CiscoWorks Security Information Management Solution 3.1

Similar documents
END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400

Cisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP

Cisco Extensible Provisioning and Operations Manager 4.5

Cisco Voice Services Provisioning Tool 2.6(1)

CISCO IP PHONE 7970G NEW! CISCO IP PHONE 7905G AND 7912G XML

ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL STUB ROUTER FUNCTIONALITY

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco ONS SDH 12-Port STM-1 Electrical Interface Card

THE POWER OF A STRONG PARTNERSHIP.

Cisco Catalyst 2950 Series Software Feature Comparison Standard Image (SI) and Enhanced Image (EI) Feature Comparison

NEW METHOD FOR ORDERING CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES INTEGRATED SERVICES ROUTERS SOFTWARE SPARE IMAGES

CONFIGURING EPOLICY ORCHESTRATOR 3.0 AND MCAFEE 8.0i WITH CISCO CALLMANAGER

USING MCAFEE VIRUSSCAN ENTERPRISE 8.0I WITH CISCO CALLMANAGER

Cisco 2651XM Gateway - PBX Interoperability: Avaya Definity G3 PBX using Analog FXO Interfaces to an H.323 Gateway

Cisco 3745 Gateway - PBX Interoperability: Avaya Definity G3 PBX using Q.931 PRI Network Side Interfaces to an H.323 Gateway

USING TREND SERVERPROTECT5 WITH CISCO CALLMANAGER

ANNOUNCING NEW PRODUCT OFFERINGS FOR THE CISCO CATALYST 6500 SERIES

Traffic Offload. Cisco 7200/Cisco 7500 APPLICATION NOTE

NEW CISCO IOS SOFTWARE RELEASE 12.2(25)EY FOR CISCO CATALYST 3750 METRO SERIES SWITCHES

NEW JERSEY S HIGHER EDUCATION NETWORK (NJEDGE.NET), AN IP-VPN CASE STUDY

CISCO NETWORK CONNECTIVITY CENTER BUSINESS DASHBOARD

Cisco MDS 9000 Family and EMC ECC Integration

Using TAPS with +E.164 Directory Numbers

Cisco CallManager Server Upgrade Program

Cisco Unified CallManager 4.0-PBX Interoperability: Mitel 3300 ICP Release 4.1 PBX to a Cisco 6608 Gateway using T1 QSIG with MGCP

CISCO FAX SERVER. Figure 1. Example Deployment Scenario. The Cisco Fax Server solution consists of the following components:

MULTI-VRF AND IP MULTICAST

Cisco Unified CallConnector for Microsoft Office Quick Reference Guide 1

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO FLEXWAN MODULE FOR USE WITH THE CISCO 7600 SERIES ROUTERS AND CATALYST 6500 SERIES SWITCHES

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

Cisco Aironet In-Building Wireless Solutions International Power Compliance Chart

Strategic IT Plan Improves NYCHA Resident Services While Reducing Costs US$150 Million

CISCO TRANSPORT MANAGER 4.7

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

Cisco Optimization Services

NETWORK ADMISSION CONTROL

High-Availability Solutions for SIP Enabled Voice-over-IP Networks

Cisco Value Incentive Program Advanced Technologies: Period 7

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

The Cisco Unified Communications Planning and Design Service Bundle

Third party information provided to you courtesy of Dell

THE CISCO SUCCESS BUILDER PROGRAM THE CISCO SMALL OFFICE COMMUNICATIONS CENTER: AFFORDABLE, PROVEN COMMUNICATIONS SOLUTIONS FOR SMALL ORGANIZATIONS

CISCO 7200 SERIES NETWORK PROCESSING ENGINE NPE-G1

Introducing Cisco Catalyst 4500 Series Supervisor Engine II-Plus-10GE and Cisco Catalyst 4500 Series 48-Port 100BASE-X SFP Line Card

Cisco AS5300 Gateway - PBX Interoperability: NEC NEAX 2400 PBX using T1 PRI Interfaces to an H.323 Gateway

Cisco Unity 4.0(4) with Cisco Unified CallManager 4.1(2) Configured as Message Center PINX using Cisco WS-X6608-T1 using Q.SIG as MGCP Gateway

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

Cisco EtherChannel Technology

E-Seminar. Voice over IP. Internet Technical Solution Seminar

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO CATALYST 6500 SERIES OC-12 ATM MODULE

Cisco Router and Security Device Manager Intrusion Prevention System

CISCO AC/DC POWER SOLUTION FOR USE WITH CISCO OPTICAL PLATFORMS

Взято с сайта

CISCO WDM SERIES OF CWDM PASSIVE DEVICES

Cisco Systems Intelligent Storage Networking

CISCO ONS SONET 12-PORT DS-3 TRANSMULTIPLEXER CARD

NEW CISCO IOS SOFTWARE RELEASE 12.2(25)FY FOR CISCO CATALYST EXPRESS 500 SERIES SWITCHES

CISCO IOS SOFTWARE RELEASE 12.3(11)YK

Cisco Unified CallManager Licensing Pricing Model

Cisco AVVID The Architecture for E-Business

Cisco 2651XM Gateway - PBX Interoperability: Ericsson MD-110 PBX using Q.931 BRI User Side Interfaces to an H.323 Gateway

Cisco ONS SONET 48-Port DS-3/EC-1 Interface Card

Cisco Unified Wireless IP Phone 7920 Multi-Charger

Quick Start Guide Cisco CTE 1400 and Design Studio

The information presented in this document was created from devices in a specific lab environment. All of the devices started with a cleared (default)

Cisco Unified Wireless Network Software Release 3.1

Cisco MCS 7815-I2-UC1 Media Convergence Server

Cisco 7304 Shared Port Adapter Modular Services Card

CISCO CENTRALIZED WIRELESS LAN SOFTWARE RELEASE 3.0

CISCO 10GBASE XENPAK MODULES

Cisco Catalyst 4500 Series Power Supplies and External AC Power Shelf

Cisco ubr7200-npe-g1 Network Processing Engine for the Cisco ubr7246vxr Universal Broadband Router

Cisco T3/E3 Network Module for Cisco 2600, 3600, and 3700 Series Routers

WLAN Small Business Guide

Cisco Router and Security Device Manager Cisco Easy VPN Server

Cisco IT Data Center and Operations Control Center Tour

CISCO AIRONET 1230AG SERIES ACCESS POINT

CISCO CATALYST 6500 SERIES WITH CISCO IOS SOFTWARE MODULARITY

C ISCO INTELLIGENCE ENGINE 2100 SERIES M OUNTING AND CABLING

Cisco VIP6-80 Services Accelerator

Cisco ONS MA SONET Multiservice Platform

CISCO GIGABIT INTERFACE CONVERTER

Cisco Enterprise Content Delivery Network Solution Cisco Content Engines

Innovation in Accessibility

Cisco StackWise Technology

Cisco 7600 Multiprocessor WAN Application Module for Broadband Aggregation

CISCO AIRONET 2.4 GHZ AND 5 GHZ ANTENNAS AND ACCESSORIES COMPLETE THE WIRELESS SOLUTION

Multicast Virtual Private Networks

DATA SHEET. Catalyst Inline Power Patch Panel

The second enhancement is the first step in a series of new commands, which will eliminate the potential for groups to transition from Sparse Mode int

Cisco 7200VXR Series NPE-G2 Network Processing Engine

Portable Product Sheets Cat 4500 Supervisors last updated July 22, 2009

E-Seminar. Wireless LAN. Internet Technical Solution Seminar

Cisco SCA Series Secure Content Accelerator

SAFE Nimda. Attack Mitigation WHITE PAPER

Avaya Definity CM 2.0 to a Cisco IAD243X using PRI T1 5ESS ISDN with SIP

Cisco Persistent Storage Device

Cisco Helps Government of Catalonia, Spain, Improve Citizen Satisfaction Through Shared Services Portal

Cisco MDS 9000 Family Small Form-Factor Pluggable Devices

iclass SE multiclass SE 125kHz, 13.56MHz 125kHz, 13.56MHz

Transcription:

Data Sheet CiscoWorks Security Information Management Solution 3.1 One of the greatest challenges in enterprise security is managing the flood of alerts generated by a growing number of multivendor security devices and systems. Automation is required to isolate and prioritize the few messages that indicate real security threats. The key to more effective security automation lies in a software technology known as Security Information Management (SIM). CiscoWorks Security Information Management Solution (CiscoWorks SIMS) is based on technology from netforensics v3.1 and incorporates powerful features for gathering and analyzing the overwhelming amount of security event data that companies are experiencing. Companies can manage their growing security infrastructure and effectively monitor millions of event messages, without additional staff. With CiscoWorks SIMS, the user has a solution that delivers: Complete event monitoring for SAFE and all multivendor security environments Real-time event correlation to detect both known and unknown threats Advanced visualization for fast and intuitive security monitoring Integrated risk assessment to understand the overall vulnerability of any particular asset within the enterprise Comprehensive reporting and forensics for all levels of security operations The CiscoWorks SMS delivers these capabilities using the award-winning netforensics software, which is the central component of the solution. netforensics v3.1 collects, analyzes, and correlates security event information from across the enterprise in a series of four distinct phases: normalization, aggregation, correlation, and visualization. All contents are Copyright 1992 2002 All rights reserved. Important Notices and Privacy Statement. Page 1 of 6

Normalization and Aggregation In the normalization and aggregation phases, security events are collected from virtually all intrusion detection systems, firewalls, operating systems, applications, and anti-virus systems and transformed into a common easy-to-understand XML format. Correlation Formatted records are then correlated using two distinct yet complementary forms of event correlation. The first is a statistical correlation mechanism that relies upon event categorization and threat scoring to determine the threat potential of security-based anomalies. The second is an optional rules-based correlation feature that separates false positive security alarms from potentially significant security incidents by invoking time aware security policy rules for each event received. With statistical correlation, normalized security events are categorized into security incident types by asset or asset group. Incident types can range from a reconnaissance attack, to a virus attack, to a denial of service attack, to name just a few. For each asset a threat score is continuously computed by combining event severity with asset value to determine an overall measurement of security incident potential. The key advantage is the ability to find those anomalies that may go undetected by a rules-based correlation implementation. Visualization netforensics v3.1 displays correlated results on a centralized, real-time console with a graphical, Java-based interface that is powerful, intuitive, and user friendly. The Executive Dashboard provides a real-time, enterprise-level view of security trends and the Real-Time Console facilitates fast isolation of security attacks using real-time correlation and analysis capabilities. All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 2 of 6

Risk Assessment In security terms, risk assessment involves understanding the overall vulnerability of any particular asset within the enterprise. Risk is commonly defined as the combination of threat, vulnerability, and value, where: Threat is any abnormal traffic or activity directed against a system or asset. netforensics scores each threat type, whether it s a port scan or login failure. These scores are then considered in the overall risk calculation. Value is the level of importance (perhaps in dollars) of any particular system or asset. The value is a user-defined variable for each asset in the enterprise. Vulnerability is the likelihood that a threat will be successful against a system or asset. The solution combines each of the above to formulate an overall risk score for each asset within the enterprise, with higher scores indicative of higher asset vulnerabilities. The solution produces a Risk Assessment Report that provides the necessary details behind each asset and its associated risk. By understanding the vulnerability of specific assets within an enterprise, companies can strengthen appropriate security policies. Summary As securing the enterprise IT infrastructure becomes more challenging, companies must rely on technology to help assimilate the amount of security event information that flows from an ever-increasing number of security devices and systems. In addition, technology must be used to not only aid organizations in reducing the risk of attacks, but also to help accelerate responses when attacks occur. CiscoWorks SIMS increases the effectiveness of existing security teams and thereby helps achieve a real, measurable ROI. Devices Supported for Monitoring Table 1 Event Sources and Versions Supported Application/Device Version netforensics Components Third-party applications Universal Agent Historical data See Syslog File Agent Batch Agent Arbor PeakFlow DoS 2.1 Agent for Arbor Peakflow Check Point FireWall-1 NG, 4.1 Agent for Check Point Cisco IOS ACL, FW, IDS 12.2, 12.0 Syslog File Agent Cisco Secure ACS 3.0 Agent for CSACS Cisco Secure IDS 4.0, 3.1, 2.5, 2.2 CSIDS Agent/Syslog Agent Cisco Secure PIX 6.2, 6.1, 6.0, 5.3, 5.2, 5.1, 5.0 Syslog File Agent Cisco Secure PIX IDS 6.2, 6.1, 6.0, 5.3, 5.2 Syslog File Agent Cisco VPN Concentrator 3.1, 2.5.2 Syslog File Agent CyberGuard Firewall 5.1 Agent for CyberGuard Dragon Sensor/Squire 5.0 / 1.3.1 Agent for Dragon Entercept HIDS 2.5, 2.0 Agent for Entercept All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 3 of 6

Table 1 Event Sources and Versions Supported Application/Device Version netforensics Components ISS RealSecure HIDS/NIDS 6.5, 6.0, 5.5 / 7.0, 6.5, 6.0 Agent for ISS RealSecure Secure Computing Sidewinder 5.2 Agent for Sidewinder Snort NIDS 1.8 Agent for Snort Symantec Enterprise FW/VPN 7.0, 6.5 Agent for Symantec Symantec ManHunt NIDS 2.2 Enterprise Firewall/VPN Tripwire NIDS 3.0 Agent for ManHunt UNIX OS events Solaris 8/7/6, Linux 7.2/7.1 Agent for Tripwire Windows events Windows 2000 Server/Advanced Server UNIX OS File Agent The list of supported event sources and versions is frequently updated System Requirements Supported Operating Systems Table 2 lists the supported operating systems for different netforensics components. Table 2 Quick Lookup for Supported Operating Systems netforensics Component Supported Operating System nf Engine Red Hat Linux, Solaris 8 nf Master Red Hat Linux, Solaris 8 nf Provider/Oracle 9i Database Red Hat Linux, Solaris 8 nf Web Server Red Hat Linux, Solaris 8 nf Agent for Arbor Peakflow nf Agent for Check Point nf Agent for CSACS Windows 2000 nf Agent for CSIDS Red Hat Linux, Solaris 8 nf Agent for CSIDS 4.0 nf Agent for CyberGuard nf Agent for Dragon Red Hat Linux, Solaris 8 nf Agent for Entercept Windows 2000 nf Agent for ISS RealSecure Windows 2000 All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 4 of 6

Table 2 Quick Lookup for Supported Operating Systems netforensics Component nf Agent for ManHunt Supported Operating System nf Agent for Raptor Solaris 8, Windows 2000 nf Agent for Sidewinder nf Agent for Snort Red Hat Linux, Solaris 8 nf Agent for Tripwire nf Agent for Windows Windows 2000 nf Batch Agent Red Hat Linux, Solaris 8 nf Batch Agent for Check Point nf Syslog File Agent nf Universal Agents nf UNIX File Agent Red Hat Linux, Solaris 8 Note: Red Hat Linux 7.1 (Kernel 2.4.9) or Advanced Server only; Windows 2000 Server/Advanced Server (Service Pack 2) only; Solaris on SPARC only Full Install Table 3 Minimum System Requirements for Full Install Component Operating System Processor Memory Free disk space Storage Device Software packages Requirement See Supported Operating Systems Linux: Dual Intel Pentium 4 1.5 GHz (server class) Solaris: Dual UltraSPARC-IIi 444 MHz (server class) 4 GB total system memory 18 GB (see Disk Partitions in the netforensics Quick Start Guide) CD-ROM Linux: Anonymous FTP Server, development libraries, kernel development Solaris 8: See Solaris Patches and Packages in the netforensics Quick Start Guide) All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 5 of 6

Ordering Information CWSIM-3.1-SS-K9 CWSIM-3.1-SL-K9 CWSIM-3.1-EN-K9 CWSIM-3.1-DS-K9 CWSIM-3.1-DL-K9 CWSIM-3.1-ADD20-K9 Starter Kit on Solaris License for monitoring of 30 devices, one master engine, one distributed engine, one Oracle database, agent software for all supported devices Starter Kit on Linux License for monitoring of 30 devices, one master engine, one distributed engine, one Oracle database, agent software for all supported devices License for one additional distributed engine on Solaris or Linux License for one additional database on Solaris License for one additional database on Linux License for monitoring 20 additional devices Corporate Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe All contents are Copyright 1992 2003 All rights reserved. Cisco, Cisco Systems, the Cisco Systems logo, Cisco IOS, and PIX are registered trademarks or trademarks of and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0303R) 203051/ETMG_04/03

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback