1 / 24

Juniper Security Threat Response Manager (STRM) Customer Presentation

Juniper Security Threat Response Manager (STRM) Customer Presentation. Customer Challenges. Dispersed Threats. IT “information” overload Flood of logged events from many “point” network and security devices Lack of expertise to manage disparate data silos & tools Compliance mandates

lovie
Download Presentation

Juniper Security Threat Response Manager (STRM) Customer Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Juniper Security Threat Response Manager(STRM)Customer Presentation

  2. Customer Challenges Dispersed Threats • IT “information” overload • Flood of logged events from many “point” network and security devices • Lack of expertise to manage disparate data silos & tools • Compliance mandates • Industry specific regulations mandating security best practices • Internal IT “risk” assessment programs • Evolving internal and external threats • Insider abuse, theft of intellectual property • Complex integrated attacks IT Overload Industry Regulations

  3. Security Information & Event Management Log Management Network Behavior Analysis Introducing Junipers SIEM/NBAD SolutionSTRM – “Security Threat Response Manager” Integrates Mission Critical Network & Security Data Silos • STRM Key application features • Log Management • Provides long term collection, archival, search and reporting of event logs, flow logs and application data • Security Information and Event Management (SIEM) • Centralizes heterogeneous event monitoring, correlation and management • Network Behavior Anomaly Detection (NBAD) • Discovers aberrant network activities using network and application flow data STRM

  4. Log Management: Right Threats at the Right Time Compliance: Compliance and Policy Safety Net Complements Juniper’s Enterprise Mgmt Portfolio Threat Detection: Detect New Threats That Others Miss STRM’s Key Value Proposition Enterprise Value Juniper’s STRM Appliance

  5. STRM Architecture • STRM – Real time network & security visibility • Data collection provides network, security, application, and identity awareness • Embedded intelligence & analytics simplifies security operations • Prioritized “offenses” separates the wheat from the chafe • Solution enables effective Threat, Compliance & Log Management

  6. Log Management Log Management Is fundamental to any centralized network security management solution STRM enables Challenges include • Highly scalable log aggregation; Consistent logging taxonomy • Log overload for administrators • Broad vendor coverage and extensible APIs for less common formats • Multi-vendor network; Constant change of formats • Advanced log management capabilities including tamper proof log archives • Demanding operational requirements

  7. Compliance Templates Forensics Search Policy Reporting Log Management Unrivalled Data & log Management • Networking events • Switches & routers, including flow data • Security logs • Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway AV, Desktop AV, & UTM devices • Operating Systems/Host logs • Microsoft, Unix and Linux • Applications • Database, mail & web • User and asset • Authentication data • Support for leading vendors including: • Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others • Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others • Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow • Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others • Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others • Security map utilities: • Maxmine (provides geographies) • Shadownet • Botnet • Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter (ALE) • Integrate proprietary applications and legacy systems

  8. Log Management STRM Log Management Tamper Proof Log Archives • Event and flow logs are protected by storing associated check sum for each log file written to disk • Required by specific regulations (i.e. PCI) • Highest level of integrity provided by Secure Hashing Algorithm (SHA) from National Institute of Standards & Technology (NIST) • Hashing algorithms supported include: • MD2: Message Digest algorithm ad defined by RFC1319 • MD5: Message Digest algorithm ad defined by RFC1321 • SHA-1: Secure Hash Algorithm as defined by NIST FIPS 180-1 • SHA-2: Which includes SHA-256, 384 and 512 defined by NIST FIPS 180-2.

  9. Log Management Reporting • 220+ Out of the box report templates • Fully customizable reporting engine: creating, branding and scheduling delivery of reports • Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA • Reports based on control frameworks: NIST, ISO and CoBIT

  10. Threat Management Security Event correlation & threat Management Is necessary to effectively make sense of all of the collected data Challenges include STRM provides • Simplified out-of-the-box building blocks & rules simplify rule management • Correlation rules complex to manage • QID map provides intelligent mapping of vendor events • Vendor log formats are a moving target • Extensive use of historical profiling for improved accuracy of results • Constant change on the network

  11. Threat Management STRM Offense Management • Tracks significant security incidents & threats • Leverages building blocks & rules • Builds history of supporting & relevant information for significant security incidents • Provides “point-in-time” reference of offending users and vulnerability state • Provides record of first and last occurrence of security incidents • Incorporates network behavior analysis to validate/discredit incidents & detect unknown traffic patterns • Provides prioritization based on: credibility, relevance & severity

  12. Threat Management The Value of JFLOW • Passive flow monitoring creates asset profiles and helps auto-discover/classify hosts • Passive vulnerability information for correlation • Detection of day-zero attacks that have no signature • Policy monitoring and rogue server detection • Visibility into all communication made by an attacker, regardless of whether it caused an event • Network awareness, visibility and problem solving (not necessarily security related) • Mail loops, misconfigured apps, application performance issues

  13. STRM correlation of data sources creates offenses (129) Offenses are a complete history of a threat or violation with full context about accompanying network, asset and user identity information Offenses are further prioritized by business impact Threat Management The Key to Data Management: Reduction and Prioritization STRM Previous 24hr period of network and security activity (2.7M logs)

  14. Threat Management Offense ManagementIntelligent Workflow for Operators Who Is attacking ? What is being attacked ? What is the impact ? Where do I investigate ?

  15. STRM System features • Centralized browser based UI • Role based access to information • Customizable dashboards • Real-time & historical visibility • Advanced data mining & drill down • Easy to use rule engine • Hierarchical distribution for scale

  16. STRM Key Benefits • Converged network security management console • Integrates typically silo’d network & security data • Network, security, application, & identity awareness • Unrivaled data management greatly improves ability to meet IT security control objectives • Advanced analytics & threat detection • Detects threats that other solutions miss • Compliance-driven capabilities • Enables IT best practices that support compliance initiatives • Scalable distributed log collection and archival • Network security management scales to any sized organization

  17. Summary STRM delivers repeatable security and compliance management: • Integrated network, security, identity and application aware network security management platform • Gain efficiency through use of a single pain of glass across entire infrastructure • Advanced correlation to deliver actionable “offenses” • Gain unparalleled ability to reduce noise and recognize the most important security incidents • Efficient and secure log management • Meet logging and auditing requirements for all internal/external IT security mandates • Flexible deployment options - Turnkey log management to full Network Security Management Log Management Threat Management Compliance Management

  18. STRM Products STRM5000 Large enterprises &Service Providers STRM - EP STRM - EP Small Medium Enterprise STRM2500 Small Enterprise STRM500 2500EPS 50 & 100k F 250EPS 15k F 1000EPS 50 & 100k F Events per sec Flows per Min 500EPS 15kF 5000EPS 100 & 200k F 5000 + EPS 100 & 200k F

  19. Hardware Summary

  20. STRM Pricing

  21. Competitive Summary

  22. Competitive Pricing Analysis

  23. STRM Release Schedule Q108 STRM 500 STRM 2500 Full Soln STRM 2008.2 STRM 2008.3 STRM 2008.1 STRM 2008.4 Q208 STRM5000 STRM Log Management and Reporting only option Add additional device support EX, M, MX Q308 Reporting Enhancements Time Based Reporting HA Q408 Integration with NSM Australia, Viking support Risk Assessment Planning Phase Planning Phase Planning Phase Q1 ‘08 Q3 ‘08 Q2 ‘08 Q4 ‘08

  24. Thank You

More Related