an introduction to envision enterprise platform for security and compliance operations l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
An Introduction to enVision Enterprise Platform for Security and Compliance Operations PowerPoint Presentation
Download Presentation
An Introduction to enVision Enterprise Platform for Security and Compliance Operations

Loading in 2 Seconds...

play fullscreen
1 / 37

An Introduction to enVision Enterprise Platform for Security and Compliance Operations - PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on

An Introduction to enVision Enterprise Platform for Security and Compliance Operations. Karol Piling Consultant - Central & Eastern Europe RSA The Security Division of EMC. Introducing Information-centric Security.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'An Introduction to enVision Enterprise Platform for Security and Compliance Operations' - laddie


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
an introduction to envision enterprise platform for security and compliance operations

An Introduction to enVisionEnterprise Platform for Security and Compliance Operations

Karol Piling

Consultant - Central & Eastern Europe

RSA The Security Division of EMC

introducing information centric security
Introducing Information-centric Security

secure enterprise dataPreserve the confidentiality and integrity of critical data wherever it resides

secure employee accessEnable secure, anytime, anywhere access to corporate resources

secure partner accessOpen internal systems to trusted partners

secure customer accessOffer self-service channels, prevent fraud, and enhance consumer confidence

manage security informationComply with security policy and regulations

secure access

secure data

customers

partners

employees

security information management

slide3

RSA enVision – Market Proven Leadership

Vision

Information Management Platform for transforming event, log, asset and other data into actionable related intelligence

Market Presence

Over 800 major enterprise and government accounts

Technology

Proven Patent-pending Internet Protocol Database™(IPDB)

All the data for compliance and security success

Partners

Network

Security

Operating System

Application

Other

  • Cisco
  • Juniper
  • Nortel
  • Foundry
  • Symantec
  • ISS
  • McAfee
  • Check Point
  • RSA
  • Microsoft
  • Linux / Unix
  • - Sun / HP
  • IBM AS400/Main
  • MS Exchange
  • Oracle
  • MS SQL
  • Websense
  • Bluecoat
  • Apache
  • - EMC

Over 130 device partners

Accolades

“Leader”“Largest Market Presence”

“Leader, 3rd Year in a Row”“Only vendor with all the data”

“Excellent”“2005 Appliance bake-off winner”

Technology Partners

what is envision
What is enVision?
  • enVision is a network based technology platform that helps you
    • See into
    • Understand
    • Protect data and assets
    • Report on
    • Store records of

what happened within the network and at its edges

rsa envision market proven leadership
RSA enVisionMarket-Proven Leadership
  • 800+ customers
  • 50% of Fortune 10
  • 40% of top Global Banks
  • 30% of top US Banks

Energy & Utility

Healthcare

Fortune 500

Financial Services

the enterprise today mountains of data many stakeholders

Web cache & proxy logs

Web server activity logs

Content management logs

Switch logs

IDS/IDP logs

VA Scan logs

Router logs

Windows logs

Windows domain logins

VPN logs

Firewall logs

Wireless access logs

Linux, Unix, Windows OS logs

Oracle Financial Logs

Mainframe logs

Client & file server logs

DHCP logs

San File Access Logs

VLAN Access & Control logs

Database Logs

The Enterprise TodayMountains of data, many stakeholders

Malicious Code Detection

Spyware detection

Real-Time Monitoring

Troubleshooting

Access Control EnforcementPrivileged User Management

Configuration ControlLockdown enforcement

UnauthorizedService DetectionIP Leakage

False Positive Reduction

SLA Monitoring

User

Monitoring

How do you collect & protect all the data necessary to secure your network and comply with critical regulations?

growth of enterprise silos redundant information management

ACCESS

CONTROL

SOFTWARE

FINANCIAL

SOFTWARE

FIREWALLS

OPERATING

SYSTEMS

WORK-

STATIONS

ANTIVIRUS

SOFTWARE

INTRUSION

PREVENTION

Growth of Enterprise SilosRedundant Information Management
solution rsa envision an information management platform

Server Engineering

Business Ops.

Compliance Audit

Risk Mgmt.

Security Ops.

Desktop Ops.

Network Ops.

Application & Database

Alert/Correlation

Asset Ident.

Report

Baseline

Forensics

Log Mgmt.

Incident Mgmt.

Solution: RSA enVisionAn Information Management Platform…

Compliance Operations

Security Operations

Access Control Enforcement

SLA Compliance Monitoring

False Positive Reduction

Real-time Monitoring

Unauthorized Network Service Detection

More…

Access Control

Configuration Control

Malicious Software

Policy Enforcements

User Monitoring & Management

Environmental & Transmission Security

All the Data

Log Management

Any enterprise IP device – Universal Device Support (UDS)

No filtering, normalizing, or data reduction

Security events & operational information

No agents required

…For Compliance & Security Operations

logsmart internet protocol database
LogSmart® Internet Protocol Database

Security event & operations info. No data filtering

Parallel architecture ensures alert performance

Easy to deploy appliance packaging

No agents required

Flexible XML UDS engine

Customizable work environments

Fully customizable compliance & security reports

Raw logs (95%+ data compression)

~70% overall compression

rsa envision and logsmart ipdb all the data with consistently high performance

Data Loss

  • Data Loss: events are lost due to selective collection or system bottleneck

Data Explosion

  • Data Explosion: indexes & related data structure information is added (can result in <10x data)

LogSmart IPDB

RSA enVision and LogSmart IPDBAll the Data™ with Consistently High Performance

Limitations of Relational Database

  • Not designed for unstructured data (log)
  • Requires processing (filter, normalize, parse)

Parallel analysis

  • Unpredictable consumption: collection bottleneck impacts use of data (e.g. alerts)

Authenticated

Unpredictable Alerts

Compressed

Relational Database

Encrypted

rsa envision deployment scales from a single appliance

Interactive Query

CorrelatedAlerts

Realtime

Analysis

Baseline

Report

EventExplorer

Forensics

Integrated Incident

Mgmt.

WindowsServer

NetscreenFirewall

CiscoIPS

Juniper

IDP

Microsoft

ISS

Trend Micro

Antivirus

Device

Device

RSA enVision DeploymentScales from a single appliance….

Analyze

Manage

Collect

Collect

Collect

UDS

RSA enVision Supported Devices

Legacy

rsa envision deployment to a distributed enterprise wide architecture

D-SRV

A-SRV

NAS

NAS

LC

D-SRV

LC

LondonEuropeanHeadquarters

ChicagoWW SecurityOperations

A-SRV

D-SRV

D-SRV

Bombay

Remote Office

NAS

LC

LC

New YorkWW ComplianceOperations

RSA enVision Deployment…To a distributed, enterprise-wide architecture

A-SRV: Analysis Server

D-SRV: Data Server

LC: Local Collector

RC: Remote Collector

rsa envision protects the enterprise
RSA enVision Protects the Enterprise

Internal Systems & Applications Secure operations of all systems and data associated with internal network services and applications

eCommerce Operations

Secure operations of all systems and data associated with eCommerce operations

Perimeter Network Operations

Securely connect the enterprise to the Internet and other required corporate entities

rsa envision a framework for security operations
RSA enVisionA Framework for Security Operations

Security Environment

Security Objective

Product

Capabilities

  • Log Management
  • Asset Identification
  • Baseline
  • Report & Audit
  • Alert
  • Forensic Analysis
  • Incident Management

= Most critical

= Highly desired

= Desired

slide19

Correlation Example – Worm Detection

Correlation Rule Name: W32.Blaster Worm

The goal of this rule is to detect Blaster worm variants as well as other malicious code by analyzing network traffic patterns.

vulnerability and asset management vam
Vulnerability and Asset Management (VAM)
  • Customer objective: Leverage information about enterprise assets and known vulnerabilities to identify false-positive IDS messages and to provide content on assets and vulnerabilities.
    • VAM will help reduce the costs associated with incident handling by providing analysts direct insight into the state of an asset (e.g. detected vulnerabilities) and into the details of the identified vulnerability
  • Features:
    • Enhanced collection of asset data from vulnerability assessment tools.
      • VA tools supported at 3.5.0 are ISS and Nessus.
      • NEW VA tools supported in 3.7 : McAfee Foundscan, nCircle IP360, Qualys Inc. QualysGuard
    • Incorporation of vulnerability data from NVD, periodically updated.
    • Display of asset and vulnerability data in web UI and EE.
    • Suppression of IDS messages in alerting, based on confidence levels determined from attributes of assets and vulnerabilities.
      • IDS products supported at 3.5.0 are Dragon, ISS, and Snort.
      • IDS Producst supported at 3.7 are: ISS Real Secure, Cisco IDS, McAfee Intrushield, Juniper IDP [Netscreen] 3COM/Tipping Point Unity One
slide22

RSA enVisionA Platform for Compliance Operations

COBIT

NIST

COSO

ITIL

ISO

RSA enVision

“Companies that choose individual solutions for each regulatory challenge they face will spend 10 times more on compliance projects than those that take a proactive approach.”

Lane Leskela, Gartner Research Director

rsa envision transformation of data into actionable intelligence
RSA enVisionTransformation of Data into Actionable Intelligence

Dashboards

Over 800 reports for

regulatory compliance

& security operations

challenge explosive growth of security data extensive data retention requirements
Challenge: Explosive Growth of Security DataExtensive Data Retention Requirements

Source: Enterprise Strategy Group, 2006

security information lifecycle management
Security Information Lifecycle Management

The lifecycle of Security Log Data

Up to 1 Year

Retention Policy

Capture

Compress

Retain in Nearline

Retire

Secure

Store Online

The Lifecycle of Security Log Data

rsa envision ilm maximized data value at lowest infrastructure cost

Online Policy (1 Year)

Retention Policy

EMC Centera

EMC Celerra

RSA enVision ILMMaximized Data Value at Lowest Infrastructure Cost
  • User Defines Log Retention Policies

ILM

  • RSA enVision Automatically Enforces Policies

Capture

Compress

Retain in Nearline

Retire

Secure

Store Online

supported protocols
Supported Protocols
  • Syslog, Syslog NG
  • SNMP
  • Formatted log files
    • Comma/tab/space delimited, other
  • ODBC connection to remote databases
  • Push/pull XML files via HTTP
  • Windows event logging API
  • CheckPoint OPSEC interface
  • Cisco IDS POP/RDEP/SDEE

B-2

rsa envision stand alone appliances to distributed solutions

LS Series

ES Series

RSA enVisionStand-alone Appliances to Distributed Solutions

300,000

EPS

30000

10000

7500

5000

2500

1000

# DEVICES

500

100 200 400 750 1250 1500 2048 30,000

industry leading scalability
Industry Leading Scalability

Organization

Locations

Events

Devices

Driver

34

240K/

Sec

20B/

Day

76.8T/

Year

30,000

  • Security
  • Configuration Control
  • Access Control Enforcement
  • Privileged User Monitoring

MSSP

  • Compliance & Security
  • Real-Time Monitoring
  • False Positive Reduction
  • Access Control Enforcement

18

180K/

Sec

15.5B/

Day

5.6T/

Year

20,000

28

450K/

Sec

38.8T/

Day

148T/

Year

28,000

  • Compliance
  • SAS 70 Compliance

INTERNAL

  • Compliance & Security
  • Log Management
  • Monitoring Firewalls For Audits

4

80K/

Sec

6.9B/

Day

2.5T/

Year

4,000

3

95K/

Sec

8.2T/

Day

2.9T/

Year

17,000

  • Compliance
  • Internal Audit
network intelligence compliance and security operations
Network IntelligenceCompliance and Security Operations

Business

Operations

Asset Identification

Baseline

Enterprise-wide

Log ManagementPlatform

Reports

All the

Data

Compliance

Operations

Alerts

Forensics

Security

Operations

Incident Management

vulnerability and asset management vam33
Vulnerability and Asset Management (VAM)
  • Customer objective: Leverage information about enterprise assets and known vulnerabilities to identify false-positive IDS messages and to provide content on assets and vulnerabilities.
    • VAM will help reduce the costs associated with incident handling by providing analysts direct insight into the state of an asset (e.g. detected vulnerabilities) and into the details of the identified vulnerability
  • Features:
    • Enhanced collection of asset data from vulnerability assessment tools.
      • VA tools supported at 3.5.0 are ISS and Nessus.
      • NEW VA tools supported in 3.7 : McAfee Foundscan, nCircle IP360, Qualys Inc. QualysGuard
    • Incorporation of vulnerability data from NVD, periodically updated.
    • Display of asset and vulnerability data in web UI and EE.
    • Suppression of IDS messages in alerting, based on confidence levels determined from attributes of assets and vulnerabilities.
      • IDS products supported at 3.5.0 are Dragon, ISS, and Snort.
      • IDS Producst supported at 3.7 are: ISS Real Secure, Cisco IDS, McAfee Intrushield, Juniper IDP [Netscreen] 3COM/Tipping Point Unity One
slide35
Existing VA Scanners
    • Open Source Nessus
    • ISS SiteProtector
  • New VA Scanners
    • McAfee Foundscan
    • nCircle IP360
    • Qualys Inc. QualysGuard
new ids ips vulnerability mapping references cont
New IDS/IPS Vulnerability Mapping References (Cont)
  • Supported IDS Devices
    • Dragon IDS
    • Snort / Sourcefire
    • ISS Real Secure
    • Cisco IDS
    • McAfee Intrushield
    • Juniper IDP [Netscreen]
    • 3COM/Tipping Point Unity One
new device additions in 3 7 0
New Device Additions In 3.7.0
  •    F5BigIP
  •    MS DHCP
  •    MSIAS
  •    EMC Celerra CIFS
  •    Lotus Domino
  •    RSA Access Manager
  •    Aventail
  •    Qualysguard
  •    Foundscan
  •    nCircle