1 / 37

An Introduction to enVision Enterprise Platform for Security and Compliance Operations

An Introduction to enVision Enterprise Platform for Security and Compliance Operations. Karol Piling Consultant - Central & Eastern Europe RSA The Security Division of EMC. Introducing Information-centric Security.

laddie
Download Presentation

An Introduction to enVision Enterprise Platform for Security and Compliance Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to enVisionEnterprise Platform for Security and Compliance Operations Karol Piling Consultant - Central & Eastern Europe RSA The Security Division of EMC

  2. Introducing Information-centric Security secure enterprise dataPreserve the confidentiality and integrity of critical data wherever it resides secure employee accessEnable secure, anytime, anywhere access to corporate resources secure partner accessOpen internal systems to trusted partners secure customer accessOffer self-service channels, prevent fraud, and enhance consumer confidence manage security informationComply with security policy and regulations secure access secure data customers partners employees security information management

  3. RSA enVision – Market Proven Leadership Vision Information Management Platform for transforming event, log, asset and other data into actionable related intelligence Market Presence Over 800 major enterprise and government accounts Technology Proven Patent-pending Internet Protocol Database™(IPDB) All the data for compliance and security success Partners Network Security Operating System Application Other • Cisco • Juniper • Nortel • Foundry • Symantec • ISS • McAfee • Check Point • RSA • Microsoft • Linux / Unix • - Sun / HP • IBM AS400/Main • MS Exchange • Oracle • MS SQL • Websense • Bluecoat • Apache • - EMC Over 130 device partners Accolades “Leader”“Largest Market Presence” “Leader, 3rd Year in a Row”“Only vendor with all the data” “Excellent”“2005 Appliance bake-off winner” Technology Partners

  4. What is enVision? • enVision is a network based technology platform that helps you • See into • Understand • Protect data and assets • Report on • Store records of what happened within the network and at its edges

  5. What is enVision?

  6. RSA enVisionMarket-Proven Leadership • 800+ customers • 50% of Fortune 10 • 40% of top Global Banks • 30% of top US Banks Energy & Utility Healthcare Fortune 500 Financial Services

  7. Web cache & proxy logs Web server activity logs Content management logs Switch logs IDS/IDP logs VA Scan logs Router logs Windows logs Windows domain logins VPN logs Firewall logs Wireless access logs Linux, Unix, Windows OS logs Oracle Financial Logs Mainframe logs Client & file server logs DHCP logs San File Access Logs VLAN Access & Control logs Database Logs The Enterprise TodayMountains of data, many stakeholders Malicious Code Detection Spyware detection Real-Time Monitoring Troubleshooting Access Control EnforcementPrivileged User Management Configuration ControlLockdown enforcement UnauthorizedService DetectionIP Leakage False Positive Reduction SLA Monitoring User Monitoring How do you collect & protect all the data necessary to secure your network and comply with critical regulations?

  8. ACCESS CONTROL SOFTWARE FINANCIAL SOFTWARE FIREWALLS OPERATING SYSTEMS WORK- STATIONS ANTIVIRUS SOFTWARE INTRUSION PREVENTION Growth of Enterprise SilosRedundant Information Management

  9. Server Engineering Business Ops. Compliance Audit Risk Mgmt. Security Ops. Desktop Ops. Network Ops. Application & Database Alert/Correlation Asset Ident. Report Baseline Forensics Log Mgmt. Incident Mgmt. Solution: RSA enVisionAn Information Management Platform… Compliance Operations Security Operations Access Control Enforcement SLA Compliance Monitoring False Positive Reduction Real-time Monitoring Unauthorized Network Service Detection More… Access Control Configuration Control Malicious Software Policy Enforcements User Monitoring & Management Environmental & Transmission Security All the Data Log Management Any enterprise IP device – Universal Device Support (UDS) No filtering, normalizing, or data reduction Security events & operational information No agents required …For Compliance & Security Operations

  10. Log Management with the LogSmart® Internet Protocol Database

  11. LogSmart® Internet Protocol Database Security event & operations info. No data filtering Parallel architecture ensures alert performance Easy to deploy appliance packaging No agents required Flexible XML UDS engine Customizable work environments Fully customizable compliance & security reports Raw logs (95%+ data compression) ~70% overall compression

  12. Data Loss • Data Loss: events are lost due to selective collection or system bottleneck Data Explosion • Data Explosion: indexes & related data structure information is added (can result in <10x data) LogSmart IPDB RSA enVision and LogSmart IPDBAll the Data™ with Consistently High Performance Limitations of Relational Database • Not designed for unstructured data (log) • Requires processing (filter, normalize, parse) Parallel analysis • Unpredictable consumption: collection bottleneck impacts use of data (e.g. alerts) Authenticated Unpredictable Alerts Compressed Relational Database Encrypted

  13. RSA Envision:The LogSmart® IPDB™ Advantage

  14. Interactive Query CorrelatedAlerts Realtime Analysis Baseline Report EventExplorer Forensics Integrated Incident Mgmt. WindowsServer NetscreenFirewall CiscoIPS Juniper IDP Microsoft ISS Trend Micro Antivirus Device Device RSA enVision DeploymentScales from a single appliance…. Analyze Manage Collect Collect Collect UDS RSA enVision Supported Devices Legacy

  15. D-SRV A-SRV NAS NAS LC D-SRV LC LondonEuropeanHeadquarters ChicagoWW SecurityOperations A-SRV D-SRV D-SRV Bombay Remote Office NAS LC LC New YorkWW ComplianceOperations RSA enVision Deployment…To a distributed, enterprise-wide architecture A-SRV: Analysis Server D-SRV: Data Server LC: Local Collector RC: Remote Collector

  16. Security and Compliance Solutions

  17. RSA enVision Protects the Enterprise Internal Systems & Applications Secure operations of all systems and data associated with internal network services and applications eCommerce Operations Secure operations of all systems and data associated with eCommerce operations Perimeter Network Operations Securely connect the enterprise to the Internet and other required corporate entities

  18. RSA enVisionA Framework for Security Operations Security Environment Security Objective Product Capabilities • Log Management • Asset Identification • Baseline • Report & Audit • Alert • Forensic Analysis • Incident Management = Most critical = Highly desired = Desired

  19. Correlation Example – Worm Detection Correlation Rule Name: W32.Blaster Worm The goal of this rule is to detect Blaster worm variants as well as other malicious code by analyzing network traffic patterns.

  20. Vulnerability and Asset Management (VAM) • Customer objective: Leverage information about enterprise assets and known vulnerabilities to identify false-positive IDS messages and to provide content on assets and vulnerabilities. • VAM will help reduce the costs associated with incident handling by providing analysts direct insight into the state of an asset (e.g. detected vulnerabilities) and into the details of the identified vulnerability • Features: • Enhanced collection of asset data from vulnerability assessment tools. • VA tools supported at 3.5.0 are ISS and Nessus. • NEW VA tools supported in 3.7 : McAfee Foundscan, nCircle IP360, Qualys Inc. QualysGuard • Incorporation of vulnerability data from NVD, periodically updated. • Display of asset and vulnerability data in web UI and EE. • Suppression of IDS messages in alerting, based on confidence levels determined from attributes of assets and vulnerabilities. • IDS products supported at 3.5.0 are Dragon, ISS, and Snort. • IDS Producst supported at 3.7 are: ISS Real Secure, Cisco IDS, McAfee Intrushield, Juniper IDP [Netscreen] 3COM/Tipping Point Unity One

  21. Vulnerability and Asset Management (VAM)

  22. RSA enVisionA Platform for Compliance Operations COBIT NIST COSO ITIL ISO RSA enVision “Companies that choose individual solutions for each regulatory challenge they face will spend 10 times more on compliance projects than those that take a proactive approach.” Lane Leskela, Gartner Research Director

  23. RSA enVisionTransformation of Data into Actionable Intelligence Dashboards Over 800 reports for regulatory compliance & security operations

  24. Information Lifecycle Management (ILM)

  25. Challenge: Explosive Growth of Security DataExtensive Data Retention Requirements Source: Enterprise Strategy Group, 2006

  26. Security Information Lifecycle Management The lifecycle of Security Log Data Up to 1 Year Retention Policy Capture Compress Retain in Nearline Retire Secure Store Online The Lifecycle of Security Log Data

  27. Online Policy (1 Year) Retention Policy EMC Centera EMC Celerra RSA enVision ILMMaximized Data Value at Lowest Infrastructure Cost • User Defines Log Retention Policies ILM • RSA enVision Automatically Enforces Policies Capture Compress Retain in Nearline Retire Secure Store Online

  28. Supported Protocols • Syslog, Syslog NG • SNMP • Formatted log files • Comma/tab/space delimited, other • ODBC connection to remote databases • Push/pull XML files via HTTP • Windows event logging API • CheckPoint OPSEC interface • Cisco IDS POP/RDEP/SDEE B-2

  29. LS Series ES Series RSA enVisionStand-alone Appliances to Distributed Solutions 300,000 EPS 30000 10000 7500 5000 2500 1000 # DEVICES 500 100 200 400 750 1250 1500 2048 30,000

  30. Industry Leading Scalability Organization Locations Events Devices Driver 34 240K/ Sec 20B/ Day 76.8T/ Year 30,000 • Security • Configuration Control • Access Control Enforcement • Privileged User Monitoring MSSP • Compliance & Security • Real-Time Monitoring • False Positive Reduction • Access Control Enforcement 18 180K/ Sec 15.5B/ Day 5.6T/ Year 20,000 28 450K/ Sec 38.8T/ Day 148T/ Year 28,000 • Compliance • SAS 70 Compliance INTERNAL • Compliance & Security • Log Management • Monitoring Firewalls For Audits 4 80K/ Sec 6.9B/ Day 2.5T/ Year 4,000 3 95K/ Sec 8.2T/ Day 2.9T/ Year 17,000 • Compliance • Internal Audit

  31. Network IntelligenceCompliance and Security Operations Business Operations Asset Identification Baseline Enterprise-wide Log ManagementPlatform Reports All the Data Compliance Operations Alerts Forensics Security Operations Incident Management

  32. Thank you!

  33. Vulnerability and Asset Management (VAM) • Customer objective: Leverage information about enterprise assets and known vulnerabilities to identify false-positive IDS messages and to provide content on assets and vulnerabilities. • VAM will help reduce the costs associated with incident handling by providing analysts direct insight into the state of an asset (e.g. detected vulnerabilities) and into the details of the identified vulnerability • Features: • Enhanced collection of asset data from vulnerability assessment tools. • VA tools supported at 3.5.0 are ISS and Nessus. • NEW VA tools supported in 3.7 : McAfee Foundscan, nCircle IP360, Qualys Inc. QualysGuard • Incorporation of vulnerability data from NVD, periodically updated. • Display of asset and vulnerability data in web UI and EE. • Suppression of IDS messages in alerting, based on confidence levels determined from attributes of assets and vulnerabilities. • IDS products supported at 3.5.0 are Dragon, ISS, and Snort. • IDS Producst supported at 3.7 are: ISS Real Secure, Cisco IDS, McAfee Intrushield, Juniper IDP [Netscreen] 3COM/Tipping Point Unity One

  34. Vulnerability and Asset Management (VAM)

  35. Existing VA Scanners • Open Source Nessus • ISS SiteProtector • New VA Scanners • McAfee Foundscan • nCircle IP360 • Qualys Inc. QualysGuard

  36. New IDS/IPS Vulnerability Mapping References (Cont) • Supported IDS Devices • Dragon IDS • Snort / Sourcefire • ISS Real Secure • Cisco IDS • McAfee Intrushield • Juniper IDP [Netscreen] • 3COM/Tipping Point Unity One

  37. New Device Additions In 3.7.0 •    F5BigIP •    MS DHCP •    MSIAS •    EMC Celerra CIFS •    Lotus Domino •    RSA Access Manager •    Aventail •    Qualysguard •    Foundscan •    nCircle

More Related