Leveraging Information Overload for Effective Security Management - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Leveraging Information Overload for Effective Security Management

Description:

McAfee VirusScan. McAfee ePolicy Orchestrator. Trend Micro ... McAfee CyberCop ASaP. McAfee Foundstone. Qualys QualysGuard. Open Source Software Nessus ... – PowerPoint PPT presentation

Number of Views:225
Avg rating:3.0/5.0
Slides: 35
Provided by: ciol
Category:

less

Transcript and Presenter's Notes

Title: Leveraging Information Overload for Effective Security Management


1
Leveraging Information Overload for Effective
Security Management
  • Shivaprakash,A.S
  • Pre Sales Head
  • India,Novell
  • ashivaprakash_at_novell.com

2
Agenda
  • About Novell
  • Challenges Created by the Evolving Information
    Security Landscape
  • Solutions to address these challenges
  • Summary
  • Demo
  • Q A

3
Five Key Solution Areas
  • 1 Security and Identity Solutions
  • 2 Data Center Solutions
  • 3 Resource Management Solutions
  • 4 Workgroup Solutions
  • 5 Desktop Solutions

4
Best of both worlds Open Source and proprietary
Platforms
Upto 70 less than an equivalent competing
solution.
Backed by World class support from Novell
Novell Open Workgroup Suite
5
Evolution of Information Security Landscape
6
IT security versus information security
IT security
Information security
  • Firewalls
  • Intrusion detection
  • Viruses, worms
  • System hardening
  • Encryption
  • Intellectual property
  • Business/financial integrity
  • Regulatory compliance
  • Insider abuse
  • Industrial espionage
  • Privacy

Business problem
Technology problem
Source Forrester
7
Challenges..
8
InfoSecurity The Tale of Sisyphus
Wireless
Remote Access
Identity
Application
Perimeter
9
Investments in Multiple Point Solutions has led
to lesser RoI
10
What would you rather look at .. This ??
Jun 17 094230 rmarty ifup Determining IP
information for eth0... Jun 17 094235 rmarty
ifup failed no link present. Check cable? Jun
17 094235 rmarty network Bringing up interface
eth0 failed Jun 17 094238 rmarty sendmail
sendmail shutdown succeeded Jun 17 094238
rmarty sendmail sm-client shutdown succeeded Jun
17 094239 rmarty sendmail sendmail startup
succeeded Jun 17 094239 rmarty sendmail
sm-client startup succeeded Jun 17 094339
rmarty vmnet-dhcpd DHCPINFORM from
172.16.48.128 Jun 17 094542 rmarty last message
repeated 2 times Jun 17 094547 rmarty
vmnet-dhcpd DHCPINFORM from 172.16.48.128 Jun 17
095602 rmarty vmnet-dhcpd DHCPDISCOVER from
000c29b7b247 via vmnet8 Jun 17 095603
rmarty vmnet-dhcpd DHCPOFFER on 172.16.48.128 to
000c29b7b247 via vmnet8 Jun 17 095603
rmarty vmnet-dhcpd DHCPREQUEST for 172.16.48.128
from 000c29b7b247 via vmnet8 Jun 17 095603
rmarty vmnet-dhcpd DHCPACK on 172.16.48.128 to
000c29b7b247 via vmnet8 Jun 17 100003
rmarty crond(pam_unix)30534 session opened for
user root by (uid0) Jun 17 100010 rmarty
crond(pam_unix)30534 session closed for user
root Jun 17 100102 rmarty crond(pam_unix)30551
session opened for user root by (uid0) Jun 17
100107 rmarty crond(pam_unix)30551 session
closed for user root Jun 17 100502 rmarty
crond(pam_unix)30567 session opened for user
idabench by (uid0) Jun 17 100505 rmarty
crond(pam_unix)30567 session closed for user
idabench Jun 17 101305 rmarty portsentry4797
attackalert UDP scan from host
192.168.80.19/192.168.80.19 to UDP port 192 Jun
17 101305 rmarty portsentry4797 attackalert
Host 192.168.80.19/192.168.80.19 is already
blocked Ignoring Jun 17 101409 rmarty
portsentry4797 attackalert UDP scan from
host 192.168.80.8/192.168.80.8 to UDP port
68 Jun 17 101409 rmarty portsentry4797
attackalert Host 192.168.80.8/192.168.80.8 is
already blocked Ignoring Jun 17 101409 rmarty
portsentry4797 attackalert UDP scan from
host 192.168.80.8/192.168.80.8 to UDP port
68 Jun 17 101409 rmarty portsentry4797
attackalert Host 192.168.80.8/192.168.80.8 is
already blocked Ignoring Jun 17 102130 rmarty
portsentry4797 attackalert UDP scan from
host 192.168.80.8/192.168.80.8 to UDP port
68 Jun 17 102130 rmarty portsentry4797
attackalert Host 192.168.80.8/192.168.80.8 is
already blocked Ignoring Jun 17 102840 rmarty
vmnet-dhcpd DHCPDISCOVER from 000c29b7b247
via vmnet8 Jun 17 102841 rmarty vmnet-dhcpd
DHCPOFFER on 172.16.48.128 to 000c29b7b247
via vmnet8 Jun 17 102841 rmarty vmnet-dhcpd
DHCPREQUEST for 172.16.48.128 from
000c29b7b247 via vmnet8 Jun 17 102845
rmarty vmnet-dhcpd DHCPACK on 172.16.48.128 to
000c29b7b247 via vmnet8 Jun 17 103047
rmarty portsentry4797 attackalert UDP scan
from host 192.168.80.8/192.168.80.8 to UDP port
68 Jun 17 103047 rmarty portsentry4797
attackalert Host 192.168.80.8/192.168.80.8 is
already blocked Ignoring Jun 17 103047 rmarty
portsentry4797 attackalert UDP scan from
host 192.168.80.8/192.168.80.8 to UDP port
68 Jun 17 103047 rmarty portsentry4797
attackalert Host 192.168.80.8/192.168.80.8 is
already blocked Ignoring Jun 17 103528 rmarty
vmnet-dhcpd DHCPINFORM from 172.16.48.128 Jun 17
103531 rmarty vmnet-dhcpd DHCPINFORM from
172.16.48.128 Jun 17 103851 rmarty vmnet-dhcpd
DHCPREQUEST for 172.16.48.128 from
000c29b7b247 via vmnet8 Jun 17 103852
rmarty vmnet-dhcpd DHCPACK on 172.16.48.128 to
000c29b7b247 via vmnet8 Jun 17 104235
rmarty vmnet-dhcpd DHCPINFORM from
172.16.48.128 Jun 17 104238 rmarty vmnet-dhcpd
DHCPINFORM from 172.16.48.128
11
Or This !
12
Or This !
13
And this !
14
Regulations, Standards Compliance
15
Gazing at the Crystal Ball ..
16
Creating Opportunity from the Chaos SIEM
17
How the Solutions Work
Security Information and Event Management
18
Business Benefits of SIEM
  • Operational Efficiency
  • Monitor More Security and Compliance Controls
    with Limited Resources
  • Measure the Effectiveness of preventative,
    detective, and corrective controls
  • Automation of Manual Processes
  • Automating Auditing Preparation and Review of
    systems against regulatory and internal policy
  • Automate data Collection, Correlation, Reporting
    and Incident Response
  • Demonstrate Compliance to Policy/Regulation
  • Regulations require organizations to establish,
    document, and monitor a robust internal IT
    control environment
  • Continuously monitoring Controls and providing
    notification of Policy Violations in real-time

19
To help you focus on innovation and growth

20
Our Solutions Have Evolved Too ..
Leveraging integration and automation to drive
down cost and reduce risk
Security Information Event
Systems Management
Comprehensive Security Compliance
Management
Identity Access Management
21
Compliance
Policy Monitoring
Incident Response
Event Management
Access Control
Identity Management
Threat Management
22
IDC on the e-Security acquisition
In the compliance area, customers want converged
solutions that encompass system, identity, access
and security event management. With the
acquisition of e-Security, Novell is the only
vendor with the potential to proactively address
business needs for a real-time, comprehensive
compliance solution that integrates people,
systems and processes. -Chris Christiansen, IDC
Vice President of Security Products and Services
23
Analyst and Industry Recognition
24
Sentinel Product Information and Architecture
25
Solution Benefits
  • View up-to-date reports on security posture
  • Eliminate manual log review and consolidation
  • Identify threats in real-time
  • Contain/remediate attacks quickly
  • Manage risk more effectively
  • Improve proof-of-compliance reporting, security
    metrics
  • Cut compliance and security costs View up-to-date
    compliance reports on Critical IT Assets
  • Eliminate manual log review and consolidation
  • Support tone at the top

26
Pre-defined Collectors
Operating Systems Microsoft Windows NT Microsoft
Windows 2000/3 Sun Solaris Sun SunOS Hewlett-Packa
rd HP-UX IBM AIX Red Hat Enterprise SuSE
Enterprise AS/400 Anti-Virus Symantec
AntiVirus McAfee VirusScan McAfee ePolicy
Orchestrator Trend Micro ServerProtect Trend
Micro ScanMail Trend Micro InterScan
VirusWall ERP PeopleSoft SAP Web Servers Apache
Apache Microsoft IIS Microsoft Proxy Netscape
Proxy Directory Services LDAP (standard) Active
Directory
Mainframe ACF2, RACF, Top Secret OS/390 Z/OS HP
NonStop Databases Oracle Sybase Microsoft SQL
Server MYSQL AB Informix Sybase DB/2 VPN CISCO
VPN 3030 CISCO PIX Device Manager Nortel
VPN Check Point VPN-1 Vulnerability Assessment IS
S Internet Scanner ISS Database Scanner McAfee
CyberCop ASaP McAfee Foundstone Qualys
QualysGuard Open Source Software Nessus eEye
Retina Network Security Scanner
Firewalls Symantec Enterprise Firewall Check
Point Firewall-1 CyberGuard ISS BlackICE CISCO
PIX SunScreen Sonic Wall Sonicwall Symantec
Enterprise Firewall WatchGuard Firebox Juniper
Netscreen Intrusion Prevention Symantec
ManHunt McAfee IntruShield McAfee
Entercept Intrusion Detection (network-based) Sym
antec Decoy Server CISCO IDS NFR Sentivist
IDS Enterasys Dragon Open Source Software
Snort Intrusion.com SecureNet ISS RealSecure ISS
SiteProtector Juniper Netscreen Sourcefire
Sourcefire Routers Switches Nortel all Cisco
all
Incident Management BMC Remedy Hewlett-Packard
Service Desk Authentication RSA ACE CISCO
Secure Access Control Server (ACS) Policy
Monitoring Symantec Enterprise Security Manager
(ESM) Intrusion Detection (host-based) Open
Source Software COPS ISS RealSecure Tripwire Syman
tec Intruder Alert Manager Patch Management BMC
Marimba PatchLink Network Management IBM Tivoli
Enterprise Console Hewlett-Packard OpenView BMC
Patrol Micromuse Netcool
27
  • Lower TCO
  • Unmatched Performance

28
Wizard Collection Technology
  • Build your own Collectors on the fly and collect
    data from ANY source
  • Collect, parse, normalize and enrich events.
  • Available for many sources
  • Windows, Unix, AS400, Tandems
  • Firewalls, VPN, Routers, Switches
  • Vulnerability Scanners
  • IDS/IPS/Access Control Systems
  • Databases, Mainframes
  • Etc
  • Collect data remotely via
  • Logfile, Socket, Syslog, SSL, SSH, OPSEC, SNMP,
    ODBC, JDBC, HTTP, WMI and more

29
Detect Violations Faster
  • Real-time Dashboard that delivers under high
    event loads
  • Detect and Analyze Trends, Threats, Violations
  • Monitor Compliance Controls across the Enterprise

Security and Compliance Dashboard
30
Resolve and Document Policy Violations Faster
  • Enable consistent, repeatable, documented
    response to violations
  • Creates audit trail, system-of-record
  • Drive metrics (e.g. mean time to resolution)

31
Sentinel ReportsTSecurity Metrics, Compliance
Reporting
  • Gain Needed Insight Into IT Controls
  • Discover trends, anomalies
  • Track and report security-related activity on
    assets impacted by Sarbanes-Oxley, other
    regulations
  • Improve Proof-of-Compliance Reporting
  • Demonstrate Your Organization
  • Monitors activity on critical IT assets
  • Identifies and analyzes security and compliance
    incidents
  • Tracks and resolves incidents and policy
    violations
  • Out-of-Box Reports, Configure Existing Reports,
    Create Your Own

32
Summary
Success is a moving target and evolution is the
only way forward
33
Demo
34

Q A
Write a Comment
User Comments (0)
About PowerShow.com