IBM Internet Security Systems Proventia Management SiteProtector

Transcription

1 Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and complexity of security management through central control of diverse network and host security devices Leverages existing investments by integrating into current systems Promotes a security-rich environment that can facilitate regulatory compliance and streamline documentation Meeting the challenges of managing your enterprise security environment Increasing exposure to risk, along with changing regulatory compliance requirements, can make security management an ongoing challenge. Without a comprehensive security management solution, you spend additional time and resources managing a wide variety of security devices in an increasingly complex environment. You need a simplified, single-source security device management solution to help cut costs and reduce day-to-day administration one that not only helps you demonstrate regulatory compliance, but that also enables a high-level overview of business assets to help you effectively manage risks. IBM Proventia Management SiteProtector helps reduce the burden of security management through centralized control of a broad array of network security agents and devices. We can help you unify the management of IBM platform offerings across gateways, networks, servers and desktops, as well as select third-party security solutions. IBM SiteProtector uses a single console that can enable you to control, monitor, measure and report on your enterprise security posture. This can give you an enterprise-wide view of your security environment and enable simplified management at reduced costs. Providing a single interface to measure the effectiveness of your security devices Designed for simplicity and flexibility, IBM Proventia Management SiteProtector can provide centralized management for your security devices, policies, events analysis, alerts and work flows. This innovate solution can

2 help you reduce the complexity and costs associated with piecemeal security management, and free your IT staff to focus on other critical projects. You can organize your security devices within the IBM SiteProtector system and create custom-defined groupings to give you an enterprise-wide view of assets, threats and vulnerabilities from a risk perspective. IBM SiteProtector Version 7.0 offers advanced features to help you correlate and prioritize realtime vulnerability and threat information. This can help you quickly access the information that s most critical or relevant to your environment and enable IT staff to focus on your greatest risks. You can also use IBM SiteProtector to increase the priority level of alerts and reduce console and database clutter by discarding details of unsuccessful attacks. IBM SiteProtector Version 7.0 incorporates several other advanced features and functionalities designed to help you gain visibility into your enterprise-wide security posture and maximize business continuity and availability: Offers diagnostic information about the health of the devices that IBM SiteProtector manages, including highly configurable notifications and alerts, to help identify problem trends before they become critical issues Generates reports on offline security devices that can alert you to potential vulnerabilities Notifies you of public exploits (through Enterprise Scanner) to highlight vulnerabilities inside IBM SiteProtector that have been identified by IBM X-Force Provides an asset information-based risk score value to help you distinguish threat levels and better determine what actions to take Offers an integrated automated ticketing feature that includes ticketing for vulnerabilities and incidents within IBM SiteProtector, or through a standalone ticketing system such as Remedy Ticketing Integration, to help you track and measure resolution Includes a policy deployment option to help you quickly extend and apply policies to multiple devices Provides an event analysis feature to help you identify types and sources of system attacks Offers a view of available device updates, listed by category type, to help you quickly initiate updates The IBM SiteProtector system facilitates a robust roles and permissions model to help you delegate responsibilities and protect or enable access. Site administrators can use a Web browser from virtually any location to grant selected users the ability to quickly access reports. IBM SiteProtector Version 7.0 includes a year of updates, patches and basic technical support. If you need more specialized support or quicker response times, IBM SiteProtector can offer a premium level of technical support at an additional cost.

3 Integrating with existing systems to leverage your investments IBM SiteProtector is designed to help you maximize your current investments and processes by integrating with your workflow and ticketing, systems administration, and network and database management tools. In addition, your own IT department or other vendors can create programming to enable their applications to leverage IBM SiteProtector data. We can integrate with existing network infrastructures, including: Microsoft Windows Active Directory. Support of Microsoft SQL Server database clusters. VMWare ESX 3.5. Central responses to monitoring status. Event archive and filtering. Remedy Ticketing Integration. Support of two-factor authentication. The IBM SiteProtector centralized control system allows you to apply products and security content updates to virtually all Internet Security Systems (ISS) sensors. You can leverage IBM SiteProtector to help manage your Proventia network intrusion appliances and host security (including servers and desktops), protection, and Web filtering. In addition, we can help manage Proventia: Anomaly detection systems. Integrated security appliances. Network intrusion detection systems. Content security solutions. Vulnerability management and assessment systems. IBM SiteProtector can also manage IBM RealSecure Server Sensor. Because IBM SiteProtector offers a consistent system that employees can quickly become familiar with, you can virtually eliminate the need for staff to learn new systems when you add new protection. This can make it easier and quicker to deploy new protection devices, manage device updates and administrate management policies. Helping enable regulatory compliance and streamlining documentation IBM SiteProtector is designed to make it easier for you to keep pace with everchanging regulatory compliance standards. It can help you demonstrate compliance by maintaining a comprehensive asset database, a record of risk reduction and remediation efforts, and a centralized security policy. IBM SiteProtector also offers comprehensive reporting options, which can be categorized according to regulatory compliance standards, to help you measure compliance against your security policies. Our centralized, role-based administration is designed to help configure and enforce protection policies, evaluate policy status and find weak points. The IBM SiteProtector system produces central responses based on rules or thresholds maintained across disparate agents and applications.

4 The IBM SiteProtector system s broad array of reports both predefined and customized can allow you to identify and document: Staff who can access IBM SiteProtector. Ticketing activities. Policy, audit, assessment, administration and compliance management. Vulnerability and configuration management, including incident, attack, virus activity and event management. Information about overall compliance levels, resolutions, current threats and enterprise-wide trends. Granular information for technical managers detailing compliance at the asset, operating system and line-of-business levels. IBM SiteProtector reporting capabilities can help you not only demonstrate compliance, but provide specific details regarding security breaches. In addition, real-time reports on asset security, vulnerability remediation and trends can provide you with a high-level view of improvements to your security posture over time, and help enable costeffective decisions regarding your network. New functionality within IBM SiteProtector Version 7.0 makes it even easier to demonstrate change control compliance. We have incorporated a forced versioning feature to enable automated tracking and logging of policy history, so changes to policies are tracked and documented. In addition, IBM SiteProtector Version 7.0 also incorporates a licensing system that leverages a company entitlement model rather than a traditional key system. This can help reduce the time required to update keys, and mitigate the risk of interruptions in network and system security. For IBM Managed Security Services (MSS) clients, IBM SiteProtector Version 7.0 can also provide a seamless connection between IBM SiteProtector and IBM MSS. These clients can view their IBM MSS activity in their IBM MSS portal from within IBM SiteProtector. If your enterprise doesn t have full-time monitoring capability, you can leverage IBM MSS through IBM SiteProtector to monitor your enterprise security during offhours. This can provide a cost-effective solution that can help ensure that your enterprise is protected 24 hours a day, seven days a week. Why IBM? IBM SiteProtector includes time-tested IBM MSS practices and methods and incorporates the industry-leading research of IBM X-Force. We can help simplify the addition of multiple protection devices in your infrastructure to make expanding your security environment more streamlined and costeffective. And IBM Internet Security Services can offer a comprehensive range of security solutions designed to provide single-source support for your enterprise security needs.

5 Requirements IBM SiteProtector appliance (all included) Processor Memory Disk space Other 2 Xeon, 2.8 GHz 4 GB of RAM 74 GB of disk space SCSI RAID controller Hot-swappable, redundant power supplies Hot-swappable hard drives 2 RU Form Factor Operating system Database Server protection IBM SiteProtector Software Processor Memory Disk space Operating system Other vendor services VMware (optional) Screen resolution Other Microsoft Windows Server 2003 Microsoft SQL Server 2005 Proventia Server for Windows 1 GHz Pentium 4 1 GB of RAM 8 GB free hard drive space Microsoft Windows Server 2003 Microsoft Windows Enterprise Server 2003 Microsoft SQL Server 2005, Internet Explorer 6.0 or 7.0, Adobe Acrobat Reader 6.0 or later VMWare ESX server and later 1024 by 768 pixels Static IP address required

6 For more information To learn more about IBM ISS Proventia Management SiteProtector, please contact your IBM representative or IBM Business Partner, or visit the following Web site: ibm.com/services/security Copyright IBM Corporation 2008 IBM Global Services Route 100 Somers, NY U.S.A. Produced in the United States of America June 2008 All Rights Reserved IBM, the IBM logo, ibm.com, Internet Security Systems, Proventia, SiteProtector, RealSecure, X-Force, IBM Managed Security Services and other referenced IBM products and services are trademarks of International Business Machines Corporation in the United States, other countries, or both. Adobe and Acrobat are registered trademarks of Adobe Systems, Incorporated in the United States and/or other countries. Microsoft, Windows, Active Directory, Internet Explorer, SQL Server, Windows Server, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. SED03044-USEN-00