Enterprise Security Analyzer 2'5

1
Enterprise Security Analyzer 2.5

• Name
• Title
• Date

2
Agenda

• IT Challenges
• eIQ Mission
• SIEM ESA At-A-Glance
• Enterprise Security Analyzer
• Topology Threat Visualization
• Log Management
• Monitoring Correlated Alerting
• Reporting
• Forensics
• Host asset management
• Summary
• Open Discussion/Questions

3
IT Security ChallengesBefore 2005

• Overwhelming number of point security solutions
  (Firewall, antivirus, anti-spam, anti-spyware,
  content filtering, etc)
• Continued change in the vulnerability landscape
• Requirement to develop security process to meet
  government regulations and meet business
  objectives
• Lack of in house security expertise to develop
  security best practices
• Lack of View into Security Posture No Security
  Intelligence

IT Security 101
IT Regulation
4
IT Security ChallengesBefore 2006 beyond

• Overwhelming number of point security solutions
  (Firewall, antivirus, anti-spam, anti-spyware,
  content filtering, etc)
• Continued change in the vulnerability landscape
• Requirement to develop security process to meet
  government regulations and meet business
  objectives
• Lack of in house security expertise to develop
  security best practices
• Lack of View into Security Posture No Security
  Intelligence

• Business pressure for IT organization to build
  processes to
• Protect IT assets from internal breach
• Protect organization from loss of reputation
• Protect intellectual property
• Balance IT security infrastructure expense vs
  risk
• Validate existing infrastructure
• Show value of new technology

5
eIQnetworks Mission Statement

• Deliver industry leading Security Information
  and Event Management (SIEM) Solution to assist
  organizations in reducing their IT security
  burden

6
SIEM (Security Information Event Management)
SIEM provides essential security intelligence

• Insight into threats (attacks, viruses and
  abnormal behavior)
• Centrally monitor, collect and archive logs
• Visualize threats (intrusion, virus, denied
  events)
• Identify understand problem areas, behavioral
  patterns, corporate policy violations, etc.
• Utilize security intelligence to improve your
  network security
• Generate real-time correlated alerts and
  historical reports to meet compliance requirements

7
Introducing
8
Log Management/Archival
Typical use scenario
Security Events
Log Data
Log Data
Extended Time Period
Log Archive
9
Case for Log Management

• Before
• Logs not retained for regulation compliance
• Concern over log file integrity
• Limited knowledge of handling cryptic logs
• Constantly changing environment makes maintaining
  home-grow scripts difficult

10
Scalable Log Management

• Scale to 1000s of heterogeneous devices through a
  distributed deployment
• Standalone deployment for smaller environments
• Centralized log management including collection,
  compression encryption

11
Security Monitoring Using ESA
Typical scenario
Security Events
Correlated Events
Remediation
Log Data
E-mail
Trouble Ticket
Security Operations
12
Case For Monitoring Alerting

• Before
• No visibility into network events/intrusions
• No visibility into virus/spam activity
• Event chatter overwhelming
• No ability to detect blended attacks
• False positives

13
Security Based Topology

• Intuitive real-time threat visualization and
  drilldown

14
Dashboard

• View security events (attacks, viruses, denied
  packets, etc.) in real-time

15
Correlated Alerting

• Create real-time alerts for any attack, virus or
  denied event activity. Choose to be notified by
  email or SNMP (or both).

16
Event and Threat Level Classification

• Classify events and threat levels based on your
  unique requirements
•  

17
Security Reporting
Typical scenario
Security Events
Security History
Customer Reports
Database
Compliance reports
Log Data
On-demand reports
Customer Portal
18
Case For Reporting

• Before
• No ability to analyze effectiveness of security
  perimeter
• Lack of reports to meet government regulations
• No ability to report on end user activity
• Lack of reports for management

Web Surfing
19
Security Center

• Create real-time monitoring views of important
  security data such as recent attacks and recent
  viruses.
• Instant access to historical information in the
  Instant Reports portal.
• Host and device specific dashboards
• Quickly find out the source of attacks and
  viruses over the past day, week, or month.
• Drilldown reporting
• MSSP friendly

20
Forensics
Typical use scenario
Security Events
Forensics Search
Log Data
Data To support Forensics Requirement
Log Data
Log Archive
21
Case For Forensics Analysis

• Before
• Non-compliance with record retention requirements
• No ability to analyze root cause of an attack
• No ability to search collected log files

22
Forensics Analysis

• Search through 100s of GBs of log data at
  industry leading performance using regular
  expressions or any other parameters.
• Help auditors validate or audit network activity
  to examine an organizations regulatory
  compliance using ad-hoc search capability
• Vector an attack track the route an attack took
  in the network -- by observing the chronological
  order of pertinent events recorded by nodes in
  the network.

23
Assets Performance

• Centralized view into assets under management
  HOST only
• Processes running on each host
• Applications on each host
• CPU, Memory, Disk etc utilization over time
• Real time Performance Monitoring
• CPU utilization
• Memory utilization
• I/O
• Etc.

24
Summary How eIQnetworks can help with you solve
IT pain
25
Supported Vendors
Apache Astaro Barracuda Blue Coat Check
Point Clavister Cisco CyberGuard eEye Fortine
tGTA Harris STAT iPolicy ISG ISS Juniper/Net
screen McAfee

• Microsoft
• Mirapoint
• MS SQL
• Nessus
• NetContinuum
• Nokia
• Nortel
• Oracle
• Secure Computing
• Snort
• SonicWallSourefire
• Symantec
• Trend Micro
• TippingPointTop LayerWatchGuard

This is a partial list please visit
www.eiqnetworks.com for the full list.
26
Operating Systems Supported
27
Operating Systems Supported continued