9 SIEM 2010 v2
25
“There is nothing more important than our customers” A Division of Siemens Enterprise Communications GmbH & Co KG Sales Expert Advanced Solutions Module 3 – Security Information and Event Management
-
Upload
felipe2vilela -
Category
Documents
-
view
7 -
download
1
description
enterasys
Transcript of 9 SIEM 2010 v2
Slide 1A Division of Siemens Enterprise Communications GmbH &
Co KG
Sales Expert Advanced Solutions
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
SIEM Market
>80% of SIEM deployment projects are funded to close a compliance gap
EMEA and APAC focused primarily on external threat monitoring but compliance also a strong driver
Total 2010 revenue forecast to almost $1B
Excellent growth (16% average) projected from 2008-2013
Market Dynamics
2008 SIEM projects more narrow, tactical focus, “Phase 1 deployments”
Cisco MARS
No longer considered a viable SIEM product (Gartner, 10/29/09)
Enterasys SIEM, positioned as the master of the other SIEMs can provide a smooth, transition for migrating from Cisco MARS.
Sources: IDC, Gartner
IDC data, Worldwide Security and Vulnerability Management 2009-2013 Forecast and 2008 Vendor Shares,” Charles Kolodgy, October 2009.
Gartner Magic Quadrant for Security Information and Event Management, May 29, 2009.
Cisco has recently confirmed that it will not be adding support for new third-party devices to MARS and there is speculation about what this decision implies about Cisco’s commitment to this product. (See NetworkWorld, Messmer, Ellen, “Cisco MARS shuts out new third-party security devices,” 11/06/09 http://www.networkworld.com/news/2009/110609-cisco-mars.html )
Gartner Research, 10/29/09, “Findings: Cisco MARS Is Becoming Less Viable as a
General SIEM Solution” Mark Nicolett
“Cisco's recent decision to freeze MARS support for non-Cisco event sources marks the beginning of the end of MARS as a viable security information and event management (SIEM) technology. Organizations that need support for non-Cisco event sources should plan to move to a viable SIEM solution.”
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Signature Based
Threat Detection
Anomaly Based
Behavior Based
Network attacks
Intrusion Prevention Systems
(Host and Network-based)
Compares traffic against library of known threats = signatures
Establishes performance baselines (apps. protocols, networks, individuals/devices) & monitors for anomalies
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Security Threat Detection
*
Let’s take a closer look at the vulnerability we typically see within present day infrastructures. This is really the “before” picture…. before our customers deploy our Secure Networks.
The traditional approach to securing the infrastructure has been to apply perimeter security in as many places as possible, mostly in response to a specific threat.
Personal firewall and antivirus technology is a good measure to protect the edge, but it is optional, meaning that any end user can turn it off—causing an impact on the network and other users even if their firewall and antivirus software is running.
Firewalls are good when there is a clear demarcation point between a threat and an asset (e.g., between the Internet and the enterprise). But they cannot address threats that are internal, pervasive or mobile.
IDS is another good technology for detecting anomalies in the network. (Enterasys has one of the leading IDS on the market with Enterasys. ) However, an IDS generally sits in the core, and can’t determine the exact origination of a threat, nor can it actually do anything about the problem.
VPNs have been categorized as security technologies, but in reality they’re just protecting a session across the infrastructure, and are really just a logical interface.
There is still a gaping hole because the network itself is not an active participant in the overall security architecture. These technologies on their own are not granular or pervasive enough to address the entire problem.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Security Information Overload
What is not?
*
Let’s take a closer look at the vulnerability we typically see within present day infrastructures. This is really the “before” picture…. before our customers deploy our Secure Networks.
The traditional approach to securing the infrastructure has been to apply perimeter security in as many places as possible, mostly in response to a specific threat.
Personal firewall and antivirus technology is a good measure to protect the edge, but it is optional, meaning that any end user can turn it off—causing an impact on the network and other users even if their firewall and antivirus software is running.
Firewalls are good when there is a clear demarcation point between a threat and an asset (e.g., between the Internet and the enterprise). But they cannot address threats that are internal, pervasive or mobile.
IDS is another good technology for detecting anomalies in the network. (Enterasys has one of the leading IDS on the market with Enterasys. ) However, an IDS generally sits in the core, and can’t determine the exact origination of a threat, nor can it actually do anything about the problem.
VPNs have been categorized as security technologies, but in reality they’re just protecting a session across the infrastructure, and are really just a logical interface.
There is still a gaping hole because the network itself is not an active participant in the overall security architecture. These technologies on their own are not granular or pervasive enough to address the entire problem.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Security Information Overload
Compliance Monitoring & Reporting
Threat Monitoring, Detection,
*
Let’s take a closer look at the vulnerability we typically see within present day infrastructures. This is really the “before” picture…. before our customers deploy our Secure Networks.
The traditional approach to securing the infrastructure has been to apply perimeter security in as many places as possible, mostly in response to a specific threat.
Personal firewall and antivirus technology is a good measure to protect the edge, but it is optional, meaning that any end user can turn it off—causing an impact on the network and other users even if their firewall and antivirus software is running.
Firewalls are good when there is a clear demarcation point between a threat and an asset (e.g., between the Internet and the enterprise). But they cannot address threats that are internal, pervasive or mobile.
IDS is another good technology for detecting anomalies in the network. (Enterasys has one of the leading IDS on the market with Enterasys. ) However, an IDS generally sits in the core, and can’t determine the exact origination of a threat, nor can it actually do anything about the problem.
VPNs have been categorized as security technologies, but in reality they’re just protecting a session across the infrastructure, and are really just a logical interface.
There is still a gaping hole because the network itself is not an active participant in the overall security architecture. These technologies on their own are not granular or pervasive enough to address the entire problem.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Enterasys SIEM Value Proposition
Quick time to Value
Flexible Phased Deployments
Reduces the overload of network security events to a manageable, prioritized view of the network
Empowers security administrators to take control of security event information
Deliver security and compliance reports aligned with the goals of the organization
Prioritize evidence of malicious behavior into practical steps for remediation
Open interoperability with third-party devices and the Enterasys Automated Security Manager for enhanced remediation
*
*
*
*
Dragon Security Command Console is a Security Information and Event Manager (SIEM) that combines best of breed detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Dragon Security Command Console delivers actionable information to effectively manage the security posture for the largest organizations.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Enterasys SIEM Solves Information Overload
Delivers threat management, log management, compliance reporting and increased operational efficiency
Collects and combines network activity data, security events, logs, vulnerability data and external threat data into a powerful management dashboard
Intelligently correlates, normalizes and prioritizes—greatly improving remediation and response times, and greatly enhancing the effectiveness of IT staff
Baselines normal network behavior by collecting, analyzing and aggregating network flows from a broad range of networking and security appliances
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Complete Visibility with Powerful Dashboard
*
*
*
Dragon Security Command Console is a Security Information and Event Manager (SIEM) that combines best of breed detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Dragon Security Command Console delivers actionable information to effectively manage the security posture for the largest organizations.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Compliance Enablement
Reports: Enterasys SIEM offers a robust reporting engine providing users with the capability to quickly and easily create customized reports for the critical business assets essential to compliance
Reports can be created for any portion of the network and most any measure taken by the SIEM
Default compliance-focused reports and rules are based on industry control frameworks applied to specific regulations
Enterasys SIEM provides critical and detailed compliance reporting
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
SIEM Base Unit
Enterasys SIEM Components
***Flow support for existing NetFlow, sFlow, cFlowd, jFlow, or QFlow from the Behavioral Flow Sensor. A Behavioral Flow Sensor is required to collect flows and forward to SIEM. Since NetFlow is unidirectional, the device can support about 1 ½ times what is listed in the license.
Flow Collectors
Distribute flow collection throughout the environment
*
*
Note: A Behavioral Flow Sensor is required to pass flows into the system. This is required for QFlows as well as existing 3rd party flows.
The flows per minute specified refer to bi-directional flows.
NetFlows are unidirectional flows. So, if you are using NetFlow, a good rule of thumb is to use a factor of 1.5 such that a license supporting 200K bi-direction flows/min will support 300K NetFlows/Min. It may be as high as 400K NetFlows/Min but 300 is safe.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Enterasys SIEM Key Differentiators
Real-time view any asset within the network
Intergrates/correlates information from widest array of 3rd party devices
Built-in Scalable Network Behavior Anomaly Detection system
Group and weight asset priority to quantify/qualify security event’s risk
Custom data store eliminates the need for secondary software costs and ongoing maintenance
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Log Management
Gartner, Magic Quadrant for Security Information and Event Management, 5/29/09.
Cisco has recently confirmed that it will not be adding support for new third-party devices to MARS and there is speculation about what this decision implies about Cisco’s commitment to this product. (See NetworkWorld, Messmer, Ellen, “Cisco MARS shuts out new third-party security devices,” 11/06/09 http://www.networkworld.com/news/2009/110609-cisco-mars.html )
Gartner Research, 10/29/09, “Findings: Cisco MARS Is Becoming Less Viable as a
General SIEM Solution” Mark Nicolett
“Cisco's recent decision to freeze MARS support for non-Cisco event sources marks the beginning of the end of MARS as a viable security information and event management (SIEM) technology. Organizations that need support for non-Cisco event sources should plan to move to a viable SIEM solution.”
*
Strong
Weak
· Disjoint solutions for log and threat management · Limited Flow support · No NBAD
Strong
No
Compliance Management
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Questions That Keep You Up At Night
How do you monitor risk to assets that are critical to your regulatory and corporate compliance mandates?
Can you viewe status of these assets and their vulnerability in real-time?
Can you monitor the compliance control elements necessary for auditors and compliance?
Can you provide the reports necessary to satisfy compliance?
Do you have the security/IT staff required to satisfy compliance requirements?
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
*
*
Monitoring control framework
Reporting specific to regulations
Security Event Correlation:
Firewalls, IDS, IPS, AV, Netflow, Sflow, vulnerability tools, syslog
Most advanced data reduction in the industry
Tolly test Cisco MARS vs. Enterasys SIEM
Supports response and remediation
User or device behavior
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
© 2009 Enterasys Networks, Inc. All rights reserved.
“There is nothing more important than our customers”
*
Sales Expert Advanced Solutions
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
SIEM Market
>80% of SIEM deployment projects are funded to close a compliance gap
EMEA and APAC focused primarily on external threat monitoring but compliance also a strong driver
Total 2010 revenue forecast to almost $1B
Excellent growth (16% average) projected from 2008-2013
Market Dynamics
2008 SIEM projects more narrow, tactical focus, “Phase 1 deployments”
Cisco MARS
No longer considered a viable SIEM product (Gartner, 10/29/09)
Enterasys SIEM, positioned as the master of the other SIEMs can provide a smooth, transition for migrating from Cisco MARS.
Sources: IDC, Gartner
IDC data, Worldwide Security and Vulnerability Management 2009-2013 Forecast and 2008 Vendor Shares,” Charles Kolodgy, October 2009.
Gartner Magic Quadrant for Security Information and Event Management, May 29, 2009.
Cisco has recently confirmed that it will not be adding support for new third-party devices to MARS and there is speculation about what this decision implies about Cisco’s commitment to this product. (See NetworkWorld, Messmer, Ellen, “Cisco MARS shuts out new third-party security devices,” 11/06/09 http://www.networkworld.com/news/2009/110609-cisco-mars.html )
Gartner Research, 10/29/09, “Findings: Cisco MARS Is Becoming Less Viable as a
General SIEM Solution” Mark Nicolett
“Cisco's recent decision to freeze MARS support for non-Cisco event sources marks the beginning of the end of MARS as a viable security information and event management (SIEM) technology. Organizations that need support for non-Cisco event sources should plan to move to a viable SIEM solution.”
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Signature Based
Threat Detection
Anomaly Based
Behavior Based
Network attacks
Intrusion Prevention Systems
(Host and Network-based)
Compares traffic against library of known threats = signatures
Establishes performance baselines (apps. protocols, networks, individuals/devices) & monitors for anomalies
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Security Threat Detection
*
Let’s take a closer look at the vulnerability we typically see within present day infrastructures. This is really the “before” picture…. before our customers deploy our Secure Networks.
The traditional approach to securing the infrastructure has been to apply perimeter security in as many places as possible, mostly in response to a specific threat.
Personal firewall and antivirus technology is a good measure to protect the edge, but it is optional, meaning that any end user can turn it off—causing an impact on the network and other users even if their firewall and antivirus software is running.
Firewalls are good when there is a clear demarcation point between a threat and an asset (e.g., between the Internet and the enterprise). But they cannot address threats that are internal, pervasive or mobile.
IDS is another good technology for detecting anomalies in the network. (Enterasys has one of the leading IDS on the market with Enterasys. ) However, an IDS generally sits in the core, and can’t determine the exact origination of a threat, nor can it actually do anything about the problem.
VPNs have been categorized as security technologies, but in reality they’re just protecting a session across the infrastructure, and are really just a logical interface.
There is still a gaping hole because the network itself is not an active participant in the overall security architecture. These technologies on their own are not granular or pervasive enough to address the entire problem.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Security Information Overload
What is not?
*
Let’s take a closer look at the vulnerability we typically see within present day infrastructures. This is really the “before” picture…. before our customers deploy our Secure Networks.
The traditional approach to securing the infrastructure has been to apply perimeter security in as many places as possible, mostly in response to a specific threat.
Personal firewall and antivirus technology is a good measure to protect the edge, but it is optional, meaning that any end user can turn it off—causing an impact on the network and other users even if their firewall and antivirus software is running.
Firewalls are good when there is a clear demarcation point between a threat and an asset (e.g., between the Internet and the enterprise). But they cannot address threats that are internal, pervasive or mobile.
IDS is another good technology for detecting anomalies in the network. (Enterasys has one of the leading IDS on the market with Enterasys. ) However, an IDS generally sits in the core, and can’t determine the exact origination of a threat, nor can it actually do anything about the problem.
VPNs have been categorized as security technologies, but in reality they’re just protecting a session across the infrastructure, and are really just a logical interface.
There is still a gaping hole because the network itself is not an active participant in the overall security architecture. These technologies on their own are not granular or pervasive enough to address the entire problem.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Security Information Overload
Compliance Monitoring & Reporting
Threat Monitoring, Detection,
*
Let’s take a closer look at the vulnerability we typically see within present day infrastructures. This is really the “before” picture…. before our customers deploy our Secure Networks.
The traditional approach to securing the infrastructure has been to apply perimeter security in as many places as possible, mostly in response to a specific threat.
Personal firewall and antivirus technology is a good measure to protect the edge, but it is optional, meaning that any end user can turn it off—causing an impact on the network and other users even if their firewall and antivirus software is running.
Firewalls are good when there is a clear demarcation point between a threat and an asset (e.g., between the Internet and the enterprise). But they cannot address threats that are internal, pervasive or mobile.
IDS is another good technology for detecting anomalies in the network. (Enterasys has one of the leading IDS on the market with Enterasys. ) However, an IDS generally sits in the core, and can’t determine the exact origination of a threat, nor can it actually do anything about the problem.
VPNs have been categorized as security technologies, but in reality they’re just protecting a session across the infrastructure, and are really just a logical interface.
There is still a gaping hole because the network itself is not an active participant in the overall security architecture. These technologies on their own are not granular or pervasive enough to address the entire problem.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Enterasys SIEM Value Proposition
Quick time to Value
Flexible Phased Deployments
Reduces the overload of network security events to a manageable, prioritized view of the network
Empowers security administrators to take control of security event information
Deliver security and compliance reports aligned with the goals of the organization
Prioritize evidence of malicious behavior into practical steps for remediation
Open interoperability with third-party devices and the Enterasys Automated Security Manager for enhanced remediation
*
*
*
*
Dragon Security Command Console is a Security Information and Event Manager (SIEM) that combines best of breed detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Dragon Security Command Console delivers actionable information to effectively manage the security posture for the largest organizations.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Enterasys SIEM Solves Information Overload
Delivers threat management, log management, compliance reporting and increased operational efficiency
Collects and combines network activity data, security events, logs, vulnerability data and external threat data into a powerful management dashboard
Intelligently correlates, normalizes and prioritizes—greatly improving remediation and response times, and greatly enhancing the effectiveness of IT staff
Baselines normal network behavior by collecting, analyzing and aggregating network flows from a broad range of networking and security appliances
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Complete Visibility with Powerful Dashboard
*
*
*
Dragon Security Command Console is a Security Information and Event Manager (SIEM) that combines best of breed detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Dragon Security Command Console delivers actionable information to effectively manage the security posture for the largest organizations.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Compliance Enablement
Reports: Enterasys SIEM offers a robust reporting engine providing users with the capability to quickly and easily create customized reports for the critical business assets essential to compliance
Reports can be created for any portion of the network and most any measure taken by the SIEM
Default compliance-focused reports and rules are based on industry control frameworks applied to specific regulations
Enterasys SIEM provides critical and detailed compliance reporting
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
SIEM Base Unit
Enterasys SIEM Components
***Flow support for existing NetFlow, sFlow, cFlowd, jFlow, or QFlow from the Behavioral Flow Sensor. A Behavioral Flow Sensor is required to collect flows and forward to SIEM. Since NetFlow is unidirectional, the device can support about 1 ½ times what is listed in the license.
Flow Collectors
Distribute flow collection throughout the environment
*
*
Note: A Behavioral Flow Sensor is required to pass flows into the system. This is required for QFlows as well as existing 3rd party flows.
The flows per minute specified refer to bi-directional flows.
NetFlows are unidirectional flows. So, if you are using NetFlow, a good rule of thumb is to use a factor of 1.5 such that a license supporting 200K bi-direction flows/min will support 300K NetFlows/Min. It may be as high as 400K NetFlows/Min but 300 is safe.
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Enterasys SIEM Key Differentiators
Real-time view any asset within the network
Intergrates/correlates information from widest array of 3rd party devices
Built-in Scalable Network Behavior Anomaly Detection system
Group and weight asset priority to quantify/qualify security event’s risk
Custom data store eliminates the need for secondary software costs and ongoing maintenance
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Log Management
Gartner, Magic Quadrant for Security Information and Event Management, 5/29/09.
Cisco has recently confirmed that it will not be adding support for new third-party devices to MARS and there is speculation about what this decision implies about Cisco’s commitment to this product. (See NetworkWorld, Messmer, Ellen, “Cisco MARS shuts out new third-party security devices,” 11/06/09 http://www.networkworld.com/news/2009/110609-cisco-mars.html )
Gartner Research, 10/29/09, “Findings: Cisco MARS Is Becoming Less Viable as a
General SIEM Solution” Mark Nicolett
“Cisco's recent decision to freeze MARS support for non-Cisco event sources marks the beginning of the end of MARS as a viable security information and event management (SIEM) technology. Organizations that need support for non-Cisco event sources should plan to move to a viable SIEM solution.”
*
Strong
Weak
· Disjoint solutions for log and threat management · Limited Flow support · No NBAD
Strong
No
Compliance Management
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Questions That Keep You Up At Night
How do you monitor risk to assets that are critical to your regulatory and corporate compliance mandates?
Can you viewe status of these assets and their vulnerability in real-time?
Can you monitor the compliance control elements necessary for auditors and compliance?
Can you provide the reports necessary to satisfy compliance?
Do you have the security/IT staff required to satisfy compliance requirements?
*
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
Agenda
Sales Tools and Resources
*
*
Monitoring control framework
Reporting specific to regulations
Security Event Correlation:
Firewalls, IDS, IPS, AV, Netflow, Sflow, vulnerability tools, syslog
Most advanced data reduction in the industry
Tolly test Cisco MARS vs. Enterasys SIEM
Supports response and remediation
User or device behavior
*
© 2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All rights reserved.
© 2009 Enterasys Networks, Inc. All rights reserved.
“There is nothing more important than our customers”
*
