Deep Security Integration with Sumo Logic
|
|
- Johnathan Fitzgerald
- 5 years ago
- Views:
Transcription
1 A Trend Micro White Paper I May 2016 Install, Integrate and Analyze» This paper is aimed at information security and solution architects looking to integrate the Trend Micro Deep Security with Sumo Logic. This paper will help you to design, implement and integrate the Trend Micro Deep Security Platform with Sumo Logic.
2 TABLE OF CONTENTS TABLE OF CONTENTS... 2 GETTING STARTED... 3 Introduction... 3 Intended Audience... 3 About this Paper... 3 Help and Support... 3 SOLUTION COMPONENTS... 4 Deep Security Manager (DSM)... 4 Sumo Logic Data Analytics Service and Web UI... 4 Deep Security Agent (DSA)... 4 Sumo Logic Installed Collectors and Sources... 4 HOW THE INTEGRATED SOLUTION WORKS?... 5 Overview... 5 INSTALL... 6 Install options... 6 Installed Collector with Syslog Sources... 6 INTEGRATE... 8 System event log forwarding... 8 Security event log forwarding... 9 Integration Options for security event logs Relay Via Deep Security Manager Direct Forward Comparison between Two Integration Options ANALYZE Supported Event Log Formats Parsing Event Log Messages Field Extraction Rules Sumo Logic Dashboard What s Coming? Page 2 of 16 Trend Micro White Paper
3 GETTING STARTED INTRODUCTION The Trend Micro Deep Security Software and Deep Security as a Service provides a comprehensive security solution that easily integrates with log management, security analytics and Security Information and Event Manager (SIEM) products. Enterprises are running their workloads across complex, hybrid infrastructures, and need solutions that provide full-stack, 360-degree visibility to support rapid time to identify and resolve security threats. Trend Micro Deep Security offers seamless integration with Sumo Logic s data analytics service to enable rich analysis, visualizations and reporting of critical security and system data. INTENDED AUDIENCE This paper is intended for information security and solution architects looking to integrate the Trend Micro Deep Security with Sumo Logic. It is expected that the reader is comfortable with common computing and networking terminologies and topics. ABOUT THIS PAPER This paper includes architectural considerations and configuration steps required to integrate the Trend Micro Deep Security Platform and Sumo Logic. This paper also provides a detailed walkthrough of event forwarding and incident analysis. HELP AND SUPPORT This paper is not meant to substitute for product documentation. For detailed information regarding installation, configuration, administration and usage of the Deep Security product, please refer to the following links to online resource, documentation and self-help tools; For detailed information regarding installation, configuration and administration of Sumo Logic, please refer to the following link: Page 3 of 16 Trend Micro White Paper
4 SOLUTION COMPONENTS DEEP SECURITY MANAGER (DSM) This is the management component of the system and is responsible for sending rules and security settings to the Deep Security Agents. The DSM is controlled using the web-based management console. Using the console, the administrator can define security policies, manage deployed agents, query status of various managed instances, etc. The integration with Sumo Logic is done using this interface and no additional component or software is required. DEEP SECURITY AGENT (DSA) This component provides for all protection functionality. The nature of protection depends on the rules and security settings that each DSA receives from the Deep Security Manager. Additionally, the DSA sends a regular heartbeat to the DSM, and pushes event logs and other data points about the instance being protected to the DSM. SUMO LOGIC INSTALLED COLLECTORS AND SOURCES Sumo Logic Installed Collectors receive data from one or more Sources. Collectors collect raw log data, compress it, encrypt it, and send it to the Sumo Logic, in real time via HTTPS. The Deep Security Solution Components forward security events to Installed Collectors with a syslog source. SUMO LOGIC DATA ANALYTICS SERVICE AND WEB UI The Sumo Logic Web UI is browser-based and provides visibility and analysis of log data and security events sent by the Deep Security Platform to the Sumo Logic service and also provides administration tools for checking system status, managing your deployment, controlling user access and managing Collectors. Page 4 of 16 Trend Micro White Paper
5 OVERVIEW HOW THE INTEGRATED SOLUTION WORKS? Trend Micro Deep Security Software and Deep Security as a Service integrates with Sumo Logic through the Installed Collector and Syslog Source. This Syslog Source operates like a syslog server listening on the designated port to receive syslog messages from Trend Micro Deep Security Solution. The Installed Collectors can be deployed in your environment either on a local machine, a dedicated server or in the cloud. The Deep Security platform sends system and security event logs to this server, which forwards them securely to the Sumo Logic Data Analytics Service. Figure 1 provides a high-level overview of the integration process. Install Install Collector & configre Syslog Source Integrate Integrate Deep Security with Sumo Logic Analyze Perform visualizations and forensic investigations from the Sumo service FIGURE 1 - INTEGRATION OVERVIEW Page 5 of 16 Trend Micro White Paper
6 INSTALL OPTIONS INSTALL The first thing to consider when you set up the integration is how to collect data from your Deep Security deployment and forward it to Sumo Logic. There are three basic methods available, local host data collection, centralized syslog data collection and hosted collector. Deep Security uses an installed centralized collector with syslog source. In this method, an installed Collector with Syslog Sources can be used to collect all relevant data in a centralized location before forwarding it on to Sumo Logic s cloud-based service. INSTALLED COLLECTOR WITH SYSLOG SOURCES The installation process involves the deployment of a Sumo Logic collector in your environment and then adding a Syslog Source to it. A Sumo Logic Installed Collector can be installed on any standard server and used to collect local files, remote files or to aggregate logs from network services via syslog. You can choose to install a small number of collectors to minimize maintenance or you can choose to install many Collectors on many machines to leverage existing configuration management and automation tools like Puppet or Chef. At the minimum you will need one Installed Collector setup for Deep Security. The number of syslog sources you need depends on the types of event logs that you are sending to Sumo logic. You will need one syslog source for each type of event. There are two types of events in Deep Security: System Events and Security Events. In the example shown below, we have configured Sumo Logic Installed Collector with two Syslog Sources using UDP protocol. FIGURE 2 - LIST OF COLLECTORS FROM SUMO LOGIC S WEB CONSOLE In this example setup, the first syslog source is listening on UDP port 514 for System Event Log forwarding. Page 6 of 16 Trend Micro White Paper
7 FIGURE 3 - INSTALLED COLLECTOR SYSLOG SOURCE FOR SYSTEM EVENTS The second syslog source below is listening on UDP port 1514 for Security modules event log forwarding. FIGURE 4 - INSTALLED COLLECTOR SYSLOG SOURCE FOR SECURITY EVENTS Page 7 of 16 Trend Micro White Paper
8 SYSTEM EVENT LOG FORWARDING INTEGRATE The integration of Trend Micro Deep Security for system events forwarding to Sumo Logic is done via system setting (Administration System Settings SIEM) configuration as shown below; FIGURE 5 - SYSTEM SETTINGS FOR INTEGRATION OF SYSTEM EVENTS WITH SUMO LOGIC Page 8 of 16 Trend Micro White Paper FIGURE 6 - SYSTEM EVENTS FORWARDING TO SUMO LOGIC
9 SECURITY EVENT LOG FORWARDING The integration of Trend Micro Deep Security for security event forwarding to Sumo Logic is done via Policy configuration and requires a Syslog Source with UDP protocol and connection information to be added to the policy. Deep Security allows Policy heritance where child policies inherit their settings from their parent Policies. This way you can create a policy tree that begins with a top/base parent policy configured with settings and rules that will apply to all computers. When you have a single collector installed in your environment to collect logs from Deep Security it is recommended to set the integration details at the Top (root/base) policy as shown below; FIGURE 7 - POLICY SETTINGS FOR INTEGRATION OF SECURITY EVENTS WITH SUMO LOGIC Additionally, you can configure individual collectors for each security protection module or have all Deep Security modules to send logs to one collector depending on your requirements. Page 9 of 16 Trend Micro White Paper
10 INTEGRATION OPTIONS FOR SECURITY EVENT LOGS There are two integration options available to configure Deep Security Solution to forward security events to Sumo Logic, Relay via Deep Security Manager and Direct Forward. RELAY VIA DEEP SECURITY MANAGER This option sends the syslog messages from the Deep Security Manager after events are collected on heartbeats as shown below. FIGURE 8 - SECURITY EVENT FORWARDING VIA DEEP SECURITY MANAGER Page 10 of 16 Trend Micro White Paper
11 DIRECT FORWARD This option sends the security events/messages in real time directly from the Agents as shown below. FIGURE 9 - DIRECT EVENTS FORWARDING OF SECURITY EVENTS Page 11 of 16 Trend Micro White Paper
12 COMPARISON BETWEEN TWO INTEGRATION OPTIONS When you are deciding what integration option to choose from to send security events to Sumo Logic Installed Collectors among these two integration choices, consider your deep security deployment (as a Service, AWS and Azure Marketplace AMI/VM or software), your network topology/design, your available bandwidth, and deep security policy design. The table below provides comparison between these two choices for easier decision process; RELAY VIA DEEP SECURITY MANAGER Delivery of security event logs is not in real time. Note: Security events are sent from Deep Security Agents to Deep Security Manager on every regular heartbeat interval (By default every 10 minutes) and then forwarded to Sumo Logic Installed Collector Transport protocol is UDP Easier network design with a single installed collector configuration. Since this option requires only one network connection path to Installed Collector Server i.e. From DSM to Installed Collector Server. Single Security policy configuration can help integrate with Sumo Logic. Not Recommended with Deep Security as a Service deployment model because the event data is sent to your local installed collector in clear text. DIRECT FORWARD Delivery of Security event logs is real time. Note: Security events are sent directly by the Deep Security Agents in real time hence there is no dependency on heartbeat. Transport protocol is UDP Requires more network connection path to Installed Collector Server i.e. From each DSA to Installed Collector Server. This may require complex network design based on where Deep Security Agents are running. This option could require multiple Installed Collector Servers. May require multiple policies to help integrate with Sumo Logic. Recommended with Deep Security as a Service deployment model because the event data is sent to your local installed collector and all the traffic is local to your network e.g. Never leave the VPC network in clear text. Page 12 of 16 Trend Micro White Paper
13 ANALYZE Once the install and integration steps are done, you are all set to analyze Deep Security event data in Sumo Logic s web console. You can run searches, identify anomalies and correlate events across your protected workloads. You can also create powerful dashboards to unify, enrich and visualize security related information across your entire physical, virtual and cloud infrastructure. SUPPORTED EVENT LOG FORMATS Deep Security can forward events to a Sumo Logic collector over syslog in these formats; Common Event Format 1.0 Log Event Extended Format (LEEF) 2.0 There is also a basic syslog format available for legacy installations. This format should not be used for new installations because not all security events modules support basic syslog format. The event format selection for security events is done via Policy configuration and for system events it is done via the system setting. It is recommended to pick an event format that help with the interoperability between various event or log-generating devices in your deployment. PARSING EVENT LOG MESSAGES In each supported event format, the Extension part of the event message is a placeholder for additional custom fields used by Deep Security. These additional fields are documented in the Deep Security Administration Guide under Syslog Integration section. All the extensions described in the event log format tables of the administration guide will not necessarily be included in each log entry. Sumo Logic provides a number of ways to parse fields in your log messages. For example, the Parse Regex operator enables users comfortable with regular expression syntax to extract data from log messages. You can use parse regex operator to extract Deep Security event log messages. When parsing Deep Security event log messages, make sure; The search query expressions do not depend on each key/value pair to be there. Use nodrop option with parse regex expression to ensure this. The search query expressions don t expect key/value pairs to be in a particular order. For example; to parse Anti-Malware log events in CEF format, you can use a search query; Page 13 of 16 Trend Micro White Paper
14 FIGURE 10 - SAMPLE PARSE REGEX QUERY TO EXTRACT ANTI-MALWARE EVENTS FIELD EXTRACTION RULES Automatic field parsing can also be configured using Field Extraction Rules. This feature allows the Sumo Logic user the ability to explore the data without writing parse statements into every search. See below for sample field extraction rules and deployment guidance. For additional information and instructions on configuring field extraction rules, see the Sumo Logic documentation here. Also, sample Trend Micro Deep Security specific field extraction rules can be found here Page 14 of 16 Trend Micro White Paper
15 SUMO LOGIC DASHBOARD The Sumo Logic dashboards are a powerful visualization tool to help accelerate the time to identify anomalies and indicators of compromise (IOC). The saved searches powering these dashboards can also be leverage for forensic investigations and to reduce the time it takes for root cause analysis and remediation. The uses for Dashboards are nearly endless. Perhaps your IT security group wants to keep an eye on who is installing virtual machines. You can edit, create and save the queries you run as a panel in a Dashboard, and watch for spikes over time in a line graph. Multiple graphical options/formats are supported. Dashboards bring additional assurance, knowing that unusual activity will be displayed real time in an easy-to-digest graphical format. The data that matters the most to you is even easier to track. FIGURE 11 - SUMO LOGIC DASHBOARD WITH TREND MICRO DEEP SECURITY PANELS Page 15 of 16 Trend Micro White Paper
16 WHAT S COMING? Sumo Logic Apps deliver out-of-the-box Dashboards, saved searches, and field extraction for popular data Sources. When you install a Sumo Logic App, these pre-set searches and Dashboards are customized with your source configurations and populated in a folder selected by you. The Sumo Logic App for Trend Micro Deep Security will be released in the near future to provide pre-set searches and extractions rules with out-of-the box dashboard for each security module it offers. Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses and governments provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. All of our solutions are powered by cloud-based global threat intelligence, the Trend Micro Smart Protection Network, and are supported by over 1,200 threat experts around the globe. For more information, visit by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection Network are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice. [WPXX_templates_160318US] Page 16 of 16 Trend Micro White Paper
Network Security Protection Alternatives for the Cloud
A Trend Micro White Paper May 2016 Network Security Protection Alternatives for the Cloud» A technical brief summarizing the deployment options that can be used to deploy IDS/IPS protection for cloud instances
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationSentinet for Microsoft Azure SENTINET
Sentinet for Microsoft Azure SENTINET Sentinet for Microsoft Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Cloud Deployment Model... 3 Hybrid Deployment Model...
More informationTREND MICRO SMART PROTECTION SUITES
SOLUTION BROCHURE TREND MICRO SMART ROTECTION SUITES Maximum Trend Micro XGen security from your proven security partner Get smarter security that goes where your users go The threat landscape is constantly
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationCAS Quick Deployment Guide January 2018
CAS January 2018 Page 2 of 18 Trend Micro CAS January 2018 This document is to guide TrendMicro SE and Solution Architect team run a successful Cloud App Security POC with prospective customers. It is
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
MMC1532BE Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads Percy Wadia Amol Tipnis VMworld 2017 Content: Not for publication #VMworld #MMC1532BE Disclaimer This presentation
More informationConsumerization. Copyright 2014 Trend Micro Inc. IT Work Load
Complete User Protection Consumerization IT Work Load 2 Then... File/Folder & Removable Media Email & Messaging Web Access Employees IT Admin 3 Now! File/Folder & Removable Media Email & Messaging Web
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationDATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure
DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure AlienVault USM Anywhere accelerates and centralizes threat detection, incident response,
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationSaaS Providers. ThousandEyes for. Summary
USE CASE ThousandEyes for SaaS Providers Summary With Software-as-a-Service (SaaS) applications rapidly replacing onpremise solutions, the onus of ensuring a great user experience for these applications
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationMoving Beyond Prevention: Proactive Security with Integrity Monitoring
A Trend Micro Whitepaper I May 2016 Moving Beyond Prevention: Proactive Security with Integrity Monitoring» Detecting unauthorized changes can be a daunting task but not doing so may allow a breach to
More informationThousandEyes for. Application Delivery White Paper
ThousandEyes for Application Delivery White Paper White Paper Summary The rise of mobile applications, the shift from on-premises to Software-as-a-Service (SaaS), and the reliance on third-party services
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationManaged Networks for IWAN
Managed Networks for IWAN Managed Networks for IWAN Managed Services Remove Complexity From IWAN Deployments 1 2017 2017 Cisco Cisco and/or and/or its affiliates. its affiliates. All rights All rights
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationThe Reigning King of IP Camera Botnets and its Challengers
Appendix The Reigning King of IP Camera Botnets and its Challengers Appendix TrendLabs Security Intelligence Blog Dove Chu, Kenney Lu and Tim Yeh APT Team and CSS May 2017 Indicators of Compromise (IoCs):
More informationPowerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations
Powerful Insights with Every Click FixStream Agentless Infrastructure Auto-Discovery for Modern IT Operations The Challenge AIOps is a big shift from traditional ITOA platforms. ITOA was focused on data
More informationSecurity Operations & Analytics Services
Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some
More informationTREND MICRO SMART PROTECTION SUITES
SOLUTION BROCHURE TREND MICRO SMART ROTECTION SUITES Maximum endpoint security from your proven security partner Get smarter security that goes where your users go The threat landscape is constantly changing,
More informationALERT LOGIC LOG MANAGER & LOG REVIEW
SOLUTION OVERVIEW: ALERT LOGIC LOG MANAGER & LOG REVIEW CLOUD-POWERED LOG MANAGEMENT AS A SERVICE Simplify Security and Compliance Across All Your IT Assets. Log management is an essential infrastructure
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationInfoblox as Part of the Ecosystem
Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations,
More informationCisco ISR G2 Management Overview
Cisco ISR G2 Management Overview Introduction The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and
More informationtrend micro smart Protection suites
solution brochure trend micro smart rotection suites Connected, layered security for complete protection Get smarter security that goes where your users go Your users are increasingly accessing corporate
More informationTop 5 NetApp Filer Incidents You Need Visibility Into
Top 5 NetApp Filer Incidents You Need Visibility Into www.netwrix.com Toll-free: 888-638-9749 Table of Contents #1: Failed NetApp Filer Activity #2: Activity Involving Potentially Harmful Files #3: Anomalous
More informationForescout. Configuration Guide. Version 3.5
Forescout Version 3.5 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationData safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.
WHITE PAPER Data safety for digital business. One solution for hybrid, physical, and virtual environments. It s common knowledge that the cloud plays a critical role in helping organizations accomplish
More informationCisco Cloud Application Centric Infrastructure
Cisco Cloud Application Centric Infrastructure About Cisco cloud application centric infrastructure Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationCONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS
SOLUTION OVERVIEW CONFIDENTLY INTEGRATE VMWARE WITH INTELLIGENT OPERATIONS VMware Cloud TM on AWS brings VMware s enterprise class Software-Defined Data Center (SDDC) software to the AWS Cloud, with optimized
More informationProduct Guide Revision B. McAfee Cloud Workload Security 5.0.0
Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD
RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD THE CLOUD MAKES THREAT HUNTING HARDER The explosion in cloud workloads is driving real, substantial business value.
More informationSOLUTION MANAGEMENT GROUP
InterScan Messaging Security Virtual Appliance 8.0 Reviewer s Guide February 2011 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com
More informationCLOUD SECURITY CRASH COURSE
CLOUD SECURITY CRASH COURSE ADDRESSING REAL WORLD CONCERNS Joel Friedman, CTSO ABOUT ME Name: Joel Friedman Title: Chief Technology & Security Officer of Datapipe Certifications: CISSP, CISA, CISM, CRISC,
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationDatacenter Management and The Private Cloud. Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education
Datacenter Management and The Private Cloud Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education System Center Helps Deliver IT as a Service Configure App Controller Orchestrator Deploy
More information5 Steps to Government IT Modernization
5 Steps to Government IT Modernization 1 WHY MODERNIZE? IT modernization is intimidating, but it s necessary. What are the advantages of modernization? Enhance citizen experience and service delivery Lower
More informationExtending Enterprise Security to Public and Hybrid Clouds
Extending Enterprise Security to Public and Hybrid Clouds Juniper Security for an Ever-Evolving Market Challenge Enterprises are migrating toward public or hybrid clouds much faster than expected, creating
More informationIBM Netcool Operations Insight Version 1 Release 4. Integration Guide IBM SC
IBM Netcool Operations Insight Version 1 Release 4 Integration Guide IBM SC27-8601-00 Note Before using this information and the product it supports, read the information in Notices on page 249. This edition
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationSymantec Advanced Threat Protection: Endpoint
Symantec Advanced Threat Protection: Endpoint Data Sheet: Advanced Threat Protection The Problem Virtually all of today's advanced persistent threats leverage endpoint systems in order to infiltrate their
More informationM365 Powered Device Proof of Concept Overview
M365 Powered Device Proof of Concept Overview Describe how modern desktop will support your business Explore the latest devices Learn about privacy and diagnostic data Challenges Modern Desktop Devices
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationTREND MICRO LEGAL DISCLAIMER
TrendLabs TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice.
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationCloudamize Agents FAQ
Cloudamize Agents FAQ Cloudamize is a cloud infrastructure analytics platform that provides data analysis and recommendations to speed and simplify cloud migration and management. Our platform helps you
More informationCommercial Product Matrix
PRODUCT MATRIX 1H2016 FOR INTERNAL USE ONLY Trend Micro Commercial Product Matrix SELLING TREND MICRO SECURITY SOLUTIONS Small Business or /Medium Business? < 100 Users > 100 Users Trend Micro Customer
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE Ralf Kaltenbach, Regional Director RSA Germany 1 TRUSTED IT Continuous Availability of Applications, Systems and Data Data Protection with Integrated
More informationInstallation Guide Revision B. McAfee Cloud Workload Security 5.0.0
Installation Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationDRIDEX s New Tricks Lead to Global Spam Outbreak
Appendix DRIDEX s New Tricks Lead to Global Spam Outbreak Appendix TrendLabs Security Intelligence Blog Michael Casayuran, Rhena Inocencio, and Jay Yaneza May 2016 TREND MICRO LEGAL DISCLAIMER The information
More informationSOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE
RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE KEY CUSTOMER BENEFITS: Gain complete visibility across enterprise networks Continuously monitor all traffic Faster analysis reduces risk exposure
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationWhite Paper Integrating The CorreLog Security Correlation Server with McAfee epolicy Orchestrator (epo)
orrelogtm White Paper Integrating The CorreLog Security Correlation Server with McAfee epolicy Orchestrator (epo) This white paper provides a detailed discussion of objectives and methodologies for integrating
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationMySQL CLOUD SERVICE. Propel Innovation and Time-to-Market
MySQL CLOUD SERVICE Propel Innovation and Time-to-Market The #1 open source database in Oracle. Looking to drive digital transformation initiatives and deliver new modern applications? Oracle MySQL Service
More informationAre Device Response Times a Neglected Risk of IoT?
Are Device Response Times a Neglected Risk of IoT? Balwinder Kaur Principal Software Engineer, Emerging Technologies Open IoT Summit, Portland. February 22, 2017 Notice The information and materials included
More informationDEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE
SOLUTION OVERVIEW DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE Cut Costs and Control Access with VMware Cloud PKS Digital transformation, the Internet of things, the growing popularity of public clouds,
More informationSteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN
Data Sheet SteelConnect The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN The Business Challenge Delivery of applications is becoming more
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS
TECHNOLOGY DETAIL ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS ABSTRACT Enterprises engaged in deploying, managing, and scaling out Red Hat Enterprise Linux OpenStack Platform have
More informationThis hot fix provides four registry keys to hide redundant notification/log created for cached messages.
1203 This hot fix provides four registry keys to hide redundant notification/log created for cached email messages. Add registry value, ExcludeNotification in type REG_DWORD, and set the value to "1".
More informationDEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE
SOLUTION OVERVIEW DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE Cut Costs and Control Access with VMware Kubernetes Engine Digital transformation, the Internet of things, the growing popularity of public
More informationMcAfee MVISION Cloud. Data Security for the Cloud Era
McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data
More informationHARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY
HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY WHY DIGITAL TRANSFORMATION IS DRIVING ADOPTION OF MULTI-CLOUD STRATEGIES In the era of digital business, enterprises are increasingly using
More informationAppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide
AppDefense Appendix Cb Defense Integration Configuration Guide Table of Contents Overview 3 Requirements 3 Provision API Key for Cb Defense Integration 3 Figure 1 Integration Type 4 Figure 2 API Key Provisioning
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationMcAfee Cloud Workload Security Product Guide
Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationMCAFEE INTEGRATED THREAT DEFENSE SOLUTION
IDC Lab Validation Report, Executive Summary MCAFEE INTEGRATED THREAT DEFENSE SOLUTION Essential Capabilities for Analyzing and Protecting Against Advanced Threats By Rob Ayoub, CISSP, IDC Security Products
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationDeployment Guide For Microsoft Exchange With Cohesity DataProtect
Deployment Guide For Microsoft Exchange With Cohesity DataProtect This white paper outlines the Cohesity DataProtect deployment guide for Microsoft Exchange Server Data Protection. Table of Contents About
More informationHybrid Cloud Management: Transforming hybrid cloud delivery
Hybrid Cloud Management: Transforming hybrid cloud delivery Explore the benefits in customer case studies ebook Get Started ebook Table of contents Introduction Nationwide US financial and insurance services
More informationFeature Focus: Context Analysis Engine. Powering CylanceOPTICS Dynamic Threat Detection and Automated Response
Feature Focus: Context Analysis Engine Powering CylanceOPTICS Dynamic Threat Detection and Automated Response The ability to quickly detect threats and initiate a response can make the difference between
More informationForeScout Extended Module for Splunk
Version 2.8 Table of Contents About Splunk Integration... 5 Support for Splunk Enterprise and Splunk Enterprise Security... 6 What's New... 6 Support for Splunk Cloud... 6 Support for Batch Messaging...
More informationAndroid Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
Appendix Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More Appendix TrendLabs Security Intelligence Blog Lenart Bermejo, Jordan Pan, and Cedric Pernet July 2017 TREND MICRO LEGAL
More informationAutomated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend
SAI3314BES Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend Micro #VMworld #SAI3314BES Automated Security
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationPrivate Cloud Management Manage and Operate Applications
Private Cloud Management Manage and Operate Applications Introduction Manage and Operate Applications PRODUCTIVE INFRASTRUCTURE PREDICTABLE APPLICATIONS YOUR CLOUD Heterogeneous support Process automation
More informationSymantec Endpoint Protection
Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec Insight and by SONAR, a single,
More information