solsoft network security change management platform
play

Solsoft Network Security Change Management Platform Domenick - PowerPoint PPT Presentation

Solsoft Network Security Change Management Platform Domenick Lionetti VP Sales and Business Development AGENDA Todays Netw ork Security Challenges Compliance Issues Customer Use Cases Solsoft Products and Company Summary of Benefits Q


  1. Solsoft Network Security Change Management Platform Domenick Lionetti VP Sales and Business Development

  2. AGENDA Today’s Netw ork Security Challenges Compliance Issues Customer Use Cases Solsoft Products and Company Summary of Benefits Q & A

  3. Company Key industry partnerships • Cisco AVVI D/ Ecosystem Certified Partner • Juniper/ Netscreen Alliance Partner • Nortel Contivity Alliance • Check Point OPSEC • Internet Security Systems • Arc Sight, IBM (Micromuse, Guardednet), Network Intelligence, netforensics • OPSWARE • Computer Associates Developer Partner • HP WW Reseller and OpenView Platinum Partner

  4. History Background/ Focus • Solsoft Established in 1997 • Started workstation to Design ACL’s for Cisco Routers, now supports large multi-vendor networks • 4 th Generation Solution • Over 100 man-years in Product Development • US Headquarters in Mountain View, CA • Enterprise and Service Provider Markets • Oct 2006 Merged with Exaprotect

  5. A unique PDCA Security Management Cycle • Sec. policy design • Incident management • Simulation • Active/guided • Audit trail • remediation • Implement • Report/Audit Communicate • • Alert on sec. • Configure logging • Policy deviations • Spot configuration changes

  6. Our Two Solutions to meet Security Compliance (Security Rule Design and Monitoring) 1. « Solsoft Policy Server »: Network Security Policy and Configuration Management (FW, Router, Switch, IPS/IDS) - Solsoft SPM product - + new SPM features - + OS Updates, Restore, Full Config Management Features (Dec 2007) 2. Exaprotect SIEM : (Security Event Monitoring) - Exaprotect SMS product - + new SMS features - + new SPM features to do remediation

  7. Over 200 Customers Worldwide • Over 20 Fortune 500 • Johnson & Johnson, Visa International Turner Broadcasting, Occidental Petroleum, Veritas, Best Buy, Marsh, Johnson Controls, KeyBank, TD Ameritrade, APPLE Computer… • Service Providers and Telco’s • AT&T Solutions, ISS (IBM), Verizon (Totality group) Maxis Wireless, Vodafone, T-Mobile, TelePac, WIND, Telecom Italia, Hutchinson 3G, Telekom Austria, UMC, E-Plus, Colt, Bouygues, Proximus, Unisys • Government agencies • DOJ, US Army, Pentagon, US Postal Service Israel Defense Force, State of Oregon, State of Minnesota, OECD, German Ministry of Finance, State of Freiburg (CH), La Poste, URSSAF, French Army, INA, NASA, French Weather Service, … • Other Customers and Institutions • University of Chicago, University of Maryland, Harvard, Nasdaq, MD Anderson, Lidl, Renault, Intelsat, Hugo Boss, Alcatel, Total, …

  8. Solsoft Solution • Change Management Platform (provides a common platform for Enterprise and Service Providers to receive, track and implement security change requests across their network) • Network Security Compliance and Audit Reporting Engine (provides proof of compliance , creates detailed reports on who, what, when and why security changes were performed) Ensures that Corporate Security Policy is actually running on the Network • Intelligent Threat Mitigation/Remediation (understands impact of changes upon Network Security Policy, it virtualizes the impact of the rules prior to deployment) • Policy Engine: engine is flexible and can design Security Policy for multi-vendor security technologies such as routers, switches, Firewalls, IPS/IDS.

  9. Security Management Challenges Managem ent Cost to I ssues Organization Show Proof of SOX, I SO Fines and Penalties BS7 7 9 9 , PCI High Cost of Generating Com pliance, track and Audit and Com pliance I m plem ent Change Managem ent Requests Reports High Training and Must Understand all the Personnel Costs ( Require Devices w hich are I m pacted by Policy larger team s) Change Dam age from Netw ork and Application layer attacks Managing Expired Rules Must Have Experts on Must rem ain on Higher Multi-vendor Platform s Cost Netw ork Security Hard to Manage Multi- Platform s vendor Netw ork and Migrate to new Technology

  10. Customer Security Requirements • ISO and Payment Card Industry Data Security Standard (PCI) The audit item SS00.f019 listed the following requirements: 1. Ensure globally configurable rules are consistent among all firewalls 2. Ensure firewall management consolidation project is completed 3. Ensure a review process exists for installation of rule bases 4. Routinely review firewall security configurations 5. Review firewall accounts, client lists, and firewall rules on a regular basis 6. Ensure inappropriate firewall authentication methods are disabled 7. Ensure firewall rule creation, installation, and review processes are established 8. Ensure standard firewall management procedures are appropriately applied to all firewalls and are managed securely • In addition, ISO/PCI Requirements: A. Provide security and separation-of-duties oversight for firewalls using Policy Management, including review and change control processes B. Provide security and separation-of-duties oversight for routers using ACL’s, including review and change control processes

  11. Security Compliancy Requirements Common items that come up in an infrastructure audit include: • Only authorized personnel have access to security systems • Authorized personnel only have access to security systems and functions for which they have responsibility for (separation of duties) • All activity by authorized personnel as well as any security systems transactions are logged and identified with the responsible party and/or process • Ensure workflow and tracking process exists for the implementation, maintenance, and decommission of approved services • Insure security baseline standards are implemented on all systems • Ensure configuration consistency for security systems providing global services

  12. Open Security Management Platform Firew alls Business Requirem ents SOLSOFT POLI CY SERVER VPNs Security Audit Routers Vulnerability Assessm ent Sw itches Event Correlation • Solsoft Device SDK • Solsoft Policy Server API • New Device Integration Custom er Portals: Policy review or • Firewall, IPS, IDS autom ated change requests • VPN • Network monitors • Routers and Switches • Event Correlation / SIEM • Productized, used internally • OSS • Built-in tools + training and direct • Help desk system development support • In-house and Legacy • Certification program

  13. Adaptive Security Management I ntegration cases I n House Help Desk Business Enabling tracking new Requirem ents policy requests and apply SOLSOFT m odifications POLI CY SERVER I n House Audit Tools Verify Status of Security Verify status of applied Applied Policy Audit policies autom atically Autom atically SPS API Vulnerability Assessm ent Query Active Policy to perform Vulnerability Query Active Policy to Assessm ent better perform better vulnerability vulnerability risk analysis analyses Defensive SI M/ SEM Policy Change Defensive Policy Change ( shunning ports ( shunning ports and and addresses) addresses) ExaProtect Event SI M / SEM Correlation Get Policy inform ation to enhance correlation

  14. Solsoft Security Change Management • Translates Visual Security Policy into Multi-Vendor device-specific commands (Design via: Topology, Tabular and API Scripting) Example: Access Control Lists, Anti-spoofing, Fully Meshed IPsec VPN, Network Address Translation, Cluster and Virtual Systems Security Policy Design Complex Security Rules

  15. Device-Based vs. Policy Based ? Device-based Policy-based • Ensures consistent security policy throughout the network • Common Interface for management across multiple vendor technologies • Gains in efficiency, small team can manage more complex networks • Shortens Response time to Network and Application level attacks

  16. All Cisco Network Security Management VPN Concentrator Firew all Enabled Router Firew all Router ACLs Layer 3 Sw itch • Secure Method of rule creation (Deny All) • Automatically generates security rules for each device in the path • Device Independent • End-to-End Rule Enforcement

  17. Mixed Vendor Network Security Management Nortel Cisco Linux Linux Check Point NetScreen Nortel Intel / Shiva Astaro Symantec Cipheroptics Cisco Check Point Linux Net Filter ISS Proventia M

  18. Network and Security Collaboration • Client Server Based Architecture (Remote Change Management) • Granular Role Based Access • Policy Workflow Management

  19. Security Policy Version Control • All policy changes made are archived and users actions logged • Unlimited Roll-back of ANY configuration • Ability to Push out Pre-Defined Security Policy based on different threat level scenarios • Diff Function can show changes between Policy Versions

  20. Security Reporter: Search Engine Search for any rules in a few clicks for policies enforced on multiple firewalls All Rules that Expire this month All rules for Change Request number 12345 All rules allowing port 135 (i.e. Blaster port) All rules a specific source and destination Full complete search for not only rules but any object defined in Solsoft

Recommend


More recommend