Vulnerability & Compliance Management System



Similar documents
VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

Configuration Audit & Control

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

Cloud Security: An Independent Assessent

IT Security & Compliance. On Time. On Budget. On Demand.

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Is your business prepared for Cyber Risks in 2016

INTELLIGENT EFFICIENT COMPETITIVE SOLUTIONS FOR YOUR IT OPERATIONS

INFRASTRUCTURE SOLUTIONS OVERVIEW

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Tufin Orchestration Suite

Guardium Change Auditing System (CAS)

WEB APPLICATION VULNERABILITY STATISTICS (2013)

SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio

Information Security & Privacy Solutions Enabling Information Governance

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Tivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time

PCI DSS. Get Compliant, Stay Compliant Seminar

Zone Labs Integrity Smarter Enterprise Security

AL RAFEE ENTERPRISES Solutions & Expertise.

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

How To Achieve Pca Compliance With Redhat Enterprise Linux

Cloud and Data Center Security

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Netzwerkvirtualisierung? Aber mit Sicherheit!

BMS Consulting LLC Portfolio, partners and benefits

How To Use Ibm Tivoli Monitoring Software

Real-Time Database Protection and. Overview IBM Corporation

Security Controls What Works. Southside Virginia Community College: Security Awareness

Vulnerability Management

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

AdvancedHosting SM Solutions from SunGard Availability Services

Your Security Partner of Choice

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

McAfee Database Security. Dan Sarel, VP Database Security Products

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ

UNDERSTANDING CORE TELECOM SECURITY

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

EMC Data Protection Advisor 6.0

Uni Vault. An Introduction to Uni Systems Hybrid Cloud Data Protection as a Service. White Paper Solution Brief

SENTINEL MANAGEMENT & MONITORING

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Document ID. Cyber security for substation automation products and systems

Dynamic Data Center Compliance with Tripwire and Microsoft

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Managed Services. Business Intelligence Solutions

A Decision Maker s Guide to Securing an IT Infrastructure

IBM Tivoli Netcool Configuration Manager

<cloud> Secure Hosting Services

Enterprise Security Solutions

NERC CIP VERSION 5 COMPLIANCE

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Simplify Your Network Security with All-In-One Unified Threat Management

Client Security Risk Assessment Questionnaire

Network Security and Vulnerability Assessment Solutions

1 Introduction Product Description Strengths and Challenges Copyright... 5

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University.

WHITE PAPER OCTOBER CA Unified Infrastructure Management: Solution Architecture

Securing the Service Desk in the Cloud

Payment Card Industry Data Security Standard

CA Configuration Automation

IBM Tivoli Service Request Manager

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

How To Manage Your Information Systems At Aerosoft.Com

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Trend Micro. Advanced Security Built for the Cloud

Enforcive / Enterprise Security

WHITE PAPER June CA Nimsoft Monitor. Delivering a Unified Monitoring Architecture

Current IBAT Endorsed Services

Clavister InSight TM. Protecting Values

Fax2 IT and Security Audit. In 2012 and 2013, PRAS Consulting was awarded by Microsoft Romania as Best partner for Public Cloud.

Enterprise Database Security & Monitoring: Guardium Overview

RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT

Security Services. 30 years of experience in IT business

Product Overview. UNIFIED COMPUTING Interoute Database & Application Management

End-to-End Infrastructure Solutions

Symphony Plus Cyber security for the power and water industries

Security Solutions

Compliance Guide: PCI DSS

Application Monitoring for SAP

QUESTIONS & RESPONSES #2

Clean VPN Approach to Secure Remote Access for the SMB

IBM Tivoli Endpoint Manager for Lifecycle Management

SUPPORTING HIPAA COMPLIANCE THROUGH MANAGED HOSTING.

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Check list เตร ยมความพร อมด าน Cyber Security ให หน วยงาน 6 th October 2015 Avirut Liangsiri 1. Effective:

QRadar SIEM 6.3 Datasheet

Clean VPN Approach to Secure Remote Access

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

MANAGED MICROSOFT AZURE SERVICES

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

How To Protect Your Cloud From Attack

Transcription:

Products & Services MaxPatrol MaxPatrol Vulnerability & Compliance Management System

Reduce Costs. Improve Efficiency. Manage Risk. MaxPatrol from provides visibility and control of security compliance across your entire corporate IT infrastructure in a single solution.

Products & Services MaxPatrol 01 Securing the integrity of corporate information systems has never been more important. Each successive media report about a new security breach underlines the massive potential for damage to an organisation s finances, operations and reputation when confidential information is compromised. Protecting your company from security incident can be a costly, complex business, especially when you need to comply with the growing range of legal and regulatory standards brought in to counter these threats. But the penalties for failure are even higher. Many large organisations struggle to meet this challenge with a fragmented approach, selecting different tools for each system, division or country and employing expensive specialists to carry out manual assessment and configuration management. The cost effective alternative is to centralize and automate the process with MaxPatrol, a fullyintegrated, best-in-class vulnerability and compliance management solution from Positive Technologies. Protecting your company is vital, but it doesn t have to cost the earth

02 MaxPatrol: Business Benefits Consolidation for Consistency Combine the security of your entire organization under a single solution and a unified approach. Gain visibility and control of configurations on more than 70 platforms and applications, including wireless and VoIP equipment, infrastructure and business applications, ICS/SCADA and ERP systems. Automation for Efficiency Cut your staffing costs whilst increasing the frequency of system checks. MaxPatrol s configuration & vulnerability assessment engine is agentless, low-privileged and non-intrusive reducing disruption to your systems and staff. It has the industry s lowest false positive rate. Reporting for Transparency Obtain reporting that is relevant for each management level to support informed management decisions. Centralize, streamline and automate your IT & IS processes with MaxPatrol

Products & Services MaxPatrol 03 Pre-Configured for Speedy Compliance Rapidly deploy MaxPatrol s wide range of predefined security policies to quickly measure your compliance with industry regulations including: ISO 27001/27002, SOX, PCI DSS, NSA, NIST and CIS. Easily configure bespoke policies to enforce your own, in-house security guidelines. Flexible for Scale and Change Take advantage of MaxPatrol s scalability and flexible deployment models to configure the ideal solution for your specific infrastructure. MaxPatrol can be delivered as SaaS, virtual application or traditionally based software solution. Standardised for Simple Integration Easily integrate MaxPatrol into your existing systems because of its compatibility with the universally-recognized CVE standard for the classification of vulnerabilities. Maintained by Experts Enjoy peace of mind by putting your security in the hands of acknowledged industry experts. MaxPatrol is updated daily by our team of engineers as they track new threats, policy requirements and vulnerabilities. The Positive Research innovation group works closely with the industry s foremost research teams; technology partners such as Cisco, Oracle, HP, IBM, Microsoft and vendors of anti-virus, firewall and intrusion detection systems.

04 MaxPatrol: Key Features Vulnerability Assessment agentless, low-privileged, non-intrusive, black- & white- box configuration and vulnerability assessment engine. PCI DSS ASV-compliant. Supports penetration testing, application assessment, network inventory and network perimeter control. Cross-Platform Compatibility works across: Network equipment from Cisco, Juniper, CheckPoint, Arbor, Huawei, Nortel, Alcatel etc. VoIP and wireless equipment, various telecom equipment in CS & PS Core Network (HLR, MSC, SGSN, GGSN), Radio Network (Node B, RNC) and VAS-platforms Operating Systems including Windows, MacOS X, Linux, IBM AIX, HP-UX and Oracle Solaris Databases including Microsoft SQL, Oracle, IBM DB2, PostgreSQL, MySQL and Sybase Desktop applications: Web Browsers, Office and IM apps Infrastructure applications including Active Directory, Microsoft Exchange, IBM Lotus, Microsoft IIS and Apache Virtualization and Terminal Platforms: VMware vsphere/esx, Microsoft Hyper-V, Citrix XenApp etc. Security Systems: Personal IPS, Firewalls, Antivirus etc. Business critical systems: ICS/SCADA, Сore banking systems, Billing and ERP including SAP R/3, SAP NetWeaver and Oracle E-Business Suite (EBS)

Products & Services MaxPatrol 05 Web Application Security assesses Web 2.0 applications based on AJAX, JSON, Flash and Java technologies Security Analysis of ERP and ICS/SCADA based on vendor/industry guidelines: SAP Security Guides, ISACA (ITAF), NERC CIP, etc. Password Policy Audit black-box and white-box mode auditing for systems including: Remote access and VPN (RDP, VNC, Telnet, SSH, RCP, etc.) File and folder shares Application protocols: SAP, Oracle, SQL, Web, Email etc. Desktop application such as IM & Browsers Malware Detection agentless technologies to detect insecure code, Malware and Trojans across all systems Agentless Integrity Monitoring built-in database of each system s components helps detect incidents/unwanted changes Sensitive Data Detection powerful search engine identifies data such as credit card, PIN and CVV numbers in files/databases Flexible Reporting System supports automation of processes including inventory and change management, compliance and IT performance management XML-Based Integration API supports creation of unified IS frameworks across systems including: Asset Management, Help Desk Ticketing, Risk Management, Patch Management, SIM/SIEM, IPS, WAF and Pentest frameworks, NAC/NAP Certified CVE-Compatible simplifies integration with other systems

06 MaxPatrol: One Solution for All Your Systems, All Your Needs With MaxPatrol, you can unite all your systems under one compliance solution: network and system infrastructure, servers, VoIP and telecom equipment, databases, Сore banking and ERP systems, ICS/SCADA and web applications. MaxPatrol can meet the security needs of your entire business, from IT engineers to the CEO. Its automated processes can save your company time and money as well as increasing the accuracy of your regulatory and compliance data and reducing the risk of human error. MaxPatrol is the only enterprise product on the global market that combines auditing, penetration testing and compliance-management in a single solution. It is already used by over 1,000 successful companies of all sizes to maintain security across many operating systems, databases, business management systems and web applications.

Products & Services MaxPatrol VoIP and telecom equipment Databases Core banking and ERP ICS/SCADA Network and System Infrastructure Web Applications PCI DSS, SOX, ISO etc Vulnerability Management Change Control Compliance Management Key Performance Indicators Corporate Policies 07 Management IS and IT cost reduction High-lewel business reporting / KPIs Corporate Compliance Real-time security overview Knowledge Base Auditors Comprehensive tool for security assessment Major international standards support Custom reporting system Security IT Operations Vulnerability management Compliance management Policy compliance Vulnerability elimination control Easy Implementation IT resources inventory Recommendations on vulnerability elimination Reporting on updates

OIL COMPANY Industry: Oil & Gas / Utilities Case Study: Lukoil The Lukoil group of companies is one of the world s oil and gas producers with annual revenues of $133bn and net profits of over $10bn (2011). MaxPatrol is used by Lukoil-Inform, a service company established by Lukoil to implement, develop and maintain all Information Systems across the various companies in the Lukoil group. Through outsourced services, Lukoil - Inform ensures the smooth operation of all Lukoil applications including telecommunications, manufacturing and building-control systems. 08 MaxPatrol is used to carry out automated compliance audits for Information Systems, measuring them against internal corporate IS standards including the requirements of international standard ISO/IEC 27001:2005. Our task was to unify the Information Security management processes within the Lukoil group of companies. When deploying a unified set of internal corporate standards, we chose MaxPatrol to monitor the implementation. The MaxPatrol system supports a wide range of platforms and automates vulnerability detection across a wide range of networks. Vladimir Kurbatov, Head of Information Security, Lukoil-Inform. Industry: Telecommunications Case Study: VimpelCom VimpelCom Ltd is one of the world s largest telecommunications groups with 209m subscribers (March 2012). It provides the full range of telecommunications services including cellular communications (GSM and UMTS) and fixed line telephony, wire (FTTB) and wireless (Wi-Fi) Internet access and IPTV. VimpelCom provides services under the Beeline, Kyivstar, djuice, Wind, Infostrada, Mobilink, Leo, banglalink, Telecel and Djezzy brands. VimpelCom depends heavily on the stability and safety of its Information Systems. That s why it is so important for us to have a common set of tools providing robust information security for all of our subdivisions. It s also important for us to have full control of security compliance for all our IT systems. MaxPatrol provides us with the complete solution to these challenges. Dmitry Ustyuzhanin, Head of Information Security, VimpelCom.

Products & Services MaxPatrol Member of the KBC group Case Study: Absolut Bank Industry: Finance Absolut Bank is part of the KBC Group, one of the largest financial groups in Europe with a market capitalization of around 9bn. Absolut Bank serves more than 30 thousand corporate clients and 200 thousand private individuals. It recorded net profits of $82m in 2011. For Absolut Bank, the security of the IT infrastructure is one of our most critical challenges. It is especially important to make timely analyses of the entire bank s IT system security. The MaxPatrol system allows us to obtain detailed information on vulnerabilities; to detect and classify any errors in the configuration of network equipment, operating and application systems; and to check the security level of the bank s IT infrastructure according to the regulators requirements. MaxPatrol passes all information to our SIEM-system, HP ArcSight. Together they provide the bank with comprehensive security control. Alexander Yuriev, Director of Technical Protection, Non-Financial Risks, Absolut Bank. Industry: Media Case Study: VGTRK The All-Russia State Television and Radio Broadcasting Company (VGTRK) is the country s largest media corporation. It operates three national TV channels and more than 90 regional TV and radio networks as well as multiple national and international satellite TV channels. It offers dozens of online resources including live streams of its broadcasts. VGTRK also operates the Russian Information Agency and is a major producer of Film and TV programming. 09 MaxPatrol has allowed us to automate the process of analyzing information security for our IT-services. It has also helped us tackle a range of IS challenges and release additional resources - both financial and human - to the strategic development of information security. So far, we have introduced MaxPatrol in two key areas of VGTRK s operations in Moscow. We now plan to replicate it throughout our entire branch network. Dmitry Safronov, Head of Information Security Management, VGTRK.

10 MaxPatrol in Action More than a thousand companies already rely on MaxPatrol to secure their systems. These customers range from SMEs to government departments, international banks and major telecommunications companies. One of the biggest installations to date monitors security levels across the customer s 8 subsidiaries, which operate in 26 countries. MaxPatrol continues to grow with the customer s business, expanding into new territories in a rolling program that has so far seen the deployment of 36 MaxPatrol components to control in excess of 100,000 nodes in the customer s infrastructure. MaxPatrol is commonly used to: Manage security control and compliance processes within an integrated Global Security Operations Center. Audit IT and IS performance and service quality achieved by internal teams as well as outsourced staff provided by third parties. Provide managed security services for corporate clients as part of outsourcing/outstaffing business models. Provide penetration testing and security audits for external and internal auditors and regulators. For more information about how MaxPatrol brings value to our customers, please see our case studies at www.ptsecurity.com/success For more detail on MaxPatrol s specifications, please see our technical product description at www.ptsecurity.com/maxpatrol

Products & Services MaxPatrol Max Patrol in Figures: 30,000+ 1,000+ 5,000+ The number of checks for known vulnerabilities MaxPatrol is pre-configured to carry out. This increases daily as new vulnerabilities are identified by our research team Positive Research and added to the MaxPatrol knowledge base The range of systems MaxPatrol is proven to work across The number of configuration parameters that MaxPatrol can detect across more than 70 different platforms and applications 11 100+ The number of new 0-day vulnerabilities added per year

About Positive Technologies is a specialist developer of IT Security products with more than a decade of experience in the practical aspects of IT Security. We are one of the top ten global vendors of Vulnerability Assessment systems*. Our research centre is one of the largest in Europe and is staffed by a team of experts detecting hundreds of new vulnerabilities each year as well as monitoring security trends across the world. This focus on research and the practical application of IT Security ensures understands the full-range of cyber security threats faced by our customers: from the network level through to business-critical elements such as banking applications, ERP, telecoms equipment, ICS/SCADA systems and government web portals. Our goal is not just to improve IT security, but to protect our clients businesses from the very real threats of hacking. We help over 1,000 corporate customers to reduce their risk, cut costs and improve efficiency whilst achieving and maintaining compliance with an array of key industry standards such as ISO 27001/27002, PCI DSS and SOX 404 as well as local laws and corporate security guidelines. *Source: Market intelligence firm IDC s report Worldwide Security and Vulnerability Management Forecast for 2012-2016 Analyze the Future Contact us: Office 255 Building 3 Chiswick Park 566 Chiswick High Road London W4 5YA Tel.: +44 208 849 8498 E-mail: info@ptsecurity.com www.ptsecurity.com 11/2012

OUR EXPERIENCE - YOUR SECURITY

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information