Help Your Security Team Sleep at Night

Similar documents
Take a Confident Step towards Migration to Microsoft Skype for Business

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Network & Infrastructure Management (NIM) with Riverbed SteelCentral

Cascade Trade Up Program

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Service Delivery Platform

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA NetWitness Suite Respond in Minutes, Not Months

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Best Practices for PCI DSS Version 3.2 Network Security Compliance

FireMon Security manager

STEELCENTRAL NETPLANNER

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

align security instill confidence

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

CyberArk Privileged Threat Analytics

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Reinvent Your 2013 Security Management Strategy

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

2018 Edition. Security and Compliance for Office 365

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Enterprise Situational Intelligence

Integrating Riverbed SD-WAN with Palo Alto Networks GlobalProtect Cloud Service

Connectivity to Cloud-First Applications

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

INTELLIGENCE DRIVEN GRC FOR SECURITY

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Automating the Top 20 CIS Critical Security Controls

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ITSM SERVICES. Delivering Technology Solutions With Passion

McAfee epolicy Orchestrator

Industrial Defender ASM. for Automation Systems Management

SIEM: Five Requirements that Solve the Bigger Business Issues

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Securing Your Digital Transformation

Privileged Account Security: A Balanced Approach to Securing Unix Environments

A Practical Guide to Efficient Security Response

SIEMLESS THREAT MANAGEMENT

Best Practices in Securing a Multicloud World

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

2 The IBM Data Governance Unified Process

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SIEM Solutions from McAfee

Endpoint Security for DeltaV Systems

with Advanced Protection

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

CA Security Management

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Unlocking the Power of the Cloud

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed

Visual TruView Unified Network and Application Performance Management Focused on the Experience of the End User

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Cisco Tetration Analytics

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

An ICS Whitepaper Choosing the Right Security Assessment

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

CONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

Security Information & Event Management (SIEM)

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

Snort: The World s Most Widely Deployed IPS Technology

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Closing the Hybrid Cloud Security Gap with Cavirin

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Symantec Network Access Control Starter Edition

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Education Network Security

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

ForeScout Extended Module for Splunk

Security and Compliance for Office 365

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

NEXT GENERATION SECURITY OPERATIONS CENTER

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

IBM Security Guardium Analyzer

Federal Agency Firewall Management with SolarWinds Network Configuration Manager & Firewall Security Manager. Follow SolarWinds:

Cisco Start. IT solutions designed to propel your business

IT Consulting and Implementation Services

CloudSOC and Security.cloud for Microsoft Office 365

How can we gain the insights and control we need to optimize the performance of applications running on our network?

Carbon Black PCI Compliance Mapping Checklist

Device Discovery for Vulnerability Assessment: Automating the Handoff

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Transcription:

White Paper Help Your Security Team Sleep at Night Chief Information Security Officers (CSOs) and their information security teams are paid to be suspicious of everything and everyone who might just might pose a risk to the business. They lie awake pondering how to safeguard your company s intellectual property. Their sleeplessness is often justified. Every day there are new reports of application exploits, organized campaigns to impact network operations, and internal malicious behavior. They frequently rely on you, the network and application performance management experts, for much needed insight into network infrastructure and application usage and to help resolve security issues as quickly as possible. The intent of this brief is to help both you and your beleaguered (and beloved) CISO speak the same language and take advantage of the Riverbed SteelCentral platform s unique ability to make all the moving parts in your infrastructure visible. Based on our experience helping customers augment and enhance their security programs, most CISOs become strong champions of the SteelCentral platform. They get excited about having actionable intelligence 24/7 to enhance your organizations security posture and often sponsor joint initiatives. They may be eager to invest in automating routine and or expert tasks to reduce error, developing custom dashboards for forensic analysis, and integrating existing IPS/SIEM solutions with SteelCentral to ensure they have extended visibility. Visibility Drives Security Value SteelCentral s primary purpose is to deliver actionable intelligence that empowers teams to make effective resourcing decisions and resolve application performance problems efficiently. It accomplishes this by combining varying data types from multiple sources to provide holistic views of the application and network performance ecosystem, as shown in Figure 1. 1 IPS Intrusion Prevention System SIEM - Security information and event management 2015 Riverbed Technology. All rights reserved 1

StreelCentral Platform Architecture Figure 1: SteelCentral Platform Architecture The devices and applications in the data tier Consequently, SteelCentral can supply status information (bottom third of the diagram) can vary widely based and alerting to the information security team very easily. on the environment s instrumentation. Fortunately, Riverbed supports a comprehensive set of vendor and device types. The middle tier consists of focused solutions that give you visibility into all network and application domains. Performance monitoring and analysis solutions use built-in big data analytics to turn high-volume packet, flow, application and transaction metrics information Leveraging Built-in Security Workflows CISOs frequently use standards-based frameworks to develop gap assessment and implementation plans. These frameworks establish guidelines that help organizations Understand their current-state security stance and priorities (weakness, gaps, areas requiring quick fixes, etc.) Define the end-state security stance needed for the business (defensible network designs, application usage policies, user privileges, etc.) Track network and application security posture over time (i.e., is the current operational status more secure or less secure than intended?) into actionable intelligence on a continuous basis. The SteelCentral network planning and configuration solutions integrates the physical map with application and logical network maps to give a view of changes to the infrastructure and device configurations that can be blended with network and application performance views. The upper tier delivers the comprehensive and blended view of your infrastructure. It provides true unified visibility via customizable metrics dashboards that allows you to navigate in context between modular solution components. 2015 Riverbed Technology. All rights reserved 2

The SteelCentral security workflows in Table 1 address various security framework guidelines with little or no extra cost to the business. Each security workflow listed is based on standard, built-in functionality. There are no additions, plug-ins, or changes to the products necessary to make them work in your environment. By nature, SteelCentral security workflows and security framework guidelines are descriptive, not prescriptive. You must incorporate them into your workplace in ways that are meaningful to your business. For example, a very basic requirement is to audit network devices for known configuration vulnerabilities and take remediation. Your process for doing this would incorporate the network discovery, auditing, policy validation, and change configuration workflows. Similarly, many frameworks expect you to automate the monitoring of critical application or device status. SteelCentral dashboards like the one in Figure 2 can be customized to display the metrics critical your stakeholders and used as the basis for discussing risk and setting priorities for action when problems occur. Table1: SteelCentral Security Workflows Security Workflow Network Device Discovery Network Mapping Audit Network Device Configuration. Network Device Reporting Proactive Policy and Change Validation Configuration change Implementation Identify Use of Insecure Protocols Description Scans and finds all network devices (firewalls, routers and switches) within a specified IP Address range and maintains an inventory of network device configuration. Automatically build detailed network maps using network device information gathered during discovery workflow. Device compliance and error status is integrated into the maps (e.g. out of compliance devices are highlighted in red on the diagrams). Evaluate network device security compliance using either pre-built or custom rules and policy templates during each device discovery cycle. For example, create a rule to test for approved SNMP read/write credentials. Choose from a number of built-in reports or specify custom reports for auditing and status updates for example, generate a list of the ports in use across secure zones. Creates a simulation network model, based on the network device configuration information, to validate network changes before implementation. For example, flow analysis is used to determine if routing behaves as expected after the proposed network change is implemented. Uses automation to push configuration changes to network devices to reduce operator error. Stores snapshots of configuration before and after changes are deployed (what was changed, who implemented, etc.). Identify insecure protocols used to administrate key servers and verify communications are sourced from known IP ranges (or specific segments). Examples of insecure protocols: Telnet, FTP, or any unencrypted communications. Enable anomaly detection heuristics based on Riverbed best practices. (Optional: Send alerts sent to third party SIEM when triggered.) Behavior Based Anomaly Detection Network Segmentation Reporting Log Connectivity Map Applications Packet Capture and Analysis Define Critical Application and Transaction Dashboards Example best practices: - Focus heuristics on anomalous traffic - New Server Port initiated by monitored servers - Port scan - Raise alerts for scans and suspicious - Host scan connection settings - Worm (merged host scans) - Suspicious connection (rare connection between host)s Provide reporting to support proper network segmentation, incorporating trust zones and application tiers. Configure report templates to validate rules derived from the Client Network Security Classification Standards. Monitor traffic from Untrusted to Semi-trusted sources. Example usage: Start with summary report showing all DMZ servers seeing traffic, then drill down to report on flow (i.e. connection) details. Provide application dependency maps for all key tier 1 applications. Determine the valid (legitimate) application connections and server/client entities. Store and capture packet information for long-term forensic analysis. Create dashboards indicating real-time performance and usage patterns. Use pre-defined widgets populated with data from a wide variety of metrics and alerts. 2015 Riverbed Technology. All rights reserved 3

StreelCentral Portal Application Security Monitoring Example Figure 2: StreelCentral Portal Application Security Monitoring Example Summary No other solution today can match SteelCentral s ability The built-in reporting and monitoring workflows within to combine packet, flow, application, infrastructure, and the SteelCentral Platform can be directly leveraged to enhance your business security strategy without the need to have yet another set of security-specific processes overlaying the work you do. Everyone benefits from increased visibility. Business stakeholders benefit by focusing on views containing the metrics they need to monitor. Technical stakeholders benefit during troubleshooting due to context-sensitive navigation and powerful built-in data analytics. CISOs and information security professionals benefit from the continuous monitoring of network and application infrastructure, the ability to create reliable status reports based on truly authoritative data sources, and the wealth of historical data available for forensic analysis when needed. 2015 Riverbed Technology. All rights reserved transaction data in such meaningful ways. Visibility helps you rapidly troubleshoot and assign ownership to teams that can effect change, allows for easy customization of reports to suit your business requirements, and, ultimately, give your CISO the insight required to understand past security events and make the right choices to strengthen and monitor cyber defenses. 4

Call to Action Additional Information This technical brief has given you a glimpse into what Visit the following link to find out more about SteelCentral CISOs are accountable for. Use what you ve learned to products and solutions available to address your network explore and discuss the ideas presented with your CISO and performance monitoring and analysis needs and information security team. Together, you ll gain a better understanding of the broader information security domain and your CISO will learn to appreciate the wise investment your SteelCentral solution really is. When the time is right to embed SteelCentral solutions http://www.riverbed.com/products/steelcentral/index.html To keep up to date with useful information on security and other topics, be sure to bookmark http://www.riverbednews.com into your company s cyber security strategy, we strongly Speaking of security topics, here are a few recent encourage you to consult with your local Riverbed newsletter articles we hope you find interesting. Professional Services Organization. Find out how they ve helped other companies through this journey and the benefits that have been realized everything from improved application performance, cost savings, and better sleep for the CISO. Peace Through Performance: How Riverbed Can Enhance IT s Security Posture Better Visibility Enables Better Security with SteelCentral NetProfiler SANS Critical Security Controls: SteelCentral Has You Covered About Riverbed Riverbed, at more than $1 billion in annual revenue, is the leader in application performance infrastructure, delivering the most complete platform for the hybrid enterprise to ensure applications perform as expected, data is always available when needed, and performance issues can be proactively detected and resolved before impacting business performance. Riverbed enables hybrid enterprises to transform application performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility. Riverbed s 26,000+ customers include 97% of the Fortune 100 and 98% of the Forbes Global 100. Learn more at riverbed.com. 2015 Riverbed Technology. All rights reserved. Riverbed and any Riverbed product or service name or logo used here are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein may not be used without the prior written consent of Riverbed Technology or their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback