Information Technology Security Management
Business reliance on global networks is a reality. Security breaches have become more diverse and aggressive in nature, resulting in profound and material impact on organizations. Regulatory pressure is also increasing, as internal and external auditors require organizations to demonstrate continuous risk and compliance management. One of the main obstacles to managing the life cycle of risk is the disparate nature of point solutions – each with its own unique function and management interface.
Comprehensive Security Management
Proactive Security Operations and Compliance Management in One Solution. More companies and agencies are finding that being secure and compliant requires an integrated management application. Security Information Event Management (SIEM) is an enterprise security management solution for organizations with a strategy to manage risk while enabling the business. Security Manager simplifies the integration of compliance and enterprise defense.
Benefits to your organization:
Reduce the number and extent of information security breaches. The sooner a breach is identified, the lower the cost of addressing it will be. Direct costs (e.g., cost to recover data lost or altered during an incident, cost to notify customers of breaches, fines for non-compliance) and indirect costs (e.g., lost customers, lost productivity, time spent investigating/resolving breaches and hoaxes) will decrease.
Reduce systems’ costs by allowing control measures to be designed into systems rather than adding them to installed systems. (It is significantly more expensive to retrofit a control than to design it into an application or system).
Provide savings through coordination and measurement of all security awareness, training, and educational activities while reducing duplication of efforts.
Improve overall compliance with your organization’s information security policies, procedures, standards, and checklists.
Simply put, there are marked synergies between security management solutions and traditional infrastructure management solutions. In order to ensure that hard-earned security budgets bring the maximum yields many corporations have to think in strategic terms.
In addition, from a practical point of view, today’s security breaches are targeting the operational centers of the organization – data and operating systems – in order to disrupt businesses.
With the layered security model, organizations no longer have to rely on one device to protect all of their assets and can feel more confident that their assets have more solutions in place to protect them.
Reboot Twice solutions and services were developed to provide robust security infrastructure’s at a price and complexity point that is easy for organizations to manage.
Security Management Solutions
Security Information Event Management (SIEM) – SIEM enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT risk and compliance requirements.SIEM collects and normalize a broad scope of event data and correlate the impact of incidents based on the criticality to business operations or level of compliance to various mandates.
Trustwave SIEM is a logging plus event management appliance that is simple to deploy and use.
Managed by the customer, Trustwave SIEM is a line of appliances enabling every organization to actively manage more logs from more devices while decreasing the number of security-related and compliance-related incidents. Trustwave SIEM provides highly efficient and affordable logging required by industry and regulatory standards. There is an appliance model for every budget and one appliance can deliver the reporting and investigation for any organization – small and large.
Trustwave SIEM can be deployed in many ways to adapt to your requirements: one stand alone appliance or a hierarchical deployment of multiple appliances sending events to a centralized control center. Choose the implementation that best utilizes your staff and fits your budget.
Each Trustwave SIEM appliance is designed for consistent performance and optimal capacity. There are no sacrifices in performance when Trustwave SIEM is processing reports or correlating events.
Key SIEM Features
- Audit-ready reporting on compliance
- Real-time access to security events and logs
- Powerful correlation and analysis
- Rapid search using visual analysis
- Granular permissions aid organizational roles
- Appliance requires no other infrastructure
Other benefits of Trustwave SIEM
There are no restrictions on the types or number of customer-managed devices. Trustwave SIEM even collects logs from one-of-a-kind, custom and in-house developed applications and devices.
Trustwave Managed SIEM also works with the TrustKeeper Agent, ideal for smaller sites with no security team. The TrustKeeper Agent provides an affordable and efficient option for collecting and forwarding logs.
Symantec Security Information Manager enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT risk and compliance requirements. It can collect and normalize a broad scope of event data and correlate the impact of incidents based on the criticality to business operations or level of compliance to various mandates.
- Attack Visualization
- Service Provider Architecture Support
- Asset Grouping
- Provides analysts with a graphic display of the progress of an attack to facilitate quicker analysis
- Supports providing security management services to multiple divisions and/or geographies
- Leverages an enterprises existing asset model to provide insights into which parts of the organization are affected by an incident.
Automated Risk and Compliance Management (ARCM)
ARCM emerged to help organization move away from reactive security and compliance management programs to a more proactive, measurable, and predictable best practice.
- Comprehensively analyze your network for security holes.
- Validates compliance with internal policies and regulations like PCI DSS, SOX, NERC CIP, FISMA, and others.
- Isolate the root cause of risky exposure.
- Automate control testingto demonstrate compliance to auditors.
Automated Risk and Compliance Management (ARCM) emerged to help organization move away from reactive security and compliance management programs to a more proactive, measurable, and predictable best practice.
Skybox Network Compliance Auditor provides organizations the ability to evaluate large networks for access compliance, availability, and security risks. The solution collects network and security device configurations, creating a network topology map. From this map, users can automatically determine access and connectivity routes paths and validate them against network policies to generate compliance reports and IT trouble tickets.
Determine Access Compliance
Organizations can determine their access policy compliance status by automatically validating configurations against out-of-the-box policies (based on PCI, NIST, and NSA guidelines) or customized corporate policies. Analysis and reports can be generated on a daily basis or on an ad hoc basis.
Improve Network Visibility
Network Compliance Auditor provides the network visibility that most organizations lack. By collecting configuration data from all devices in the network and instantly creating a map that captures all device behavior, the user can easily visualize the network and spot security holes.
Network Compliance Auditor provides accurate and quick troubleshooting of network access connectivity. In analyzing connectivity issues, the root cause and path of the network outage and security risks are identified.
- Central repository of network policies and compliance status
- Audit network access policies in minutes—not days/weeks
- Ensure balance with network security and availability requirements
- Significant time and labor reduction
It is a product that proactively warns you about, detects, analyzes and provides remediation for an entire range of threats—including viruses, worms, spyware, key loggers, Trojans and other malicious code. It improves operational efficiencies, increases service continuity and reduces security management costs.
McAfee offers all the network security functions you need—intrusion prevention, firewall, network access control, anti-spam, anti-malware, web filtering, and outbound content control. We maintain your defenses non-stop and make ownership easy with integrated solutions and centralized management.
McAfee Firewall Enterprise
A next-generation firewall with multilayer security McAfee Firewall Enterprise (Sidewinder®) appliances address today’s firewall management challenges by combining world-class global threat intelligence, for unbeatable protection, with powerful centralized management and reporting tools, for easy planning, troubleshooting, and configuration management.
McAfee Network Access Control
Protect your network from noncompliant or infected systems Make network access control an integral part of your approach to security risk management. McAfee Network Access Control protects against today’s biggest internal threat—noncompliant systems that access and infect your corporate network
McAfee Network Security Manager
Intrusion prevention has never been easier to use, manage, and maintain It’s easier than ever to proactively block threats and attacks with this powerful intrusion prevention management system. This preconfigured, plug-and-play appliance simplifies deployments, reporting, policy configuration, and administration of IPS sensors.
McAfee Network Security Platform
Faster time to protection. Faster time to resolution. Faster time to confidence. It’s easier than ever to proactively secure your enterprise network from threats and vulnerabilities with this powerful, high-performance intrusion prevention solution. Breakthrough integration means you get greater visibility to your enterprise security. Empower your enterprise with useful information that sets you on the right course when threats loom.
McAfee Network User Behavior Analysis
Find out who’s doing what and from where on your network McAfee Network User Behavior Analysis (Securify) leverages existing network data for a real-time view of what users are doing on the network, helping prevent insider risk, simplifying PCI audit preparation, and reducing risk during network changes.
McAfee UTM Firewall
Integrated multifunction network security appliance for SMBs McAfee Unified Threat Management Firewall is a multifunction network security appliance that provides enterprise security features packaged and priced appropriately for small and medium-size businesses and remote offices.
Identify risk exposures and policy violations. Prioritize resources. Reduce risk.
Which threats and vulnerabilities require your attention? Which policies have been violated? Quickly and accurately find and prioritize vulnerabilities and violations on your networked systems with McAfee Vulnerability Manager. Meet PCI DSS quarterly scan requirements with McAfee PCI Certification Services. McAfee is a PCI Approved Scanning Vendor (ASV).
- Get the jump on business-critical threats: Defend and manage threats quickly, and remediate the most critical vulnerabilities first; incorporate countermeasures into your overall risk posture; respond when and where it matters most; and avoid unnecessary patches during a crisis
- Manage your resources more efficiently: Make your IT staff more effective by consolidating and automating your manual processes via a solution combining asset prioritization, threat correlation, vulnerability and policy assessment, security intelligence, and problem resolution
- Get enterprise-class protection: Scale up quickly and easily to protect any size network, including some of the premier enterprises and government agencies worldwide; flexible deployment options include appliance, software only (including virtualization support), or subscription services
- Create the reports you need: Generate customizable reports for any audience-from compliance officers to security analysts; obtain relevant and accurate data for policy audits, formatted for your purposes at either a high or detailed level
- Focus on the most relevant security alerts: Integrate with McAfee Network Security Manager (formerly McAfee IntruShield®) to reduce the volume of alerts down to only critical threats; reduce the amount of time it would normally take to analyze and respond to attacks
- Do more in less time with greater accuracy: Accurately identify operating systems via high speed scans so you don’t waste time and resources responding to false positives; create policy baseline templates from gold standard systems to eliminate the time spent developing and assigning values
- Get a true picture of your risk and policy compliance posture: Correlate new threats with existing asset and vulnerability data, and quantify risk levels; conduct agent-less policy compliance auditing without additional software or management consoles
- Priority-based, countermeasure-aware solution: Address significant vulnerabilities with a priority-based approach; import buffer overflow protection data from McAfee ePolicy Orchestrator® (ePO™) to reduce unnecessary patches; integrate with other McAfee products to fix policy violations, calculate risks, and prevent infractions
- Broad content checks: Receive updated vulnerability coverage 24/7 from McAfee Avert® Labs; authenticated checks help you delve deeper into operating systems and networking devices to find vulnerabilities and policy violations; uncover unmanaged wireless access points on your network
- New threat identification and correlation: Instantly see how emerging threats affect your current risk profile with Vulnerability Manager’s Threat Correlation module: Threat Correlation ranks the risk potential of new threats by correlating events to your asset and vulnerability data
- Policy auditing and compliance assessments: Capture, store, and report results of policy checks; with an easy-to-use wizard, define values of policy checks; accurately determine if you comply with leading regulations; you get specific templates for SOX, FISMA, HIPAA, PCI, and more
- Flexible reporting: Categorize data by asset or network; use a powerful set of filters to select and organize results in your reports; view the results of agent-less Microsoft Windows policy audits which include a compliance summary and details by host or policy
- Asset-based discovery, management, scanning, and reporting: Classify assets using detailed, flexible criteria and filters; classify reports by business unit; remediate only important systems; include or exclude hosts based on OS and other properties; scan by business function, asset value, owner, or location
- Asset synchronization: Configure multiple Lightweight Directory Access Protocol (LDAP) servers to import asset information, so that IT spends less time creating and grouping assets when running scans tect against network-based threats and policy violations that could harm users, data and networks
Threat Management System
Symantec DeepSight Threat Management System provides actionable intelligence covering the complete threat lifecycle—from initial vulnerability to active attack. The set-up wizard enables users to receive useful information about attacks and honeypot activity, as well as vulnerability, malicious code, domaine, spyware, and adware alerts within minutes of configuration. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack. Symantec also helps organizations mitigate and remove any security risks.
Reliable, credible security intelligence
The DeepSight Threat Management System delivers global intelligence from the world leader in information security. The system tracks comprehensive security data sources and expert research and analysis, and delivers reliable alerts and recommendations across the entire threat lifecycle—from vulnerability identification to patch availability.
DeepSight Threat Management System is powered by the Symantec Global Intelligence Network, a unique intelligence network consisting of millions of sensors worldwide. The network provides a global view of emerging security trends and critical events, combining complete vulnerability and lifecycle information in one service in order to clearly communicate threat evolution—from vulnerability and exploit code to attack and resolution.
Timely threat and attack notification
DeepSight Threat Management System reduces the time required to track and respond to security events by providing a single source for vulnerability and threat information, including mitigation guidance and links to security patches. The system allows organizations to customize automated delivery by threat severity, content type, and notification mechanism, including email, SMS, and voice. You can also specify alert recipients to ensure that the right people receive the right information in order to act quickly.
The reporting and database query capabilities within the DeepSight Threat Management System help organizations analyze and compare security event data with trends in their industry, with organizations of a similar size, and with events from similar geographic locations.
Security staff efficiency and productivity
The notifications provided by the Symantec DeepSight Threat Management System are tailored to your organization’s specific needs, based on your company’s unique IT infrastructure and characteristics. The system provides timely access to consolidated security intelligence—anywhere, anytime—to ease the burden of data collection and analysis and free security staff to concentrate on core competencies or other security concerns.
Leveraging Symantec’s expertise as the leader in information security, Symantec DeepSight Threat Management System supports rapid and effective action during security events. The system provides vulnerability information and mitigation recommendations, including links to software patches. And the setup wizard provides simple, rapid guidance to help tailor the system to deliver immediate benefits—from start to fully configured in minutes.