IBM Proventia Management SiteProtector Sample Reports

Similar documents
IBM Internet Security Systems Proventia Management SiteProtector

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

IBM Proventia Network Enterprise Scanner

IBM Proventia Management SiteProtector. Scalability Guidelines Version 2.0, Service Pack 7.0

IBM Global Technology Services May IBM Internet Security Systems Proventia Management SiteProtector system version 2.0, SP 7.

IBM Proventia Network Anomaly Detection System

IBM Security SiteProtector System User Guide for Security Analysts

Skybox Security Vulnerability Management Survey 2012

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

IBM Proventia Management SiteProtector Policies and Responses Configuration Guide

Managed Security Services - Endpoint Managed Security on Cloud

Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Reinvent Your 2013 Security Management Strategy

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Combatting advanced threats with endpoint security intelligence

SIEM: Five Requirements that Solve the Bigger Business Issues

RSA IT Security Risk Management

Virtual Security Operations Center Portal Reports User Guide. October, 2016

Building Resilience in a Digital Enterprise

Symantec Security Monitoring Services

Practical Patch Compliance

Fabrizio Patriarca. Come creare valore dalla GDPR

The Convergence of Security and Compliance

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

INTELLIGENCE DRIVEN GRC FOR SECURITY

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

align security instill confidence

Business Context: Key for Successful Risk Management

Threat Centric Vulnerability Management

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

SYMANTEC DATA CENTER SECURITY

IBM Internet Security Systems October Market Intelligence Brief

Q WEB APPLICATION ATTACK STATISTICS

Comprehensive Database Security

ITSM SERVICES. Delivering Technology Solutions With Passion

Vulnerability Management

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

IBM BigFix Compliance

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

User Guide for Proventia Server IPS for Linux

Managed Security Services - Automated Analysis, Threat Analyst Monitoring and Notification

McAfee Total Protection for Data Loss Prevention

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Nebraska CERT Conference

Automated, Real-Time Risk Analysis & Remediation

The McGill University Health Centre (MUHC)

Device Discovery for Vulnerability Assessment: Automating the Handoff

Un SOC avanzato per una efficace risposta al cybercrime

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

TRIPWIRE VULNERABILITY RISK METRICS CONNECTING SECURITY TO THE BUSINESS

McAfee epolicy Orchestrator

IBM Security Network Protection Solutions

IBM Security Guardium Analyzer

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Scalability Guidelines

Qualys Cloud Platform

Total Protection for Compliance: Unified IT Policy Auditing

McAfee Advanced Threat Defense

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

Sustainable Security Operations

McAfee Public Cloud Server Security Suite

CA Security Management

MAXIMIZE SOFTWARE INVESTMENTS

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

FireMon Security manager

Qualys 8.7 Release Notes

Six Sigma in the datacenter drives a zero-defects culture

GUIDE. MetaDefender Kiosk Deployment Guide

Security Gap Analysis: Aggregrated Results

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Clearing the Path to PCI DSS Version 2.0 Compliance

IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]

Snort: The World s Most Widely Deployed IPS Technology

Challenges and. Opportunities. MSPs are Facing in Security

CA Host-Based Intrusion Prevention System r8

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Skybox Vulnerability Control

IBM Vulnerability Management Service

201 - TMOS TECHNOLOGY SPECIALIST

401 - SECURITY SOLUTION EXPERT

Security Configuration Assessment (SCA)

IBM Security Services Overview

ForeScout ControlFabric TM Architecture

IBM Security QRadar SIEM Version Getting Started Guide

IBM services and technology solutions for supporting GDPR program

The New Era of Cognitive Security

See What You ve Been Missing

Symantec Network Access Control Starter Edition

UNIFICATION OF TECHNOLOGIES

: Administration of Symantec Endpoint Protection 14 Exam

Transcription:

IBM Proventia Management SiteProtector

Page Contents IBM Proventia Management SiteProtector Reporting Functionality Sample Report Index 2-25 Reports 26 Available SiteProtector Reports IBM Proventia Management SiteProtector Reporting Functionality The following reports are available from the IBM Proventia Management SiteProtector (SiteProtector) system. The examples show sample output and data available from various SiteProtector reports. Clients may utilize prepackaged reports available through the SiteProtector interface or create their own customized reports by setting multiple parameters and/or criteria. SiteProtector s flexible reporting features help clients meet a variety of business needs such as meeting regulatory compliance, detecting insider misuse, integrating security with ticketing and workflow, and prioritizing and tracking vulnerability remediation. For specific questions about SiteProtector s reporting options, please contact technical support at sales@iss.net or visit the online resource center at www.iss.net/support/index.html. Sample Report Index Note: Not all SiteProtector reports or potential variations are shown below. A. Asset Detail B. Asset Summary C. Asset Event Details D. Attack Status Summary E. Attack Trend F. Attacks By Group G. Attacks by Protection Domain H. Audit Detail I. Desktop Protection Report J. Mail Filtering Executive Summary K. Permission Details L. Server Protection Report M. Ticket Time Tracking N. Ticket Trend O. Top Attacks P. Top Sources of Attacks Q. Top Targets of Attacks R. Top Vulnerabilities S. Vulnerabilities By Asset T. Vulnerability Differential U. Vulnerability Names by Asset V. Vulnerability Remedies by Asset W. Vulnerability Summary by Asset X. Vulnerable Assets

Page 2 Report A: Asset Detail Overview: Identify the severity, specific nature, and remedy for assets posing a risk. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. The Asset Detail report provides the list of vulnerabilities and services for each asset, including vulnerability remedies and references. Key business questions addressed by the report:. What is the security risk(s) to my organization? 2. In which way do these assets pose a security risk(s)? 3. How do I fix the security risk(s) posed by these assets? 2 3

Page 3 Report B: Asset Summary Overview: Summary listing of risks and their severity. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. Key business questions addressed by the report:. What is the security risk(s) to my organization? 2. In which way do these assets pose a security risk(s)? 2

Page 4 Report C: Asset Event Details Overview: Lists asset events and vulnerability details. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. Key Business Questions Addressed by Report:. Which attacks are hitting my assets? 2. Which assets are at risk for being hit by these attacks? 3. Whose assets are most at risk for being hit by these attacks? 2 3

Page 5 Report D: Attack Status Summary Overview: Displays attack status summary including Security Fusion and blocked events. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. Use SecurityFusion to perform automated correlation and prioritization of security data.. How many attacks are actually blocked by Proventia appliances? 2. What percentage of these attacks fail? 2

Page 6 Report E: Attack Trend Overview: Provides attack trend analysis by day, week, month, quarter, year or severity.. How can I better understand how my network is under attack today compared to yesterday? Last week? Last month? Last year? 2. Were these attacks minor or major attacks? 3. How can I better justify to auditors my chosen level of network security defense? In other words, how do I prove the risk level involved? 2 3

Page 7 Report F: Attacks By Group Overview: Compare attack counts across subgroups to evaluate which groups represent the highest level of risks. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which groups represent the most risk to the organization in terms of both total attacks and the severity of attacks? 2. What is the severity of attacks within a group? 2

Page 8 Report G: Attacks by Protection Domain Overview: Compare attack counts across protection domain for a selected group. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which protection domain represents the most risk to the organization in terms of both total attacks and the severity of attacks? 2. What is the severity of attacks for a given protection domain? 2

Page 9 Report H: Audit Detail Overview: Provides an audit trail of actions performed by SiteProtector users.. Is there a way to track the activities of my SiteProtector operators? 2. How can I track and document the responsibility and accountability of my SiteProtector operators based on their activity? 3. How can I review and ensure that my SiteProtector operators don t pose a security risk to my network? 2 3

Page 0 Report I: Desktop Protection Report Overview: Multi-page report counts assets protected and not protected with version details. Additional details provide a breakdown of version numbers by asset name and last user.. What percentage of the assets is not protected? 2. For identified assets, what is the breakdown of agent versions deployed and which assets should be upgraded? 2

Page Report J: Mail Filtering Executive Summary Overview: High-level summary of e-mails for actions taken, quarantined e-mails, or total e-mails.. For identified groups and time periods, what are summary counts and trends for actions taken?

Page 2 Report K: Permission Details Overview: Based on the roles and permissions defined, this report can show the permissions and policies in effect by user and user group.. Can I show all the roles and permissions within SiteProtector to demonstrate internal controls that will meet compliance requirements? 2. What capabilities do certain users and user groups have (e.g. all, actions, modify, manage user groups, manage user assets)? Items not shown include view permissions for reports, and users who can control Proventia Network Intrusion Prevention System logs. 2

Page 3 Report L: Server Protection Report Overview: Multi-page report counts assets protected and not protected with version details. Additional details provide breakdown of version numbers by asset name and last user.. What percentage of the assets is not protected? 2. For identified assets, what is the breakdown of agent versions deployed and which assets should be upgraded? 2

Page 4 Report M: Ticket Time Tracking Overview: Summary of working time by user for tickets. Report includes the total time elapsed, working time, and average work time available by both category and priority level of tickets.. How long does it take for users to solve tickets?

Page 5 Report N: Ticket Trend Overview: Tracks the types of incidents that are being worked on an average basis.. What is the trend for the average ticket time over a time period? 2. What is the ticket trend count over a time period? 3. What are the ticket details by time period (e.g. ticket status, priority, assigned user, etc.)? 3 2

Page 6 Report O: Top Attacks Overview: Lists the top attack names by frequency for a specified group and time period. Data is consolidated across IBM Internet Security Systems agents.. What are the most common attacks during a given time period? 2. How frequent and prevalent is each attack? 3. Are there significant and/or broad-based attacks on certain groups of assets? 2 3

Page 7 Report P: Top Sources of Attacks Overview: List of the top attack sources by frequency and severity for a specified group and time. Data is consolidated across IBM Internet Security Systems agents.. Who is attacking my network over a certain window of time? What is their source IP address? 2. Are these attacks severe attacks that I should be concerned about or just noise that can be ignored (e.g. what is the severity of the attack)? 3. How much of my total attack volume are they responsible for (available for identified time periods, groups, and asset types)? 3 2

Page 8 Report Q: Top Targets of Attacks Overview: Lists the top attack targets by frequency and severity for a specified group and time. Data is consolidated across IBM Internet Security Systems agents.. Who in my network is being attacked? What is their IP address? 2. Are these attacks severe attacks that I should be concerned about or just noise that can be ignored? 3. How much of the total attack volume are specific users getting hit with? 3 2

Page 9 Report R: Top Vulnerabilities Overview: Lists the top vulnerabilities by frequency for a specified group and time period. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which vulnerabilities could be responsible for the greatest risk exposure to my enterprise? 2. Which vulnerabilities should I consider remediating first? 3. What level of impact could remediating these vulnerabilities have on my enterprise s risk exposure (based on the volume of vulnerabilities)? 2 3

Page 20 Report S: Vulnerabilities By Asset Overview: Lists the top assets by number of vulnerabilities for a specified group and time. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which assets expose my enterprise to the most risk via software vulnerabilities? 2. How critical are these software vulnerabilities? 3. Do these assets carry the brunt of my enterprise s risk exposure via software vulnerabilities? 3 2

Page 2 Report T: Vulnerability Differential Overview: Provides management insight by contrasting asset vulnerabilities for two distinct periods of time. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. ) How can I compare the progress of risk reduction between two time periods? Review the difference in vulnerabilities between two time periods and the counts for existing, fixed and new vulnerabilities.

Page 22 Report U: Vulnerability Names by Asset Overview: Lists of vulnerability names for each asset. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. How can I specifically list all of the software vulnerabilities for each asset creating risk for my enterprise? 2. How critical are these software vulnerabilities? In other words, which ones should I focus on first? 2

Page 23 Report V: Vulnerability Remedies by Asset Overview: List of vulnerabilities (with severity and remedy) for each asset. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. For each vulnerable asset, tell me what risk these vulnerabilities expose me to. 2. How severe is the risk of these vulnerabilities? 3. For each vulnerable asset, tell me what I need to do to remediate the risk associated with that asset. 3

Page 24 Report W: Vulnerability Summary by Asset Overview: List of vulnerabilities and their descriptions for each asset. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. For each vulnerable asset, tell me what operating system runs on it. 2. How severe is the risk of these vulnerabilities? 3. For each vulnerable asset, tell me what risk these vulnerabilities expose me to. 2 3

Page 25 Report X: Vulnerable Assets Overview: Communicates the vulnerability trend by day, week, month, quarter or year. The report highlights the total vulnerability count by status (existing, fixed or new) and by severity to demonstrate progress against existing risk and trends impacting the enterprise. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. How can I see how my enterprise s risk exposure change over time? 2. How can I track when vulnerabilities are introduced into the enterprise? 3. Is an increase in risk due to a sudden spike in vulnerabilities, or from not remediating existing vulnerabilities? 3 2 3 3

Page 26 Available SiteProtector Reports Number Category Template Name Description Asset Detail Detailed list of vulnerabilities and services for each asset, including vulnerability remedies and references. 2 Asset Summary Lists discovered assets and identifies network services and vulnerabilities for each asset. 3 Operating System Summary Displays percentage and number of assets by operating system discovered during an automated network scan. 4 Operating System Summary by Asset Lists assets scanned and their operating system. 5 Service Summary Lists services discovered. 6 Service Summary by Asset Lists services discovered for each asset scanned. 7 Top Vulnerabilities Lists the top vulnerabilities by frequency for a specified group and time. 8 Vulnerability by Asset Lists the top assets by number of vulnerabilities for a specified group and time. 9 Vulnerability by Group Compares vulnerabilities across sub-groups of a selected group. 0 Vulnerability by OS Compares vulnerability counts by operating systems. Vulnerability Counts Lists detected vulnerabilities by total number and by percentage. 2 Vulnerability Counts by Asset Counts vulnerabilities discovered for each asset by severity. 3 Vulnerability Detail by Asset Lists all detailed vulnerability information available for each asset. 4 Vulnerability Names by Asset Lists vulnerability names for each asset. 5 Vulnerability Remedies by Asset Lists vulnerabilities and their remedies for each asset. 6 Vulnerability Summary by Asset Lists vulnerabilities and their descriptions for each asset. 7 Vulnerable Assets Lists assets by criticality for each vulnerability.

Page 27 Number Category Template Name Description 8 Vulnerability Differential Contrasts asset vulnerabilities for two distinct periods of time. 9 Asset Asset Event Details Lists asset events and vulnerability details. 20 Asset Asset Event Summary Lists a summary of asset events and vulnerabilities. 2 Asset Desktop Protection Report Displays counts of desktop assets protected and not protected with version details. 22 Asset Server Protection Report Displays counts of server assets protected and not protected with version details. 23 Attack Activity Attacks by Group Compares attack counts across sub-groups of a selected group. 24 Attack Activity Attacks by Protection Domain Compares attack counts across protection domains of a selected group. 25 Attack Activity Security Events by Category Provides the percentage and number of events by event category for a specified group and time. 26 Attack Activity Top Attacks Lists the top attack names by frequency for a specified group and time. 27 Attack Activity Top Sources of Attack Lists the top attack sources by frequency for a specified group and time. 28 Attack Activity Top Attacks by Severity Counts the top attack names by severity for a specified group and time. 29 Attack Activity Top Targets of Attack Lists the top attack targets by frequency for a specified group and time. 30 Attack Activity Top Targets of Attack by Severity Provides counts of the top attack targets by severity for a specified group and time. 3 Audit Audit Detail Provides an audit trail of significant actions performed by SiteProtector users. 32 Content Filtering Top Web Categories Lists categories with the number of assets and requests. 33 Content Filtering Web Requests Counts web requests by category or client. 34 Mail Filtering Daily Report Overview Displays count of daily reports generated and e-mails released. 35 Mail Filtering Traffic Report Displays email trends by hour. 36 Mail Filtering Top Responses Displays count of e-mails by responses. 37 Mail Filtering Executive Summary Provides a high-level summary of e-mail counts for actions taken, quarantined e-mails or total e-mails. 38 Mail Filtering Top Analysis Module Displays count of e-mails by analysis module.

Page 28 Number Category Template Name Description 40 Mail Filtering Top Recipients Displays top recipients by count or size of emails 4 Mail Filtering Top Senders Displays top senders by count or size of emails. 42 Management Attack Incidents Lists all attack incidents created for a specified time. 43 Management Attack Status Summary Displays attack status summary including IBM SecurityFusion module data and blocked events. 44 Management Attack Trend Displays attack activity by day, week, month, quarter or year. 45 Management Virus Activity Trend Displays virus activity by day, week, month, quarter or year. 46 Management Vulnerability Trend Displays vulnerabilities by day, week, month, quarter or year. 47 Permissions Permission Detail Displays total list of permissions. 48 Ticket Ticket Activity Summary Provides a summary of ticket counts and status time tracking. 49 Ticket Ticket Time Tracking Provides a summary of working time in tickets. 50 Ticket Ticket Trend Trend summary of tickets. 5 Virus Activity Top Virus Activity Lists the top virus names, infected files, and infected users. 52 Virus Activity Virus Activity by Asset Lists the top assets by amount of virus activity for a specified group and time. 53 Virus Activity Virus Activity by Group Compares virus activity across subgroups of a selected group. 54 Virus Activity Virus Prevention Benefits Summarizes virus infections vs. infections prevented and calculated ROI cost savings. 55 Virus Activity Virus Trend Details Charts and lists all virus activity across a specified time period.

Copyright IBM Corporation 2007 IBM Global Technology Services Route 00 Somers, NY 0589 U.S.A. Produced in the United States of America 06-07 All Rights Reserved IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Ahead of the threat is a trademark of Internet Security Systems, Inc. in the United States, other countries, or both. Internet Security Systems, Inc. is a wholly-owned subsidiary of International Business Machines Corporation. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. IBM assumes no responsibility regarding the accuracy of the information provided herein and use of such information is at the recipient s own risk. Information herein may be changed or updated without notice. IBM may also make improvements and/or changes in the products and/or the programs described herein at any time without notice.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback