GuardTower TM White Paper. Enterprise Security Management Systems

Similar documents
Compliance in 5 Steps

IBM Internet Security Systems October Market Intelligence Brief

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Tracking and Reporting

CCISO Blueprint v1. EC-Council

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity in Higher Ed

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Complete document security

Laws and Regulations & Data Governance

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Demonstrating Compliance in the Financial Services Industry with Veriato

Why you should adopt the NIST Cybersecurity Framework

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Designing and Building a Cybersecurity Program

locuz.com SOC Services

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Symantec Security Monitoring Services

CA Host-Based Intrusion Prevention System r8

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

PROFESSIONAL SERVICES (Solution Brief)

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Data Privacy and Cybersecurity

SIEM: Five Requirements that Solve the Bigger Business Issues

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE

HEALTH CARE AND CYBER SECURITY:

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Industrial Defender ASM. for Automation Systems Management

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

HIPAA Compliance & Privacy What You Need to Know Now

Cyber Security and Cyber Fraud

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

Education Network Security

Everyday Security: Simple Solutions to Complex Security Problems

ISE Central Executive Forum and Awards 2012

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Proactive Approach to Cyber Security

Cisco Self Defending Network

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

etrust Antivirus Release 7.1

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management

Building a Case for Mainframe Security

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Annual Report on the Status of the Information Security Program

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

HIPAA AND SECURITY. For Healthcare Organizations

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

A Pragmatic Path to Compliance. Jaffa Law

Health Care: Privacy & Security in a Digital Age

Implementing and Enforcing the HIPAA Security Rule

Securing Mainframe File Transfers and TN3270

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

CoreMax Consulting s Cyber Security Roadmap

IBM Proventia Management SiteProtector Sample Reports

ISO27001 Preparing your business with Snare

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

efax Corporate for Independent Agent Offices

AT&T Endpoint Security

DHS Cybersecurity: Services for State and Local Officials. February 2017

SIEM Solutions from McAfee

IBM Internet Security Systems Proventia Management SiteProtector

IPLocks Vulnerability Assessment: A Database Assessment Solution

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

The Convergence of Security and Compliance

Device Discovery for Vulnerability Assessment: Automating the Handoff

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Information Security Risk Strategies. By

Keeping It Under Wraps: Personally Identifiable Information (PII)

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Vendor Risk Management. How to Confront Third-Party Cyber Risk in Your Supply Chain

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

CA Security Management

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

DeMystifying Data Breaches and Information Security Compliance

Audience. Overview. Enterprise Protection Platform for PCI DSS & HIPAA Compliance

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Integrating HIPAA into Your Managed Care Compliance Program

Oracle Buys Automated Applications Controls Leader LogicalApps

Data Security: Public Contracts and the Cloud

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Understanding Network Access Control: What it means for your enterprise

U.S. Private-sector Privacy Certification

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Transcription:

GuardTower TM White Paper Enterprise Security Management Systems

2 1 Table of Contents 1 Table of Contents... 2 2 Introduction... 3 3 Enterprise Security Management Systems... 3 3.1 ESMS Architectures... 3 3.2 ESMS Benefits... 4 3.3 Regulatory Compliance... 5 4 GUARDTOWER... 6 4.1 Product Features... 6 4.2 Supported Devices... 7 5 Conclusion... 8

3 2 Introduction In the early days of computing, all processes were centralized on the mainframe computer, and users connected to the mainframe from terminals, which are little more than display devices. Mainframe computer companies built information security processes and programs into their products, and today we have solutions such as RACF as an example of a mainframe security tool. With the advent of client-server computing, more processing moved to the desktop and today many corporations have a distributed, heterogeneous computing environment. Information security product vendors developed new tools to replace the security function that was well established on the mainframe, but they had to contend with different hardware platforms, operating systems, applications, and other variables. Add on top the Internet and the World Wide Web, along with an ever-growing number of protocols, and the information security product market space became very disparate. System and network managers once again need to control the various processes and programs (products) installed such as firewall, anti-virus, intrusion detection, and other functions. This was the genesis of the Enterprise Security Management Systems product market space. 3 Enterprise Security Management Systems The end of the 1990 s and the beginning of the 2000 s saw a consolidation of information security product companies. These companies have the ability to create Enterprise Security Management Systems (ESMS) to control their own product set, as well as create interfaces for third party vendors to plug into their ESMS products, similarly to the Network Management Systems available such as Tivoli and CA Unicenter. [Note: Other terms for Enterprise Security Management Systems (ESMS) include Security Management Systems, Active Security Management, Security Information Management, and more.] An IDC 2001 report stated that the ESMS market should be approximately $500 million in 2002 with a projected growth of 20% through 2005. Obviously this is a growth market given the current economic reality of Q4 2002, and shows the pent up demand for solutions in this area. 3.1 ESMS Architectures Enterprise Security Management Systems architectures have many of the same attributes. Here is a list common to ESMS products currently available. Interfaces to security tools including firewalls, IDS, and Anti-Virus systems s to collect data from the security tools Data bases to store the information Processes to perform normalization, correlation, consolidation, and analysis Processes to respond to threats or otherwise act Control consoles to view and report Toolkits to build interfaces to the ESMS Interfaces to Network Management Systems The GUARDTOWER TM solution architecture is presented below as our example of choice for this paper.

4 GUARDTOWER Architecture INPUT DATA AND PROCESSING CONTROL AND OUTPUT DATA Event Correlation Normalization Consolidation Response Suppression Escalation Statistical Monitoring Printed Reports Display Console Data Base Events Vulnerability Data OS & Application Logs Firewalls & Routers IDS & Content Monitoring Anti-Virus Systems Custom Tools Security Posturing Graphical User Interface Command Line Interface Web Interface 3.2 ESMS Benefits ESMS products can offer the following benefits. Improved Risk Management Integrated incident management, secure command and control, recurring vulnerability assessments, and enhanced uptime for improved business continuity. Security Best Practices Policy enforcement, and automated escalation of security events. Regulatory Compliance Addresses HIPAA, GLBA, and other regulations. Reduced Costs Leverage current technology investments to eliminate managed services recurring costs, and to provide for more efficient operations. Ease Of Use GUI command and control, as well as enterprise-wide automated response.

5 3.3 Regulatory Compliance ESMS solution vendors often describe how these technologies help with regulatory compliance, usually detailing how they address the Health Insurance Portability and Accountability Act (HIPAA) for health care concerns, and the Gramm-Leach Bliley Act (GLBA) for financial institutions. In addition, there are other regulations such as the Children s Information Protection Act (CIPA) for K-12 educational organizations and pending legislation on cyber-crime. In all of these cases, tools that provide Information Protection capabilities can claim to help with compliance for those regulations that have requirements in this area. The regulations mentioned above each have Information Protection requirements, some with severe penalties for non-compliance including jail time and fines. The following are brief discussions about how ESMS solutions address HIPAA and GLBA compliance. HIPAA The main intent of HIPAA that concerns most of us citizens is, simply stated, to ensure that our personal medical information is kept confidential. This means that whoever has our data, whether they be our doctors, hospitals, insurance companies, banks, pharmacies, religious groups, and any other organization that has our data, they are required to keep our data confidential. Since much of this data is now electronic, Information Protection is key to compliance. Therefore, organizations that have this data (covered entities) must assess their risks, and develop, implement, and maintain a strategy to ensure compliance. These efforts and plans are basic Information Security best practices with a HIPAA specific spin. GLBA This act enables financial institutions to do business in new ways, encouraging collaboration and other wide-ranging changes. Along with these changes came rules governing the security and privacy of certain data. Various U.S. government agencies are responsible for enforcement, including the Securities and Exchange Commission (SEC), the Board of Governors for the Federal Reserve Systems, the Federal Trade Commission (FTC), and the Treasury Department s Office of the Comptroller (OCC). Two areas are key for data security. Non-public personal information use and options is one area, and IT Security Safeguards is another. Specifically, GLBA provides for administrative, technical, and physical safeguards for customer records and information. Again, we see basic Information Security best practices being applied to the financial sector. Regulations do not (in most cases) define specific technologies, and never do they mandate a specific vendor. Rather, rules governing data and responsibilities are defined, with enforcement to boot. Risk assessments, auditing, reporting, due diligence, the application of technology and other Information Protection practices are required for compliance. ESMS solutions help prove that the organization is compliant by correlating data from all of the information security technologies and processes, providing real-time threat management, audit trails, and reporting.

6 4 GUARDTOWER In the fall of 1998, the GUARDTOWER TM Security Management System was developed for a large Secure Commerce Systems wireless telecommunications client. It had the ability to analyze vulnerability data correlated and contrasted against log data from firewalls, routers, intrusion detection engines, and anti-viral logs. Providing near real time alerts via cell phone and e-mail, the Computer Emergency Response Teams were provided the data they needed to defend the enterprise against malicious and unwanted attacks. GUARDTOWER Security Correlation Appliance GUARDTOWER Security Correlation Appliance (SCA) has been enhanced since 1998 to support more devices and leading edge products. The SCA is the first a series of products providing a higher level of security assurance defined within the GUARDTOWER Cyber Security Defense System (CSDS) and the GUARDTOWER life-cycle methodology. 4.1 Product Features GUARDTOWER embodies the features and benefits of Enterprise Security Management Systems described in this paper. GUARDTOWER also includes features that set it apart from other ESMS solutions, including Suppression, Escalation, and Security Posturing. Brief definitions of these technologies are listed below. The feature descriptions below are a more detailed set to further expand on the architecture presented earlier in the ESMS Architecture section. Module Based Architecture Modules are the building blocks for event unification and processing. Module types include an inbound module (syslog server), an outbound module, and a processing module (correlation engine and response engine). Connection Matrix Provides internal and external connectivity of modules. Integrated Event Firewalling Enforces the interconnectivity event processing. Inbound Processing Process to receive events and alerts via Syslog and GUARDTOWER agents. Multi-Tier Correlation Engine Integrates events and alerts, maps signatures from dissimilar vendors, incorporates vulnerability data from security scanners, and utilizes threat management statistics. Special modules are added to enhance functionality including predictive analysis and response, threat management service statistics, and vulnerability assessment data. Escalation Process to define how incidents are managed from the initial event through action, according to a predefined rule set. Response Suppression and Management Incorporates specialized correlation processes to effectively manage the outbound processing of common and duplicate responses. Responses include common alerting options and immediate electronic containment. By defining recipients and setting suppression and escalation thresholds, administrators control the amount of user interaction required.

7 Statistical Monitoring The statistics engine monitors the activity of devices, modules, and events to identify abusive behavior by analyzing audit data that deviates from a predicted norm. As events are captured, their event ID's are determined and posted. StatMonitors are created to record event statistics and to track changes occurrences over time, and provide responses to those activities reaching or exceeding thresholds. Start and End times determine the duration for each monitor, and the duration is called a cycle. Once a monitor has expired it is stored and all counters are reset for the next cycle. The stored data is then used for trend analysis. A series of monitors grouped by technology can define criteria used for understanding the Security Posture of computer networks. Statistical monitoring complements rules-based intrusion detection. Security Posturing Graphical and text based output display of event and response analysis, including trending. This process helps with compliance. Outbound Processing Validated security events are reformatted and sent to the User Interface and 3D Graphical Monitor for clear understanding. Incidents can be reformatted to coexist with existing legacy or custom systems, such as TIVOLI and HP-OpenView. Appliance Chaining Interconnects multiple SCA s for enterprise environments. Web-based Interface Used for initial appliance setup. Command Line Interface Uses SSH to securely connect to the SCA. Graphical User Interface Used to customize correlation mapping, response suppression, inbound and outbound processing, and module configuration. 4.2 Supported Devices The following is a table of devices supported by GUARDTOWER TM. Firewall Check Point FW-1 Cisco PIX Nokia IP Security Appliances Network Intrusion Detection Network Flight Recorder (NFR) ISS RealSecure Cisco NetRanger Dragon IDS Snort IDS Operating Systems & Host Intrusion Detection BSDI Free, Net, Open BSD Linux OpenBSD Solaris SunOS Windows 2000 Windows NT General Server Applications Apache Web Server Microsoft IIS* SendMail* SSH* DNS* Cisco Routers Content Filtering Aladdin esafe Trend Micro ScanMail GUARDTOWER can support any Information Security technology via the import of log data and by building custom agents. These agents are quickly created due to the open nature of the GUARDTOWER architecture.

8 5 Conclusion Enterprise Security Management Systems are a natural progression in the maturity of the Information Security product market place. ESMS can provide the command and control required by organizations to improve Information Risk Management and to comply with regulations. The GUARDTOWER TM Security Management System provides the features and benefits of ESMS solutions as well as unique technology that positions it as a market leader. This proven technology should be considered when evaluating ESMS products.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback