• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
An Introduction to enVision Enterprise Platform for Security ...
 

An Introduction to enVision Enterprise Platform for Security ...

on

  • 2,097 views

 

Statistics

Views

Total Views
2,097
Views on SlideShare
2,095
Embed Views
2

Actions

Likes
0
Downloads
87
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • And that’s what I want to discuss with you today. This slide sums up what we do. We offer products and services that help you turn security into a competitive advantage that accelerates your business. And to do that, you have to start by securing the data itself. We secure structured and unstructured data no matter where it resides . Worldwide, more than 1,000 companies including Adobe, Oracle, Hypercom, Sony and Nintendo embed our software in their applications. We help our customers provide employees with secure access to information anytime and anywhere . So companies like Main Line Health can provide their doctors, nurses and other health professionals with secure access to medical records, x-rays, and other medical information from their laptops 24X7 anywhere in the world. We help our customers securely extend internal systems to their trusted partners. So companies like Milliman can open a sales channel that nearly doubled their retirement plan participation. We help our customers provide secure self-service channels to their customers and prevent fraud. So E*TRADE can offer strong authentication to their customers. When they piloted this program, 69% of the users felt much more secure trading online. Halifax Bank of Scotland also deployed RSA technology and reported an 80% reduction in fraud. We help you record every interaction on your network – and then collect, correlate and analyze that information so you can prove compliance and improve IT operations. For example, EDS monitors all the activities across the IT infrastructure for all of their outsourcing clients, ensuring they can prove compliance within every local governance requirement their clients have. Regardless of which security governance or regulation is keeping you up at night, we offer key technologies and services to help you execute your security program and provide the insight and documentation you need to prove compliance.
  • We spoke earlier of our strategic partnerships. We are the most scalable solution in the market today. We have forged strong ties to some of the largest finance and consulting firms in the world. Just to give you and idea of scale @ EDS we are currently monitoring over 450,000 Events per Second to ensure SAS70 compliance. That is almost 390 Billion Log files a day. A tremendous amount of data! We will discuss how this is possible in a large or small scale deployment.
  • To prove compliance, one must have a complete view of activity surrounding all the data on the network. Using an advanced architecture that is deployed in hundreds of enterprises worldwide, Network Intelligence is able to capture all the data from network, security, host, application, and storage layers of the enterprise. The Network Intelligence software transforms this information into valuable intelligence. From a security operations perspective, this information can be used in real-time to alert security administrators of policy violations and for forensic analysis of security policy effectiveness. From a compliance perspective, this information can be used to produce reports outlining compliance with regulations such as GLBA, HIPAA, PCI, and many others. A key component of a the whole solution is the ability to store and retain the vast amounts of security data that is collected. To this end, Network Intelligence is integrated with EMC Celerra and EMC Centera storage systems to cost-effectively store and manage this information throughout its lifecycle.

An Introduction to enVision Enterprise Platform for Security ... An Introduction to enVision Enterprise Platform for Security ... Presentation Transcript

  • An Introduction to enVision Enterprise Platform for Security and Compliance Operations Karol Piling Consultant - Central & Eastern Europe RSA The Security Division of EMC
  • Introducing Information-centric Security secure data secure access customers partners employees security information management secure enterprise data Preserve the confidentiality and integrity of critical data wherever it resides secure employee access Enable secure, anytime, anywhere access to corporate resources secure partner access Open internal systems to trusted partners secure customer access Offer self-service channels, prevent fraud, and enhance consumer confidence manage security information Comply with security policy and regulations
  • RSA enVision – Market Proven Leadership Technology Partners Over 800 major enterprise and government accounts Market Presence Information Management Platform for transforming event, log, asset and other data into actionable related intelligence Vision Proven Patent-pending Internet Protocol Database ™ (IPDB) All the data for compliance and security success Technology Partners
    • Cisco
    • Juniper
    • Nortel
    • Foundry
    • Symantec
    • ISS
    • McAfee
    • Check Point
    • RSA
    • Microsoft
    • Linux / Unix
    • - Sun / HP
    • IBM AS400/Main
    • MS Exchange
    • Oracle
    • MS SQL
    • Websense
    • Bluecoat
    • Apache
    • - EMC
    Network Security Operating System Application Other Over 130 device partners Accolades “ Leader, 3 rd Year in a Row” “Only vendor with all the data” “ Excellent” “2005 Appliance bake-off winner” “ Leader” “Largest Market Presence”
  • What is enVision?
    • en Vision is a network based technology platform that helps you
      • See into
      • Understand
      • Protect data and assets
      • Report on
      • Store records of
      • what happened within the network and at its edges
  • What is enVision?
  • RSA enVision Market-Proven Leadership Fortune 500 Healthcare Energy & Utility Financial Services
    • 800+ customers
    • 50% of Fortune 10
    • 40% of top Global Banks
    • 30% of top US Banks
  • The Enterprise Today Mountains of data, many stakeholders How do you collect & protect all the data necessary to secure your network and comply with critical regulations? Unauthorized Service Detection IP Leakage Configuration Control Lockdown enforcement False Positive Reduction Access Control Enforcement Privileged User Management Malicious Code Detection Spyware detection Real-Time Monitoring Troubleshooting User Monitoring SLA Monitoring Router logs IDS/IDP logs VPN logs Firewall logs Switch logs Windows logs Client & file server logs Wireless access logs Windows domain logins Oracle Financial Logs San File Access Logs VLAN Access & Control logs DHCP logs Linux, Unix, Windows OS logs Mainframe logs Database Logs Web server activity logs Content management logs Web cache & proxy logs VA Scan logs
  • Growth of Enterprise Silos Redundant Information Management ACCESS CONTROL SOFTWARE FINANCIAL SOFTWARE FIREWALLS OPERATING SYSTEMS WORK- STATIONS ANTIVIRUS SOFTWARE INTRUSION PREVENTION
  • Solution: RSA enVision An Information Management Platform … Compliance Operations Security Operations Access Control Configuration Control Malicious Software Policy Enforcements User Monitoring & Management Environmental & Transmission Security Access Control Enforcement SLA Compliance Monitoring False Positive Reduction Real-time Monitoring Unauthorized Network Service Detection More… All the Data Log Management Any enterprise IP device – Universal Device Support (UDS) No filtering, normalizing, or data reduction Security events & operational information No agents required … For Compliance & Security Operations Server Engineering Business Ops. Compliance Audit Application & Database Network Ops. Risk Mgmt. Security Ops. Desktop Ops. Report Alert/Correlation Incident Mgmt. Log Mgmt. Asset Ident. Forensics Baseline
  • Log Management with the LogSmart ® Internet Protocol Database
    • Collect and Protect “All the Data”
      • Any enterprise IP device
      • Security exception events and IT operations information
      • No filtering, normalizing, or data reduction
    • Enable Compliance and Security Operations
      • Customizable work environments for compliance and security professionals
      • Standard, customizable compliance & security reports / alerts
      • Industry leadership Compliance and Security ILM tools
    • Minimize Operational Costs
      • Compressed data store
      • Easy to deploy appliance package
      • No DBA resources required
      • No agents required
    The Log Management Checklist   
  • LogSmart ® Internet Protocol Database No agents required Flexible XML UDS engine Raw logs (95%+ data compression) ~70% overall compression Security event & operations info. No data filtering Easy to deploy appliance packaging Parallel architecture ensures alert performance Customizable work environments Fully customizable compliance & security reports
  • RSA enVision and LogSmart IPDB All the Data™ with Consistently High Performance
    • Unpredictable consumption: collection bottleneck impacts use of data (e.g. alerts)
    Relational Database Limitations of Relational Database
    • Not designed for unstructured data (log)
    • Requires processing (filter, normalize, parse)
    Encrypted Compressed Parallel analysis Authenticated Unpredictable Alerts Data Explosion
    • Data Explosion: indexes & related data structure information is added (can result in <10x data)
    Data Loss
    • Data Loss: events are lost due to selective collection or system bottleneck
    LogSmart IPDB
  • RSA Envision: The LogSmart® IPDB ™ Advantage
  • RSA enVision Deployment Scales from a single appliance…. Collect Collect Collect Manage Legacy RSA enVision Supported Devices Analyze UDS Baseline Report Forensics Device Device Trend Micro Antivirus Microsoft ISS Juniper IDP Cisco IPS Netscreen Firewall Windows Server Correlated Alerts Realtime Analysis Integrated Incident Mgmt. Event Explorer Interactive Query
  • RSA enVision Deployment …To a distributed, enterprise-wide architecture A-SRV: Analysis Server D-SRV: Data Server LC: Local Collector RC: Remote Collector Bombay Remote Office NAS Chicago WW Security Operations LC D-SRV A-SRV NAS London European Headquarters D-SRV LC NAS New York WW Compliance Operations A-SRV D-SRV D-SRV LC LC
  • Security and Compliance Solutions
  • RSA enVision Protects the Enterprise eCommerce Operations Secure operations of all systems and data associated with eCommerce operations Internal Systems & Applications Secure operations of all systems and data associated with internal network services and applications Perimeter Network Operations Securely connect the enterprise to the Internet and other required corporate entities
  • RSA enVision A Framework for Security Operations = Most critical = Highly desired = Desired Security Objective Security Environment Product Capabilities
    • Log Management
    • Asset Identification
    • Baseline
    • Report & Audit
    • Alert
    • Forensic Analysis
    • Incident Management
    • Proof of delivery
    • Monitor against baselines
    SLA Compliance Monitoring
    • Shutdown rogue services
    • Intellectual property leakage
    Unauthorized Network Service Detection
    • External threat exposure
    • Internal investigations
    Watchlist Enforcement
    • Watch remote network areas
    • Consolidate distributed IDS alerts
    Correlated Threat Detection
    • Confirm IDS alerts
    • Enable critical alert escalation
    False Positive Reduction
    • Troubleshoot network & security events
    • “ What is happening?”
    Real-time Monitoring
    • Privileged user monitoring
    • Corporate policy conformance
    Access Control Enforcement Internal Systems & Applications eCommerce Operations Perimeter Network Operations
  • Correlation Example – Worm Detection Correlation Rule Name: W32.Blaster Worm The goal of this rule is to detect Blaster worm variants as well as other malicious code by analyzing network traffic patterns.
  • Vulnerability and Asset Management (VAM)
    • Customer objective: Leverage information about enterprise assets and known vulnerabilities to identify false-positive IDS messages and to provide content on assets and vulnerabilities.
      • VAM will help reduce the costs associated with incident handling by providing analysts direct insight into the state of an asset (e.g. detected vulnerabilities) and into the details of the identified vulnerability
    • Features:
      • Enhanced collection of asset data from vulnerability assessment tools.
        • VA tools supported at 3.5.0 are ISS and Nessus.
        • NEW VA tools supported in 3.7 : McAfee Foundscan, nCircle IP360, Qualys Inc. QualysGuard
      • Incorporation of vulnerability data from NVD, periodically updated.
      • Display of asset and vulnerability data in web UI and EE.
      • Suppression of IDS messages in alerting, based on confidence levels determined from attributes of assets and vulnerabilities.
        • IDS products supported at 3.5.0 are Dragon, ISS, and Snort.
        • IDS Producst supported at 3.7 are: ISS Real Secure, Cisco IDS, McAfee Intrushield, Juniper IDP [Netscreen] 3COM/Tipping Point Unity One
  • Vulnerability and Asset Management (VAM)
  • “ Companies that choose individual solutions for each regulatory challenge they face will spend 10 times more on compliance projects than those that take a proactive approach.” Lane Leskela, Gartner Research Director RSA enVision A Platform for Compliance Operations ISO NIST COBIT COSO ITIL RSA enVision
  • RSA enVision Transformation of Data into Actionable Intelligence Over 800 reports for regulatory compliance & security operations Dashboards
  • Information Lifecycle Management (ILM)
  • Challenge: Explosive Growth of Security Data Information Management Challenge information growth information types information uses information regulations more regulations: Sarbanes-Oxley, PCI, Basel II, GLBA, HIPAA, CDR, etc (more coming!) … more growth: Estimated 58% CAGR for security information over next five years (ESG, 2006) more uses: Security Operations, Compliance, Risk Management, Application Performance, IT Operations … more types: firewalls, VPNs, hosts, applications, storage …
  • Challenge: Explosive Growth of Security Data Extensive Data Retention Requirements Source: Enterprise Strategy Group, 2006 Fines 3 years FISMA Fines to $5M Imprisonment to 10 years 5 years Sarbanes-Oxley Fines Loss of credit card privileges Corporate Policy PCI Fines 6 years GLBA Fines 7 years Basel II Fines 6 months to 1 year NISPOM TBD 3 years NERC $25,000 6 years 2 years after patient death HIPAA Penalties Data Retention Requirements Regulation
  • Security Information Lifecycle Management The lifecycle of Security Log Data Capture Compress Secure Retire The Lifecycle of Security Log Data Retain in Nearline Retention Policy Store Online Up to 1 Year
  • RSA enVision ILM Maximized Data Value at Lowest Infrastructure Cost Capture Compress Secure Retire Retain in Nearline Store Online
    • User Defines Log Retention Policies
    • RSA enVision Automatically Enforces Policies
    ILM Retention Policy EMC Centera Online Policy (1 Year) EMC Celerra
  • Supported Protocols
    • Syslog, Syslog NG
    • SNMP
    • Formatted log files
      • Comma/tab/space delimited, other
    • ODBC connection to remote databases
    • Push/pull XML files via HTTP
    • Windows event logging API
    • CheckPoint OPSEC interface
    • Cisco IDS POP/RDEP/SDEE
    B-2
  • RSA enVision Stand-alone Appliances to Distributed Solutions EPS 500 1000 2500 5000 10000 30000 # DEVICES 7500 300,000 100 200 400 750 1250 1500 2048 30,000 ES Series LS Series
  • Industry Leading Scalability 34 18 28 4 30,000 20,000 28,000 4,000
    • Security
    • Configuration Control
    • Access Control Enforcement
    • Privileged User Monitoring
    • Compliance & Security
    • Real-Time Monitoring
    • False Positive Reduction
    • Access Control Enforcement
    • Compliance
    • SAS 70 Compliance
    • Compliance & Security
    • Log Management
    • Monitoring Firewalls For Audits
    MSSP INTERNAL Locations Events Devices Driver Organization 240K/ Sec 20B/ Day 76.8T/ Year 180K/ Sec 15.5B/ Day 5.6T/ Year 450K/ Sec 38.8T/ Day 148T/ Year 80K/ Sec 6.9B/ Day 2.5T/ Year 3 17,000
    • Compliance
    • Internal Audit
    95K/ Sec 8.2T/ Day 2.9T/ Year
  • Network Intelligence Compliance and Security Operations Enterprise-wide Log Management Platform Baseline Reports Alerts Forensics Asset Identification Incident Management All the Data Compliance Operations Business Operations Security Operations
  • Thank you!
  • Vulnerability and Asset Management (VAM)
    • Customer objective: Leverage information about enterprise assets and known vulnerabilities to identify false-positive IDS messages and to provide content on assets and vulnerabilities.
      • VAM will help reduce the costs associated with incident handling by providing analysts direct insight into the state of an asset (e.g. detected vulnerabilities) and into the details of the identified vulnerability
    • Features:
      • Enhanced collection of asset data from vulnerability assessment tools.
        • VA tools supported at 3.5.0 are ISS and Nessus.
        • NEW VA tools supported in 3.7 : McAfee Foundscan, nCircle IP360, Qualys Inc. QualysGuard
      • Incorporation of vulnerability data from NVD, periodically updated.
      • Display of asset and vulnerability data in web UI and EE.
      • Suppression of IDS messages in alerting, based on confidence levels determined from attributes of assets and vulnerabilities.
        • IDS products supported at 3.5.0 are Dragon, ISS, and Snort.
        • IDS Producst supported at 3.7 are: ISS Real Secure, Cisco IDS, McAfee Intrushield, Juniper IDP [Netscreen] 3COM/Tipping Point Unity One
  • Vulnerability and Asset Management (VAM)
    • Existing VA Scanners
      • Open Source Nessus
      • ISS SiteProtector
    • New VA Scanners
      • McAfee Foundscan
      • nCircle IP360
      • Qualys Inc. QualysGuard
  • New IDS/IPS Vulnerability Mapping References (Cont)
    • Supported IDS Devices
      • Dragon IDS
      • Snort / Sourcefire
      • ISS Real Secure
      • Cisco IDS
      • McAfee Intrushield
      • Juniper IDP [Netscreen]
      • 3COM/Tipping Point Unity One
  • New Device Additions In 3.7.0
    •    F5BigIP
    •    MS DHCP
    •    MSIAS
    •    EMC Celerra CIFS
    •    Lotus Domino
    •    RSA Access Manager
    •    Aventail
    •    Qualysguard
    •    Foundscan
    •    nCircle