More Related Content
Similar to Security Risk Management- moeshesh
Similar to Security Risk Management- moeshesh (20)
Security Risk Management- moeshesh
- 3. Module Topics
• Security Risk Management with ePO
– SRM Model
– Centralized Security Management
– Components & Architecture
Security Risk Management with ePolicy Orchestrator Module 1 - 3 © 2009 McAfee, Inc. All rights reserved.
- 4. Security Risk Management SRM Model
• Centralized Management
• Components & Architecture
• Machine import
Identify & • Machine discovery
group assets • Rogue detection
• Infection reporting
• Measure
Determine vulnerability
risk • Notification
• Configuration
Protect and • Enforcement
block • Maintenance
• Coverage reporting
• Compliance
reporting
Measure
• System compliance
compliance
• McAfee NAC
Security Risk Management with ePolicy Orchestrator Module 1 - 4 © 2009 McAfee, Inc. All rights reserved.
- 5. Protecting The Enterprise
• The Challenge
– Identify & group assets
– Determine risk
– Protect and block threats
– Measure compliance
Security Risk Management with ePolicy Orchestrator Module 1 - 5 © 2009 McAfee, Inc. All rights reserved.
- 6. Identify & Group Assets
• Import known machines from a browse list
• Synchronize with Active Directory
• Detect Rogue Systems
• Group machines according to management needs
• Assign policies on a generic or granular level
Security Risk Management with ePolicy Orchestrator Module 1 - 6 © 2009 McAfee, Inc. All rights reserved.
- 7. Determine Risk
• Monitor threat events and propagation
• Determine infection and outbreak source
• Provide Automatic Responses to rule infringement
Security Risk Management with ePolicy Orchestrator Module 1 - 7 © 2009 McAfee, Inc. All rights reserved.
- 8. Protect And Block Threats
• Ensure correct configuration
• Enforce security policy
• Maintain and update protection
• Respond to rule intrusion
Security Risk Management with ePolicy Orchestrator Module 1 - 8 © 2009 McAfee, Inc. All rights reserved.
- 9. Measure Compliance
• Report on coverage and protection levels
• Determine compliance to anti-virus policy
• Determine compliance to system policy
• Roll-up reporting across multiple ePO servers
Security Risk Management with ePolicy Orchestrator Module 1 - 9 © 2009 McAfee, Inc. All rights reserved.
- 10. Centralized System Security Management SRM Model
Centralized Mgmt
• Components/Architecture
ePolicy
Automatic Manage only Orchestrator McAfee
one policy Server and Download
Responses to Master Site
Threats framework Repository
Consolidate
monitoring
Product Updates
Automatic DAT File Updates and reporting
Responses /
Threat Database
Notification Server
Scalability &
Rogue Web-based
Bandwidth System Consoles
savings Remote Secure Detection
Agent Bi-directional Sensor
Handler Channel Update
Repository
Product Updates Product Updates
DAT File Updates DAT File Updates
Policy Updates
Threat Events Policy Updates
Threat Events Easily discover
non-compliant
systems
Managed Systems with McAfee Agents Managed Systems with McAfee Agents
Security Risk Management with ePolicy Orchestrator Module 1 - 10 © 2009 McAfee, Inc. All rights reserved.
- 11. Feature Management
• ePolicy Orchestrator manages products through:
– Product deployment
– Configuration management
– Update and task configuration
– Coverage reporting
– Threat Event reporting
Security Risk Management with ePolicy Orchestrator Module 1 - 11 © 2009 McAfee, Inc. All rights reserved.
- 12. Architecture And Communication
Agent Handler
McAfee Agent APACHE Event Parser
Service Service
Framework
Service HTTP 80
Master
UDP 8081
Repository
UDP 8082
TCP 8081
DAL
HTTP
8080
ePO Server
Application Server
Network Database (TOMCAT)
Console UI
Rogue
HTTPS 8443 Notification
Sensor
System
Rogue System
HTTPS 8444
Sensor
Security Risk Management with ePolicy Orchestrator Module 1 - 12 © 2009 McAfee, Inc. All rights reserved.
- 13. Check Your Understanding
Choose the correct answer(s):
What are the four primary stages of the Security Risk
Management model?
• Discover, Determine, Defend, Detect
• Find & Manage, Evaluate, Enforce & Protect, Fix &
Comply
• Assess, Remediate, Measure, Prioritize
Security Risk Management with ePolicy Orchestrator Module 1 - 13 © 2009 McAfee, Inc. All rights reserved.
- 14. Check Your Understanding
Choose the correct answer(s):
What are the four primary stages of the Security Risk
Management model?
• Discover, Determine, Defend, Detect
Find & Manage, Evaluate, Enforce & Protect, Fix &
Comply
• Assess, Remediate, Measure, Prioritize
Security Risk Management with ePolicy Orchestrator Module 1 - 14 © 2009 McAfee, Inc. All rights reserved.