TECHNOLOGY INTEGRATION GUIDE



Similar documents
INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

TECHNOLOGY INTEGRATION GUIDE

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Empowering Enterprises to Continuously Monitor IT Compliance and Mitigate Risk Proactively

Reference Guide. Skybox View Revision: 11

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Symantec Security Information Manager Version 4.7

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

NetBrain Workstation 6.0

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Net LineDancer Update Notice

Tufin Orchestration Suite

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

Device Adapter Capabilities Report

Restorepoint Plug-in Guide. Version 4.0

Extreme Networks Security Vulnerability Assessment Configuration Guide

Using the Tenable Solution to Audit and Protect Firewalls, Routers, and Other Network Devices May 14, 2013 (Revision 1)

List of Supported Systems & Devices

ArcSight Supports a Wide Range of Security Relevant Products

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

High End Information Security Services

How To Manage A Network Security System

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Juniper Secure Analytics

Security Policies Tekenen? Florian Buijs

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

NERC CIP VERSION 5 COMPLIANCE

Metrics Suite for Enterprise-Level Attack Graph Analysis

Juniper Secure Analytics

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

2016 Firewall Management Trends Report

Securing Networks with PIX and ASA

TRIPWIRE LOG CENTER HIGH PERFORMANCE LOG AND SECURITY EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

BeyondInsight Version 5.6 New and Updated Features

VMware Integrated Partner Solutions for Networking and Security

Fortinet FortiGate App for Splunk

Configuration Audit & Control

Extreme Networks Security Risk Manager Adapter Configuration Guide

Trusted Geolocation in The Cloud Technical Demonstration

ACL Compliance Director FAQ

VULNERABILITY MANAGEMENT

Supported Devices (Event Log Sources)

M A R K E T A N A L Y S I S

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

IBM. Vulnerability scanning and best practices

Cyber Security RFP Template

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

nfx Cinxi One SIEM Partner Guide Revision: H2CY10

Privileged Identity Management for the HP Ecosystem

CTS2134 Introduction to Networking. Module Network Security

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

- Introduction to PIX/ASA Firewalls -

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Web Application Firewall

Managing Vulnerability Assessment

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

ControlFabric Interop Demo Guide

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

ForeScout Technologies Is A Leader Among Network Access Control Vendors

Splunk and the SANS Top 20 Critical Security Controls. Mapping Splunk Software to the SANS Top 20 CSC Version 4.1

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

Best Practices for PCI DSS V3.0 Network Security Compliance

Cisco Certified Security Professional (CCSP)

DiamondStream Data Security Policy Summary

Vulnerability Assessment Using Nessus

Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

About the VM-Series Firewall

Effective Use of Security Event Correlation

MarketScope for Vulnerability Assessment

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Vulnerability Management

Cisco-Citrix Alliance

How To: Configure a Cisco ASA 5505 for Video Conferencing

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

TCS Managed Security Services

IBM Security QRadar Risk Manager Version Getting Started Guide IBM

Securing your IT infrastructure with SOC/NOC collaboration

IBM Security QRadar Vulnerability Manager Version User Guide

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

What is Security Intelligence?

Tenable Addendum to VMware Product Applicability Guide. for. Payment Card Industry Data Security Standard (PCI DSS) version 3.0

Transcription:

TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and its security posture. By combining all this information, RedSeal optimizes the value of each individual solution, prioritizes security issues by putting them in the context of your network, and shortens remediation cycles. NETWORK DEVICES AND INFRASTRUCTURE Routers Alcatel-Lucent 7750SR-c12/OS 11.0.R4 SR-OS 11.0.R4 Arista EOS 4.2.7 4.11.4 Cisco IOS 11.0-15 Cisco IOS-XR 3.8 4.2 Cisco NX-OS 5.1 Cisco VPN-3000 4.x HP H3c Comware 5.20.106 HP ProCurve #K.15.12.0012 Juniper JunOS 8.5 10.4 + 11 & 12 Load Balancers A10 ACOS 2.7.1 Brocade IronWare BigIron/FastIron 8.0, ServerIronXL 7.5 Cisco CSS 11501/11050/ 11150 Citrix NetScaler 9.2 F5 BIG-IP 10.2, 11.0 11.3 Radware 4408 with Alteon software 26.x or 28.x Riverbed SteelApp SteelApp Traffic Manager 9.1 (Stingray) HP ProCurve #K.15.12.0012 Juniper JunOS 8.5 10.4 + 11 & 12 1

Firewalls Check Point File, OPSEC R65, R70, R71, R75, R76, R77 Cisco FWSM v2, v3, v4 Cisco PIX v6.3, v7, v8 Cisco ASA v8 Cisco Catalyst 6400 ACE A2 (3.1) Cisco ACE Software appliance A4 (2.1a) Fortinet Fortigate FortiOS 4.x, 5.x Juniper ScreenOS 6.x Juniper JunOS 8.5 10.4, plus 11 & 12 McAfee Firewall Enterprise 7, 8.1.2, 8.2.0, 8.2.1, 8.3 McAfee (Stonesoft) NGFW 5.7.0 Palo Alto Networks PAN-OS 4.x, 5.x, 6.x Wireless Controllers Aruba ArubaOS 6.1.3 Cisco Wireless Controller 7.4 Cisco Aironet IOS 11.0-15 Virtualized/Cloud Infrastructure AWS VPC N/A AWS Config N/A VMware vshieldedge VMware 5.5.0 Configuration Management Databases (CMDB) Check Point File, OPSEC R65, R70, R71, R75, R76, R77 Cisco FWSM v2, v3, v4 Cisco PIX v6.3, v7, v8 Cisco ASA v8 Cisco Catalyst 6400 ACE A2 (3.1) Cisco ACE Software appliance A4 (2.1a) Fortinet Fortigate FortiOS 4.x, 5.x Juniper ScreenOS 6.x 2

Note: Specific device support varies with each CMDB vendor. Please refer to RedSeal s Data Import Plugins Guide available from the RedSeal Support Portal for additional considerations on integration with CMDB systems. Note: RedSeal also supports importing device configurations that have been saved to a file. Refer to documentation from specific device vendors for additional information on using this methodology. SECURITY SOLUTIONS Vulnerability Scanners DDI Frontline 5.0 BeyondTrust REM Security Management Console 3.7.9 & 3.8 BeyondTrust eeye Retina 3.8 & 5.16 McAfee Vulnerability Manager 7.0.1 & 7.5 Open source nmap 6.25 Qualys QualysGuard 7.6 Rapid7 NeXpose 4.12 Symantec Vulnerability Manager 10.0.5 Tenable Nessus 4.6.2.1 & 4.8 Tripwire (ncircle) IP360 6.8.9, 6.9, & 7.3.x Security Management Cisco Enterprise 4.3.0 McAfee epo 4.5, 4.6, 5.1 Governance/Risk/Compliance (GRC) LockPath Keylight 4.1 RSA Archer 5.3 Symantec CCS Suite 11 Security Information and Event Management (SIEM) HP ArcSight ESM McAfee ESM 9.2 Splunk 6.1 3

REDSEAL INTEGRATES AND OPTIMIZES SECURITY SOLUTIONS Overview RedSeal s cybersecurity analytics platform creates a complete inventory of all of the Layer 3 devices and infrastructure in your network, including routers, load balancers and firewalls, along with cloud-based and virtualized devices. It imports configuration data to build a digital model of your network, including all connectivity and access paths between any two points on it. RedSeal correlates the model with vulnerability scan data to put security issues in context. With this, RedSeal is able to prioritize your network s most critical security issues (based on access/downstream access), so you can address them first. RedSeal makes your compliance initiatives as well as your own policies more efficient and effective. You can set up a policy in RedSeal, then monitor and prove compliance quickly and continuously. RedSeal has key controls for PCI, NIST 800-53. NERC CIP and HIPAA. Importing and analyzing device configurations RedSeal uses a variety of communications methods to collect device configurations and security data. The following methods are supported, but may be specific to a particular device or solution: CVS (Concurrent Version System) FTP HTTP(S) Java Database Connector (JCBC) SCP SFTP (Secure FTP) SSH Telnet Windows File Share 4

Configuration management databases (CMDB) RedSeal can get information from an existing CMDB to build the model of your network without having to access devices directly. Because RedSeal analyzes configuration settings, it helps identify any network devices not currently known or managed within the CMDB. Network devices (routers, load balancers, firewalls, wireless controllers) RedSeal can also directly access and analyze devices whose configurations are missing or incomplete. It analyzes the configuration files of your network security devices on multiple levels: Finds connected devices or hosts not otherwise known or identified Runs a series of vendor-specific industry best practices on all network devices Verifies the integrity of firewall rulesets, including identifying redundant or unused rules RedSeal can also import configuration data that has been saved to a file, so that direct access on the network is not required. For more information on importing from a file, refer to RedSeal s Plugins Guide available from the RedSeal Support Portal, which gives more detail on what devices and file formats are available with this option. Cloud infrastructure (public and private) RedSeal enables you to unify your physical and cloud network security. It supports Amazon s popular Virtual Private Cloud (Amazon VPC), through either the AWS SDK or AWS Config. This integration with AWS allows RedSeal to analyze your cloud infrastructure and its connection to your physical network, including risk, policy compliance, and industry best practices. Virtualized infrastructure and datacenters RedSeal provides the ability to include details about virtualized environments in its model of your network. This includes processing ACL settings from virtual environments, modeling those environments, and factoring them into policy compliance and risk analysis. Vulnerability management solutions RedSeal incorporates vulnerability scan data from the industry s leading products and calculates every possible access path between all hosts. Using assigned (default or user defined) asset values and potential lateral movement or downstream risk, RedSeal s patented algorithms provide a list of the most critical actions you need to take to improve your network security. 5

Governance, risk, and compliance (GRC) solutions RedSeal can access data from GRC solutions, as well as provide data to a GRC solution. Sample integrations include: McAfee epo: RedSeal imports host information from epo. epo collects data from RedSeal including host attack risk, critical asset access and downstream risk which enables improved prioritization and policy setting. RSA Archer: RedSeal imports asset and group values, which are then used in RedSeal s risk metrics calculations and reports. Symantec: Control Compliance Suite (CCS) collects information from RedSeal, including host risk exposure, vulnerability status, and device best practice violations. LockPath: RedSeal enables faster remediation by sending prioritized vulnerability and risk information to LockPath s Keylight Security Manager, which routes it to the appropriate workgroup. RedSeal can also be configured to send data to SIEM solutions that enhances the context of the data these products provide to their customers. Security information and event management solutions (SIEM) RedSeal can be configured to send data via syslog to external systems. The information that can be exported includes: Detailed host information, including risk metrics, compromised hosts, hosts reachable from untrusted zones, or hosts that have access to your most critical asses Results from RedSeal device best practice checks Anomalies in the network model (e.g. dangling subnets, duplicate IPs) Policy status summary for each policy you have defined (e.g. PCI, internal) Specific SIEM solutions that RedSeal integrates with include: HP ArcSight: RedSeal exports data directly into ArcSight ESM using the standard CEF communication format. Splunk: RedSeal exports data to a Splunk dashboard, including comparisons to industry best practices, vulnerabilities and downstream risk. McAfee ESM: RedSeal exports data via syslog IBM QRadar: RedSeal exports data via syslog 6 REDSEAL 888.845.8169 redseal.co 940 Stewart Dr., Sunnyvale, CA 94085

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information