Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks



Similar documents
Global Network Visibility

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Using Skybox Solutions to Achieve PCI Compliance

WHITE PAPER OCTOBER CA Unified Infrastructure Management for Networks

NERC CIP VERSION 5 COMPLIANCE

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

SANS Top 20 Critical Controls for Effective Cyber Defense

WHITE PAPER September CA Nimsoft For Network Monitoring

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

BlackRidge Technology Transport Access Control: Overview

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

FIREWALLS & CBAC. philip.heimer@hh.se

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Firewalls. Chapter 3

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Embracing Microsoft Vista for Enhanced Network Security

Virtualization Essentials

CMPT 471 Networking II

Detecting rogue systems

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Networking for Caribbean Development

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Vulnerability Management

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

On the Deficiencies of Active Network Discovery Systems

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

Asset Discovery with Symantec Control Compliance Suite

Technical Note. ForeScout CounterACT: Virtual Firewall

IBM Tivoli Netcool network management solutions for enterprise

The Purview Solution Integration With Splunk

Network Virtualization Network Admission Control Deployment Guide

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Bypassing Network Access Control Systems

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Concierge SIEM Reporting Overview

Verve Security Center

Total Protection for Compliance: Unified IT Policy Auditing

Payment Card Industry Data Security Standard

Enterprise Security Solutions

Best Practices for PCI DSS V3.0 Network Security Compliance

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

A Look at the New Converged Data Center

Network Management Deployment Guide

Chapter 9 Firewalls and Intrusion Prevention Systems

Firewalls. Ahmad Almulhem March 10, 2012

Network Immunity Solution. Technical White paper. ProCurve Networking

Firewall Firewall August, 2003

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

INTRODUCTION TO FIREWALL SECURITY

Best Practices for Outdoor Wireless Security

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Detection of illegal gateways in protected networks

ForeScout CounterACT. Continuous Monitoring and Mitigation

CISCO WIRELESS CONTROL SYSTEM (WCS)

Best Practices for Building a Security Operations Center

VMware vcloud Networking and Security Overview

Building A Secure Microsoft Exchange Continuity Appliance

Sygate Secure Enterprise and Alcatel

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Chapter 11 Cloud Application Development

WhatsUpGold. v3.0. WhatsConnected User Guide

Secure Networks for Process Control

Recommended IP Telephony Architecture

How To Manage Security On A Networked Computer System

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Global Partner Management Notice

Enterprise Energy Management with JouleX and Cisco EnergyWise

Nimsoft for Network Monitoring. A Nimsoft Service Level Management Solution White Paper

RAVEN, Network Security and Health for the Enterprise

Security Orchestration with IF-MAP

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Cisco Wireless Control System (WCS)

How To Create An Intelligent Infrastructure Solution

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Network Management and Monitoring Software

8. Firewall Design & Implementation

Chapter 15. Firewalls, IDS and IPS

DATA CENTER INFRASTRUCTURE MANAGEMENT

PANDORA FMS NETWORK DEVICES MONITORING

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Overview. Firewall Security. Perimeter Security Devices. Routers

Transcription:

IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of the entire routed infrastructure. - Today s distributed, ever changing IT environments require complete visibility into the network in order to maintain security, compliance and availability. Lumeta IPsonar is the industry s most widely deployed network discovery solution for large, geographically distributed organizations. Lumeta s patented, award winning network assurance technology discovers and maps every IP asset, host and node on the network, giving CIOs, CSOs and CISOs a clear view of risks and policy violations arising from network changes. Such changes include the addition of new devices, modifications in remote access, changes resulting from IT consolidations, and infrastructure updates. Over a dozen U.S. federal government agencies, five of the ten largest pharmaceutical companies, three of the five largest energy companies, and many other industry leading organizations rely on Lumeta to maximize the value and efficacy of IT investments in vulnerability management, information protection and control, IP address management, IT asset management, and compliance. IPsonar provides: - Discovery of all ingress and egress points on the network, including rogue/unauthorized Internet connectivity. - Accurate inventory of attached devices for vulnerability scanning. - Confirmation that all assets are under security management. - Clear understanding of entire routed infrastructure. - Inventory of all SSL certificates, including issuer, signing authority and expiration date. - Discovery of potentially vulnerable (open) TCP ports for more targeted vulnerability scanning and patch management. - Lightweight discovery/scanning techniques avoiding detection by IDS/IPS systems. - Device profiling allowing for credential-less identification of attached end-points. - Lumeta Network Index allowing for best-practices based scoring (risk metrics) of IPsonar results.

IPsonar s credential-less and agent-less approach minimizes disruption to operations and scales to handle the largest networks. IPsonar is lightweight and safe for use on large networks even during production hours, operating at the level of network noise and using only properly formed packets to elicit benign responses. IPsonar s patented network leak detection solution reveals unauthorized connections between the enterprise and another network, between segregated subnets, as well as unwanted connectivity between the network and the Internet, determining whether connectivity is outbound, inbound or both. IPsonar s network leak detection capabilities are unparalleled in the industry, with the unique ability to find unknown connections into other organizations, such as legacy partner connections or divestiture connectivity. Network leak detection provides intelligence for active network defense, enabling cybersecurity response before costly downtime or material weaknesses wreak havoc on the enterprise. IPsonar allows users to set policy guidelines based on regulatory requirements or internal guidelines, and to automate the measurement of the true state of the network against those policies. IPsonar also provides real-time alerting on policy violations that break risk thresholds, even where the violation occurs on an asset or connection that was previously unmanaged or unknown, enabling a proactive approach to network security and management. IPsonar s powerful dashboards can be configured to present the most relevant data more effectively. For instance, dashboards can be created for IT audit and regulatory preparation or for executive management reporting. 2 Lumeta IPsonar Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks With a bi-directional open API, and configurable custom attributes, Lumeta IPsonar provides users the ability to seamlessly integrate active network discovery data into existing IT and Security lifecycle, leveraging IPsonar s network discovery reporting and powerful network mapping engines as a front end to operational network visualization. Lumeta IPsonar is delivered on an appliance-based system, including sensors, scan servers and reporting servers. The number of systems required and licensing costs depends on the size, complexity and segmentation of the network to be scanned. Lumeta IPsonar can also be run as a service. Lumeta offers an extensive suite of professional services, training and educational certifications.

3 The Phases of IPsonar Discovery IPsonar actively scans the network to collect all data related to Network, Host, Leak, Services, Perimeter, and Layer 2 Discovery. IPsonar also uses intensive Device Profiling techniques to identify the type, vendor, model, operating system, and version of devices on the network. MAC addresses that are collected and associated with IPs are matched to their respective MAC vendors. Users can accurately visualize what is on the network, drill down to analyze potential areas of risk, and identify appropriate corrective actions. Network Discovery Organizations must understand the entire network during times of change, assuring that all assets are under management to avoid intrusion and service outages. IPsonar Network Discovery is the best tool to identify and measure relationships between known and previously unknown network assets,including routers, switches, and firewalls. Applies multi-protocol discovery to penetrate deep into the network, identifying forwarding and filtering devices Traces and visualizes data paths through a network, to discover if assets communicate properly Flags stealth assets that do not respond to direct queries, pinpointing resources that may not be under management Isolates the impact of firewall and router access control lists (ACLs), assuring they are operating in compliance to policy Presents a route-based network topology from an application connectivity perspective via the IPsonar Map Host Discovery Unknown IP addresses exist in every large network, often undiscovered until an outage, breach, or audit issue. IPsonar Host Discovery identifies all devices on the network, helping IT executives align areas of visibility with areas of responsibility. Conducts a census of all IP addresses using multi-protocol discovery, identifying the true perimeter of the network Flags addresses unrecognized by official network inventories for remediation Enables organizations to harden defenses around the network perimeter and secure zones to enforce policies Leak Discovery Leaks are devices with unauthorized inbound or outbound connectivity to the Internet or sub-network, for example, unsecured routers exposed to the Internet or open links to former business partners. The larger and more complex a network is, the more likely it is that unknown leaks exist. IPsonar Leak Discovery is crucial in the proactive fight against leaks, revealing all unauthorized connections and identifying whether access is outbound, inbound, or both. Pinpoints forwarding and filtering devices through which addresses leak, enabling IT staff to assure these resources are in compliance with security policies Identifies inbound and outbound leakers to and from secure zones, such as those developed to protect customer data or carry sensitive communications Spots hard-to-find leaks such as unauthorized Cable/DSL routers, multi-homed servers, and NAT/PAT proxies that covertly forward network traffic Identifies resources a hop beyond the network, showing the organizations to which they are connected Enhanced Perimeter Discovery The perimeter of the network is usually assumed to be edge device(s) on the network, like the routers and firewalls that are known to allow access to the outside world e.g. the internet, an adjacent company s network, etc. and IPsonar has always checked the behavior of those devices. Yet while we tend to believe that we know the perimeter of our network based on our address space, layout, and firewall placement, with today s increasingly sophisticated mobile and wireless devices, anyone who places a multi-homed device on the network can change the known perimeter. Identifies devices on the network that have the ability to pass traffic out of the network perimeter and into unauthorized or even dangerous networks For each identified egress point, detects and alerts on the complete context of the network conversation, including details on the device or host and the addresses and networks connected to Discover devices and hosts on the network that are not compliant with network traffic policy Identify network vulnerabilities that put the organization at risk An IPsonar network map showing a device with a number of Outbound and Inbound Network Leaks.

4 Service Discovery IPsonar probes discovered devices for services that they provide by scanning for the known ports that provide those services. The IPsonar default service discovery port set includes common, well-known ports such as FTP, Telnet, and HTTP, along with potentially-vulnerable ports like known virus or file sharing ports. Service discovery using the IPsonar-provided ports will expose devices that are open to traffic on those ports, or blocking them, and users can add their own ports of concern to the list, helping to discover possible device vulnerabilities based on services. For example, IPsonar may discover devices that are being used to access file sharing services, which may not be desired in your environment. Identifies ports that are either open, closed, or gave mixed responses. Displays port status for each device scanned and discovered Displays individual port status for devices having multiple IP addresses, e.g. routers, switches Layer 2 Discovery, i.e. Host Topology Discovery In addition to identifying and mapping the network at the IP address level, IPsonar takes the next step in discovering and mapping the layer 2 devices. IPsonar does this by probing the discovered devices for potential layer 2 switches, then probing those switches further for details about their connected devices. IPsonar can also detect and map the presence of some unmanaged hubs in a layer 2 network topology. Identifies devices that are operating as layer 2 devices, e.g. switches. Polls layer 2 devices for layer 2 ports, devices, MACs, etc. Identifies and displays VLAN layout in a layer 2 nework. Graphically shows the layer 2 and layer 3 network relationship. vendors, dozens of devices types, and hundreds of common operating systems and OS versions, all regularly refreshed through a live update feature. Customers can also enhance or customize this library easily to suit their individual infrastructure. Uses multiple scanning techniques to collect data from devices on the network, then selects the best source to determine device attributes, placing a confidence level on each attribute based on how accurate the methodology and returned value might be. Extracts information from standard packets (ICMP, TCP, and UDP packets); no application-layer transactions nor installed agents required Flags improperly secured wireless access points for remediation improving security without requiring staff to scan airwaves or deploy antennae-based monitors Determines which operating systems and versions network devices are running Graphically represents devices, vendors, etc. to clearly represent all device categories Allows users to easily add new fingerprints that are known to identify devices, enhancing and customizing the device information that IPsonar provides. Identifies Internet services and proprietary IP applications active on hosts and devices, pinpointing resources for which tested ports are active. Flags improperly secured wireless access points for remediation improving security without requiring staff to scan airwaves or deploy antennae-based monitors Determines which operating systems and versions network devices are running. Extracts information from standard packets (ICMP echo requests and high-port UDP packets); no application-layer transactions. Facilitates consolidation by noting devices that run network-based services, such as printers and storage appliances. Device Profiling IPsonar provides rich data on all networked devices, delivering a uniquely comprehensive data set on all devices at the network and transport levels, in addition to providing application-layer visibility. Detailed device information obtained by active network discovery gives users a real-time glimpse into device type information, vendor, model number, Operating System, and version, all of which can be easily integrated into to other IT and security lifecycle tools, such as network management systems. The product ships with a pre-configured library of more than 800 Copyright Lumeta Corporation, All rights reserved

Lumeta offers the industry s most comprehensive and proven network discovery & visibility solutions. Lumeta IPsonar provides comprehensive network visibility for active network defense. 5 Scalable to the World's Largest Networks with Multi-tier Enterprise Architecture Because it is a network appliance, Lumeta's IPsonar requires no installation or disruption to operations in order to completely scan a network - no matter how far-flung or numerous the resources are. IPsonar is made to handle large data sets as easily as it does small data sets. Thus, IPsonar is a true enterprise application, able to work efficiently in both large and small deployments. IPsonar's three-tiered architecture is proven at the world's most complex networks and has been used to scan the entire Internet: Sensors. Accurate, complete network scanning is achieved through the use of network entry points called Sensors. These entry points are portable, providing flexibility to address even the most fast-changing networks. Scan Servers. These resources are positioned at appropriate points in the network to assure that business applications and even the lowest-speed network links are unaffected by IPsonar network traffic. Multiple scans can be run simultaneously. Report Servers. Functioning as the data repository, Report Servers separate report from scanning to further reduce IPsonar s operational footprint. A single remote Report Server can support multiple Scan Servers. IPsonar uses a pre-loaded, hardened configuration to simplify and assure security. Communication between IPsonar appliances is via HTTPS (SSL) and available in several configurations, so no changes to firewalls or network access control are required. The user interface supports signed digital certificates. The number of systems required, and software-licensing costs depend on the size, complexity and segmentation of the network to be scanned. Lumeta IPsonar can also be run as a service. Lumeta offers an extensive suite of professional services, training and educational certifications. Integration With a bi-directional open API, and configurable custom attributes, Lumeta IPsonar provides users the ability to seamlessly integrate active network discovery data into existing IT and Security lifecycle, leveraging IPsonar s network discovery reporting and powerful network mapping engines as a front end to operational network visualization. Lumeta s IPsonar fully integrates its data into third-party applications, providing organizations with the information needed to ensure complete network availability, security, and compliance. IPsonar s open API is designed to enable integration with any application and the solution s network discovery results are fully extensible to a range of third-party solutions and easily translated into actionable information. Copyright Lumeta Corporation, All rights reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information