is also instrumental in building an enterprise-wide representation of a network s topology. Topology mapping can help an organization understand allowed and denied application activity across the network, resulting in improved consistency of device configuration. Modeling and Simulation of Attacks and Network Configuration Changes With the policy engine in Risk Manager, risk scores can be dynamically Policy Monitoring to Improve Compliance Risk Manager features an automated policy engine that simplifies the assessment of a wide spectrum of information security and compliance policies. With an intuitive question- based interface, the policy engine integrates previously silo-ed risk indicators through regular monitoring of network assets for defined conditions. For example, the solution enables the correlation of asset vulnerability, configuration and network activity, dynamically increasing or decreasing risk scores based on environmental factors, and enabling risk-prioritized remediation. The Policy Monitor feature allows active evaluation of multiple security policies. Risk Manager provides out-of-the-box policy templates to assist with identifying risk across regulatory mandates and information security best practices. These templates are easily extended to align with an organization s internal information security policies, and as exceptions are discovered, Risk Manager can send email, display notifications, generate a syslog event or create an offense within SIEM. In addition, compliance reports include both policy exceptions and successes. adjusted based on environmental factors Risk Manager helps organizations identify and prioritize their most significant risk areas. Simulations can help organizations understand the risk impact of proposed network configuration changes before they are implemented. For example, simulations can check network connectivity before and after a proposed network configuration change, such as adding a firewall rule to one or more devices. Risk Manager also offers threat-modeling capabilities to simulate the potential spread of an exploit across the network by performing multi-step correlations of at-risk systems with network traffic and topology data. Security teams can select a starting point for the attack, such as the Internet or an untrusted network, and then specify risk criteria that identifies is as known system vulnerabilities or the protocol and port being used for the exploit. Risk Manager then graphically displays the potential spread of the attack across multiple network tiers. Device Configuration Management to Detect Changes and Profile Future Risks Extreme Networks Security Risk Manager provides automated collection, monitoring and auditing of device configurations across an organization s switches, routers, firewalls and intrusion detection system (IDS)/intrusion prevention system (IPS) devices. Through an ability to normalize cross-vendor device configuration data, Risk Manager provides detailed comparisons across security devices including firewall rules and policies to quickly identify when network traffic is inconsistent with a regulation, corporate mandate or industry best practice. Risk Manager attack simulation screen shows the potential spread of an exploit across the network Risk Manager Data Sheet 3

Advanced Tools to Investigate Network Topologies, Traffic and Forensics Risk Manager offers two network visualization security tools that provide unique, risk-focused, graphical representations of the network. The end result of both of these visualizations offers network and security teams a revolutionary investigative capacity by providing vulnerability information before, during and after an exploit. The first visualization tool, called the Topology Viewer, delivers detailed network topography views from both a routing and firewall configuration perspective. This insight comes from a unique combination of data sources, including device configuration, network activity data and security events. IT teams can review the entire network or a portion of the network, and they can export views to image or Microsoft Visio formats. The second visualization tool, called the Connection Monitor, quickly and efficiently analyzes historical network activity by automatically summarizing all firewall event and network flow data. Connection Monitor enables advanced traffic searches including the ability to search on connections between hosts and networks using specific protocols and applications, as well as analyzing traffic to and from specific countries or geographical regions. This can speed forensic and network traffic analyses. Security Intelligence to Minimize Risk Risk Manager provides organizations with a comprehensive network security solution that not only enables them to access forensics during and after an attack, but also to proactively detect, prioritize and remediate areas of high risk before they can be exploited. The powerful security analytics, simulation and visualization of Risk Manager provide a unique opportunity for organizations to move away from day-to-day security firefighting and to adopt a proactive, risk-based methodology that greatly strengthens network and security offenses while minimizing exploit risk. Log management and SIEM are necessary for a good network defense. By adding Risk Manager, organizations gain additional security intelligence enabling them to go on the offensive against those who wish to exploit their assets and networks. Technical Specification for Extreme Networks Security Risk Manager Description MODEL VIRTUAL APPLIANCE Extreme Networks Security Risk Manager G2 VM Extreme Networks Security Risk Manager G2 Appliance Form Factor - 2 RU Appliance Processor Memory 8 vcpu minimum required 48 GB minimum required Intel Xeon E5-2620 V2, 2.6GHz, 6 Core, 15MB Cache (x2) 64 GB Ordering Information PART NUMBER NAME DESCRIPTION 89058 SRMG2-APL Extreme Networks Security Risk Manager G2 Appliance (Base 50 Sources) 89059 SRMG2-VIR Extreme Networks Security Risk Manager G2 VM License (Base 50 Sources) 89060 SRMG2-ADD50 Extreme Networks Security Risk Manager G2 50 Sources Increase SW License 89061 SRMG2-ADD100 Extreme Networks Security Risk Manager G2 100 Source Increase SW License 89062 SRMG2-ADD250 Extreme Networks Security Risk Manager G2 250 Source Increase SW License 89063 SRMG2-ADD500 Extreme Networks Security Risk Manager G2 500 Source Increase SW License 89064 SRMG2-ADD1K Extreme Networks Security Risk Manager G2 1000 Source Increase SW License 89065 SRMG2-ADD2.5K Extreme Networks Security Risk Manager G2 2500 Source Increase SW License 89066 SRMG2-ADD5K Extreme Networks Security Risk Manager G2 5000 Source Increase SW License POWER CORDS In support of its expanding Green initiatives as of July 1st 2014, Extreme Networks will no longer ship power cords with products. Power cords can be ordered separately but need to be specified at the time order. Please refer to www.extremenetworks.com/product/powercords/ for details on power cord availability for this product. Risk Manager Data Sheet 4

Warranty As a customer-centric company, Extreme Networks is committed to providing quality products and solutions. In the event that one of our products fails due to a defect, we have developed a comprehensive warranty that protects you and provides a simple way to get your products repaired or media replaced as soon as possible. Service & Support Extreme Networks provides comprehensive service offerings that range from Professional Services to design, deploy and optimize customer networks, customized technical training, to service and support tailored to individual customer needs. Extreme Networks Security Analytics Appliances come with a one-year warranty against manufacturing defects. For full warranty terms and conditions please go to: http://www. extremenetworks.com/support/warranty.aspx. http://www.extremenetworks.com/contact Phone +1-408-579-2800 2015 Extreme Networks, Inc. All rights reserved. Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names are the property of their respective owners. For additional information on Extreme Networks Trademarks please see http://www.extremenetworks.com/company/legal/trademarks/. Specifications and product availability are subject to change without notice. 9612-0715-15 WWW.EXTREMENETWORKS.COM Risk Manager Data Sheet 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information