logging in or signing up Citadel 4 MI 125537 7 Brainy007 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 107 Category: Entertainment License: All Rights Reserved Like it (2) Dislike it (0) Added: August 23, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript State of MichiganHorizon PresentationCitadel Security Software : State of Michigan Horizon Presentation Citadel Security Software Tom Bossie Director State / Local Government Higher Education May 19th, 2005 Lansing, MI Vulnerability Statistics: Vulnerability Statistics Approximately 10 vulnerabilities per day are discovered and made public 18.78% are Highly Critical 36.6% are Moderately 37.49% are Less 7.13% are Not Critical The difference is whether a vulnerability has an identified exploit or a suspected exploit Vulnerability Statistics: Vulnerability Statistics 70.7% of all attacks are initiated remotely 11.4% of all attacks are initiated from the local network 17.89% are initiated from the local machine 27% of all attacks are to gain system access 21% are Denial of Service attacks 12% are privilege escalation attacks 17% seek to expose sensitive or system level information Source: http://www.secunia.org/advisory_statistics Illustrating the Risk: Illustrating the Risk Some spyware is suspected of sending captured data to North Korean intelligence agency servers North Korean government is suspected of selling data to criminals and organizing Denial of Service Attacks South Korea’s Defense Ministry claims North Korea has an aggressive hacker training program that includes five years of university training Source: http://www.nwfusion.com/reviews/2004/121304rev.html Slide5: WHAT IS THE MOST EFFECTIVE STRATEGY TO TRANSFORM AND TRANSITION STATE GOVERNMENT FROM CURRENT CULTURAL AND OPERATIONAL PRACTICES TO ONE OF MORE CROSS-AGENCY COLLABORATION, COMMUNICATION, AND COOPERATION…IN ORDER TO ACHIEVE A MORE EFFICIENT DELIVERY OF MISSION CRITICAL RESULTS…AND TO IMPROVE CUSTOMER SERVICE…BOTH INTERNALLY AND EXTERNALLY…? Citadel’s Hercules: HOW DO WE PROTECT THE INFORMATION THAT IS GATHERED, STORED, AND SHARED WHILE SECURING THE NETWORK AND COMPUTING ASSETS THAT SUPPORT THE OPERATIONS AND ACTIVITIES OF THE VARIOUS AGENCIES AND DEPARTMENTS OF STATE GOVERNMENT…? Citadel’s Hercules Enterprise Vulnerability Management: Enterprise Vulnerability Management Citadel Addresses all Classes of Vulnerabilities: Citadel Addresses all Classes of Vulnerabilities Unsecured Accounts Accounts with no PW, no PW expiration, known vendor supplied PW, ... Unnecessary Services Telnet, KaZaa, other P2P, rsh, echo, chargen, ... Backdoors MyDoom.A, W32.Beagle.I@mm, NETBUS, BACKORIFICE, SUBSEVEN, … Mis-configurations Netbios shares, Anonymous FTP world read/write, hosts.equiv, … Software Defects Buffer overruns, RPC-DCOM, SQL Injection, ... Patch Management Microsoft UNIX Linux Citadel Overview: Citadel Overview Citadel Security Software: Citadel Security Software Leading provider of security solutions that: Manage Information Security Risk Reduce Cyber Security Threats Enforce Policy Compliance Hercules Suite includes: Compliance Manager Remediation Manager AssetGuard : Inventory and Risk Management ConnectGuard : Endpoint Security Enterprise Reporting SecurePC : Desktop Security NetOff : Network Security Leadership in the Security Industry: Leadership in the Security Industry Cyber Security Industry Alliance Advocacy group dedicated to the improvement of cyber security through public policy, education and technically-focused initiatives OVAL (Open Vulnerability Assessment Language) Carl Banzhof – Board Member since 2002 Kent Landfield – Board Member since 2004 CVE (Common Vulnerabilities andamp; Exposures) Standard Staff Member on the Editorial Board Hercules utilizes CVE coding structures OASIS Application Vulnerability Description Language Standard Web Application Security XML (WAS) Technical Committee Federal / State Customers: Federal / State Customers Organized Crime Task Force Defense Information Systems Agency (DISA): Defense Information Systems Agency (DISA) Announced October 5th, 2004, Hercules is being implemented worldwide (in excess of 3M seats) across the Department of Defense (DOD) Combatant Commands, Intelligence Community, Armed Services and DoD agencies, Coast Guard, National Guard and Reserves. Defense Information Systems Agency: Defense Information Systems Agency Reasons why DoD selected Citadel: When evaluated against all competition, the closest competitor achieved only 40% of Citadel’s capability. Demonstrated that vulnerability remediation is significantly more that patch management. Through their own analysis, it was determined that 80% of their risk exposure surfaced from unsecured accounts and unnecessary services. A United States Air Force Base ROE Calculation : A United States Air Force Base ROE Calculation Scanned 104 devices, 5,821 vulnerabilities were identified (a small percentage were software patch related, the rest were backdoors, mis-configurations, unnecessary services, and unsecured accounts). USAF took a conservative estimation of 15 minutes to fix 1 vulnerability. Total time estimated for manual remediation effort is 1455 hours. Our solution remediated all 5,821 vulnerabilities in 23 minutes. Some Commercial Customers: Some Commercial Customers Our Partnerships: Our Partnerships Recent Awards: Recent Awards Best Security Management Solution US Excellence Award 'Best Government Solution' Hercules named a winner in eWEEK's Fifth Annual Excellence Awards (2005) program, in the Vulnerability Assessment and Remediation category. Citadel CTO Carl Banzhof named to the Top 25 CTOs. Organizational Business Drivers: Organizational Business Drivers Typical business drivers: Typical business drivers Reduce Business Risk Protect data confidential and sensitive information Maintain service level continuity and technology availability Drive Cost Efficiencies Minimize loss associated with security exploits Automate manual protection processes Establish consistent enterprise-wide processes Realize a rapid ROI on solutions and services Demonstrate Compliance Comply with current or future government legislation and mandates (Gramm-Leach-Bliley, Sarbanes-Oxley, FISMA, HIPAA, etc.) Reduce organizational and public liability Risk Management Challenges: Risk Management Challenges You are at WAR against an increasing volume, frequency and complexity of security threats Organizations are losing REAL information and it cost a lot of money Security is no longer just worms and viruses causing occasional business disruption, it is evolving rapidly into a significant matter personal exposure, national security and economic stability Keeping up with latest threats: Keeping up with latest threats Most organizations resources and manual processes don’t cut it! Increasing number of threats and vulnerabilities Decreasing time to exploit Little corresponding increase in IT resources CERT/CC CERT/CC, Microsoft, SANS Cost Coordination / Control Challenges: Cost Coordination / Control Challenges Inconsistent application of efficient security process across the enterprise Point tools result in incomplete, fragmented security enforcement Current manual processes are inefficient, duplicate and error-prone Lack of coordination across organizational boundaries and responsibilities I Want I Have I Get A secure enterprise with vulnerability mgmt. and reporting Lots of disparate GUIs and reports Compliance Management Challenges: Compliance Management Challenges Difficulties providing timely, accurate evidence that you are secure and compliant Cohesive reporting on enterprise security status Incomplete coverage Inconsistent formats Insufficient depth Translating written security policy into enforceable action Preparing for dynamic audit assessments andamp; requirements Enforcing policy across complex, widely-distributed networks Securing mobile and rogue devices that puncture the perimeter Compliance Drivers: Compliance Drivers Sarbanes-Oxley Act Gramm-Leach-Bliley Act (GLBA) California SB-1386 Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry (PCI) Data Security Standard ISO17799 Basel II Clinger-Cohen Act Presidential Decision Directive 63, Protecting America's Critical Infrastructures Federal Information Security Management Act (FISMA) Security Standards for Electric Market Participants, Federal Energy Regulation Commission (FERC) Cyber Security Standard 1200, North American Electric Reliability Council (NERC) Citadel Solutions to Secure the State: Citadel Solutions to Secure the State Citadel Enterprise Vulnerability Management : Citadel Enterprise Vulnerability Management Identify: Identify Identify – Establishing a Baseline: Identify – Establishing a Baseline Identify what you have and what you want Asset baseline Device discovery Device Security Inventory NetBIOS Ports Services User groups / accounts Software (Peregrine Project data coordination) Security configuration baseline Policy Identification / Creation Out of the box experience – Wizard or Power User: Out of the box experience – Wizard or Power User Slide31: Wizard Slide32: Wizard Slide33: Wizard Assess: Assess Assess – Find the Problems: Assess – Find the Problems Find Policy Violations Automated compliance audit (Top-down) Enforce policy compliance Find Vulnerabilities Existing in your environment (Bottom-up) Vulnerability assessment Scan network (x) Import Aggregate In the wild (Targeted) Vulnerability notification and advisory Decide What to Do Visualization Risk prioritization Vulnerability severity Asset business value Asset technical value Policy and Configuration Compliance: Policy and Configuration Compliance Overview Targets the security group Within many organizations there is a separation of work between the Security and IT personnel. Security personnel often don’t have the authority to make changes to the systems in the enterprise. By providing a compliance only mode of operation, security personnel will be able to audit the state of their organization’s systems with out actually modifying these systems. Feature Set Check the compliance of devices against a known set of parameters. Compliance only will be the default mode. Remediation will be licensed as an add-on feature Compliance Only mode The user may perform all tasks now available on a Hercules Server except the Hercules Agent will not do an actual remediation of its device. It will instead perform the compliance portion of the remediation. Full Remediation mode The user can choose to run a Remediation, Policy Enforcement or Action Pack in 'Compliance Only' mode or 'Remediation' mode. Operational dashboards: Operational dashboards Access-anywhere, Customizable Dashboard Operational Dashboards : Operational Dashboards The Power of AssetGuard: The Power of AssetGuard Detailed queries leveraging AssetGuard device data can rapidly pinpoint known vulnerable devices Citadel delivers ActionPacks using AssetGuard data to rapidly deploy hot patches and mitigate IT security configuration issues. Risk Rating: Risk Rating Overview The value of hardware and software assets across an enterprise varies according to their usage, whether by the service(s) they provide, by the group(s) that they support, etc. In addition, some assets are inherently more susceptible and vulnerable to attack. This feature will automatically calculate a device’s risk rating based on several factors and display the risk graphically to the user. The data used in the calculations will be supplied by Citadel, with the user also being able to input custom data. This feature will be licensed separately. Feature Set Device Risk Value Determined by business impact, vulnerabilities, and technical asset value. Displayed graphically (ie. high, medium, low) Device summary list as a column on the Manage Devices page Security Posture Display Dashboard Device Group Risk Value The values for all devices within a particular Device Group will be rolled up (through a similar algorithm) to derive a risk value at the Device Group level. A business impact rating may be applied at the group level to adjust the sensitivity of the overall Group rating. Risk Rating Algorithm: Risk Rating Algorithm Comprised of Technical Asset Rating (A) Vulnerability Rating (V) User defined Business Impact Rating (B) Formula DeviceRisk = A * V * B GroupRisk = ∑ DeviceRisk * B Enforce: Enforce Enforce – Fix the Problems: Enforce – Fix the Problems Policy Enforcement Define asset baseline Define security baseline Enforce IT security configuration Scan and Remediate Assess vulnerability state Remediate detected vulnerabilities Near Day Mitigation New, critical vulnerabilities Key assets Eliminate Existing Vulnerabilities Resolve Policy Exceptions Neutralize the Latest Threats Policy Enforcement – Compliance Check : Policy Enforcement – Compliance Check 'Compliance Check' mode of operation, security personnel will be able to audit the state of their organization’s systems with out actually modifying these systems. Hercules Policy Compliance provides a comprehensive policy and configuration assessment process to mitigate risk and ensure compliance with security policies, government regulations and industry standards. Hercules Policy Templates: Hercules Policy Templates Consistently audit and enforce security policy across the enterprise Supports multiple operating systems Scheduled or on-demand enforcement Tailor to your requirements and internal environment Share consistent policy Detailed compliance assessment Password settings, account privileges, event logs, audit settings, files, services, legal notices, etc. Brings non-compliant devices back into compliance Extend Enforcement to Endpoint Devices (Remote computing environment): Extend Enforcement to Endpoint Devices (Remote computing environment) Host-based quarantine and remediation solution Protection for disconnected devices (laptops, desktops, servers) Prevents un-trusted devices that have been off the network from gaining access to the network until remediated Delivers the fastest path to connectivity and productivity 'The consistent sanitization of infected endpoint devices and enforcement of security and configuration polices before reconnecting to the network is critical to ensuring the security of enterprise networks.' - The Meta Group End Point Security: End Point Security Capabilities of ConnectGuard ConnectGuard blocks a client from communicating with the network when it is first powered up. The Hercules Client will then contact its Hercules Server, and apply appropriate remedies and policy settings before being allowed on to the network. Cisco NAC Support: Cisco NAC Support Overview Network Admission Control (NAC) is an industry-wide initiative that provides for endpoint network security All endpoint devices seeking network admission are validated for their credentials and compliance with established security policies before being granted access NAC architecture allows Hercules to integrate the credential validation and policy enforcements of devices that seek access to the network into the framework A Hercules NAP enforcement can be implemented with either ConnectGuard or NAC Benefit Flexible solution for enterprise Network Access Control Cisco NAC: Cisco NAC Scan and Remediate (Bottom-up): Scan and Remediate (Bottom-up) Near Day Mitigation (Targeted): Near Day Mitigation (Targeted) Actionable asset intelligence Immediately identify and remediate vulnerabilities on key assets Asset Inventory Asset Query ActionPacks Empowers policy enforcement and remediation Compiled from CERT, SANS and Microsoft websites Maintain and Report: Maintain and Report Security posture interactive displays: Security posture interactive displays Security Risk posture risk quotient : Security Risk posture risk quotient Assists in Security Decisions Enterprise Risk Reporting: Enterprise Risk Reporting What is being done to mitigate risk: What is being done to mitigate risk Audit and Compliance Reporting: Audit and Compliance Reporting Most significant threats reporting: Most significant threats reporting Slide59: Enterprise / Departmental Reporting Enterprise Reporting: Enterprise Reporting Overview Three levels of reporting: Base reporting – reports that go with every Hercules offering Hercules server reporting – separately includes additional reports and the reporting schema is documented Hercules enterprise reporting – separately includes all functionality of Hercules server reporting plus the ability to Departmentalize and provide rollup reporting for many organizational entities Benefit Report on the state of security across the enterprise Management Reports: Management Reports Executive Review Report – Shows risk assessment, vulnerability exposure, device status, and action plan. Compliance Report - Shows the overall compliance of all devices that are in the managed Hercules network. Policy Compliance Report – Shows device compliance on a per-policy basis. Device Status Report – Shows device status, inventory, ConnectGuard, and Heartbeat sections. Remediation Status Report – Shows feedback from a scheduled remediation. Vulnerability Trend report – Shows trends in the number of threatening vulnerabilities. Compliance Trend Report – Shows trends in the number of devices compliant for remediations, policy enforcements, and action packs. Policy Compliance Trend report – Shows trends in the number of compliant devices for policies. Device Status Trend – Shows device coverage by the Hercules managed network over time. Risk Trend Report – Shows trends in the risk assessment for devices. Inventory Differential – Shows the delta between baseline, historical, and current inventory data. Do Not Fix Report – Shows vulnerabilities that have been marked for 'Do Not Fix'. Device Vulnerabilities Distinct Vulnerability by Import Session Recurring Vulnerabilities Remediation History Vulnerability and manual Fix Vulnerability Comparison by Date-Group Return on Investment (ROI) User Roles by Role Differential report Hercules Reports: Hercules Reports Executive Review – Vulnerabilities: Executive Review – Vulnerabilities Executive Review - Devices: Executive Review - Devices Executive Review – Action Summary: Executive Review – Action Summary Summary Hercules Advantages: Summary Hercules Advantages The MOST Remedies: The MOST Remedies 20,000 + Remedies Thank You! Tom Bossie: Thank You! Tom Bossie Questions? Phone: (678) 578.2442 Web: www.citadel.com Email: tbossie@citadel.com What Hercules Delivers: What Hercules Delivers - Manage IT risk under one roof A consistent enterprise business process solution - Extend the capabilities of your security team Get more done in less time with less effort - Matches the scope of your IT security policy Eliminate vulnerabilities before they’re exploited - Thorough auditing, remediation and reporting Provides timely, accurate evidence that you are secure and compliant Makes existing security technologies more effective - Manages what you manage Closes the gaps in security coverage - Improves utilization of resources Rapid ROI Drives cost efficiencies Consistent enterprise remediation Hercules AVR Technology: Hercules AVR Technology World’s largest repository of over 20,000 tested, signature remedies Remediation intelligence Actionable remedies– not manual steps Controlled automation Pre-remediation compliance checks and policy enforcement You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Citadel 4 MI 125537 7 Brainy007 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 107 Category: Entertainment License: All Rights Reserved Like it (2) Dislike it (0) Added: August 23, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript State of MichiganHorizon PresentationCitadel Security Software : State of Michigan Horizon Presentation Citadel Security Software Tom Bossie Director State / Local Government Higher Education May 19th, 2005 Lansing, MI Vulnerability Statistics: Vulnerability Statistics Approximately 10 vulnerabilities per day are discovered and made public 18.78% are Highly Critical 36.6% are Moderately 37.49% are Less 7.13% are Not Critical The difference is whether a vulnerability has an identified exploit or a suspected exploit Vulnerability Statistics: Vulnerability Statistics 70.7% of all attacks are initiated remotely 11.4% of all attacks are initiated from the local network 17.89% are initiated from the local machine 27% of all attacks are to gain system access 21% are Denial of Service attacks 12% are privilege escalation attacks 17% seek to expose sensitive or system level information Source: http://www.secunia.org/advisory_statistics Illustrating the Risk: Illustrating the Risk Some spyware is suspected of sending captured data to North Korean intelligence agency servers North Korean government is suspected of selling data to criminals and organizing Denial of Service Attacks South Korea’s Defense Ministry claims North Korea has an aggressive hacker training program that includes five years of university training Source: http://www.nwfusion.com/reviews/2004/121304rev.html Slide5: WHAT IS THE MOST EFFECTIVE STRATEGY TO TRANSFORM AND TRANSITION STATE GOVERNMENT FROM CURRENT CULTURAL AND OPERATIONAL PRACTICES TO ONE OF MORE CROSS-AGENCY COLLABORATION, COMMUNICATION, AND COOPERATION…IN ORDER TO ACHIEVE A MORE EFFICIENT DELIVERY OF MISSION CRITICAL RESULTS…AND TO IMPROVE CUSTOMER SERVICE…BOTH INTERNALLY AND EXTERNALLY…? Citadel’s Hercules: HOW DO WE PROTECT THE INFORMATION THAT IS GATHERED, STORED, AND SHARED WHILE SECURING THE NETWORK AND COMPUTING ASSETS THAT SUPPORT THE OPERATIONS AND ACTIVITIES OF THE VARIOUS AGENCIES AND DEPARTMENTS OF STATE GOVERNMENT…? Citadel’s Hercules Enterprise Vulnerability Management: Enterprise Vulnerability Management Citadel Addresses all Classes of Vulnerabilities: Citadel Addresses all Classes of Vulnerabilities Unsecured Accounts Accounts with no PW, no PW expiration, known vendor supplied PW, ... Unnecessary Services Telnet, KaZaa, other P2P, rsh, echo, chargen, ... Backdoors MyDoom.A, W32.Beagle.I@mm, NETBUS, BACKORIFICE, SUBSEVEN, … Mis-configurations Netbios shares, Anonymous FTP world read/write, hosts.equiv, … Software Defects Buffer overruns, RPC-DCOM, SQL Injection, ... Patch Management Microsoft UNIX Linux Citadel Overview: Citadel Overview Citadel Security Software: Citadel Security Software Leading provider of security solutions that: Manage Information Security Risk Reduce Cyber Security Threats Enforce Policy Compliance Hercules Suite includes: Compliance Manager Remediation Manager AssetGuard : Inventory and Risk Management ConnectGuard : Endpoint Security Enterprise Reporting SecurePC : Desktop Security NetOff : Network Security Leadership in the Security Industry: Leadership in the Security Industry Cyber Security Industry Alliance Advocacy group dedicated to the improvement of cyber security through public policy, education and technically-focused initiatives OVAL (Open Vulnerability Assessment Language) Carl Banzhof – Board Member since 2002 Kent Landfield – Board Member since 2004 CVE (Common Vulnerabilities andamp; Exposures) Standard Staff Member on the Editorial Board Hercules utilizes CVE coding structures OASIS Application Vulnerability Description Language Standard Web Application Security XML (WAS) Technical Committee Federal / State Customers: Federal / State Customers Organized Crime Task Force Defense Information Systems Agency (DISA): Defense Information Systems Agency (DISA) Announced October 5th, 2004, Hercules is being implemented worldwide (in excess of 3M seats) across the Department of Defense (DOD) Combatant Commands, Intelligence Community, Armed Services and DoD agencies, Coast Guard, National Guard and Reserves. Defense Information Systems Agency: Defense Information Systems Agency Reasons why DoD selected Citadel: When evaluated against all competition, the closest competitor achieved only 40% of Citadel’s capability. Demonstrated that vulnerability remediation is significantly more that patch management. Through their own analysis, it was determined that 80% of their risk exposure surfaced from unsecured accounts and unnecessary services. A United States Air Force Base ROE Calculation : A United States Air Force Base ROE Calculation Scanned 104 devices, 5,821 vulnerabilities were identified (a small percentage were software patch related, the rest were backdoors, mis-configurations, unnecessary services, and unsecured accounts). USAF took a conservative estimation of 15 minutes to fix 1 vulnerability. Total time estimated for manual remediation effort is 1455 hours. Our solution remediated all 5,821 vulnerabilities in 23 minutes. Some Commercial Customers: Some Commercial Customers Our Partnerships: Our Partnerships Recent Awards: Recent Awards Best Security Management Solution US Excellence Award 'Best Government Solution' Hercules named a winner in eWEEK's Fifth Annual Excellence Awards (2005) program, in the Vulnerability Assessment and Remediation category. Citadel CTO Carl Banzhof named to the Top 25 CTOs. Organizational Business Drivers: Organizational Business Drivers Typical business drivers: Typical business drivers Reduce Business Risk Protect data confidential and sensitive information Maintain service level continuity and technology availability Drive Cost Efficiencies Minimize loss associated with security exploits Automate manual protection processes Establish consistent enterprise-wide processes Realize a rapid ROI on solutions and services Demonstrate Compliance Comply with current or future government legislation and mandates (Gramm-Leach-Bliley, Sarbanes-Oxley, FISMA, HIPAA, etc.) Reduce organizational and public liability Risk Management Challenges: Risk Management Challenges You are at WAR against an increasing volume, frequency and complexity of security threats Organizations are losing REAL information and it cost a lot of money Security is no longer just worms and viruses causing occasional business disruption, it is evolving rapidly into a significant matter personal exposure, national security and economic stability Keeping up with latest threats: Keeping up with latest threats Most organizations resources and manual processes don’t cut it! Increasing number of threats and vulnerabilities Decreasing time to exploit Little corresponding increase in IT resources CERT/CC CERT/CC, Microsoft, SANS Cost Coordination / Control Challenges: Cost Coordination / Control Challenges Inconsistent application of efficient security process across the enterprise Point tools result in incomplete, fragmented security enforcement Current manual processes are inefficient, duplicate and error-prone Lack of coordination across organizational boundaries and responsibilities I Want I Have I Get A secure enterprise with vulnerability mgmt. and reporting Lots of disparate GUIs and reports Compliance Management Challenges: Compliance Management Challenges Difficulties providing timely, accurate evidence that you are secure and compliant Cohesive reporting on enterprise security status Incomplete coverage Inconsistent formats Insufficient depth Translating written security policy into enforceable action Preparing for dynamic audit assessments andamp; requirements Enforcing policy across complex, widely-distributed networks Securing mobile and rogue devices that puncture the perimeter Compliance Drivers: Compliance Drivers Sarbanes-Oxley Act Gramm-Leach-Bliley Act (GLBA) California SB-1386 Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry (PCI) Data Security Standard ISO17799 Basel II Clinger-Cohen Act Presidential Decision Directive 63, Protecting America's Critical Infrastructures Federal Information Security Management Act (FISMA) Security Standards for Electric Market Participants, Federal Energy Regulation Commission (FERC) Cyber Security Standard 1200, North American Electric Reliability Council (NERC) Citadel Solutions to Secure the State: Citadel Solutions to Secure the State Citadel Enterprise Vulnerability Management : Citadel Enterprise Vulnerability Management Identify: Identify Identify – Establishing a Baseline: Identify – Establishing a Baseline Identify what you have and what you want Asset baseline Device discovery Device Security Inventory NetBIOS Ports Services User groups / accounts Software (Peregrine Project data coordination) Security configuration baseline Policy Identification / Creation Out of the box experience – Wizard or Power User: Out of the box experience – Wizard or Power User Slide31: Wizard Slide32: Wizard Slide33: Wizard Assess: Assess Assess – Find the Problems: Assess – Find the Problems Find Policy Violations Automated compliance audit (Top-down) Enforce policy compliance Find Vulnerabilities Existing in your environment (Bottom-up) Vulnerability assessment Scan network (x) Import Aggregate In the wild (Targeted) Vulnerability notification and advisory Decide What to Do Visualization Risk prioritization Vulnerability severity Asset business value Asset technical value Policy and Configuration Compliance: Policy and Configuration Compliance Overview Targets the security group Within many organizations there is a separation of work between the Security and IT personnel. Security personnel often don’t have the authority to make changes to the systems in the enterprise. By providing a compliance only mode of operation, security personnel will be able to audit the state of their organization’s systems with out actually modifying these systems. Feature Set Check the compliance of devices against a known set of parameters. Compliance only will be the default mode. Remediation will be licensed as an add-on feature Compliance Only mode The user may perform all tasks now available on a Hercules Server except the Hercules Agent will not do an actual remediation of its device. It will instead perform the compliance portion of the remediation. Full Remediation mode The user can choose to run a Remediation, Policy Enforcement or Action Pack in 'Compliance Only' mode or 'Remediation' mode. Operational dashboards: Operational dashboards Access-anywhere, Customizable Dashboard Operational Dashboards : Operational Dashboards The Power of AssetGuard: The Power of AssetGuard Detailed queries leveraging AssetGuard device data can rapidly pinpoint known vulnerable devices Citadel delivers ActionPacks using AssetGuard data to rapidly deploy hot patches and mitigate IT security configuration issues. Risk Rating: Risk Rating Overview The value of hardware and software assets across an enterprise varies according to their usage, whether by the service(s) they provide, by the group(s) that they support, etc. In addition, some assets are inherently more susceptible and vulnerable to attack. This feature will automatically calculate a device’s risk rating based on several factors and display the risk graphically to the user. The data used in the calculations will be supplied by Citadel, with the user also being able to input custom data. This feature will be licensed separately. Feature Set Device Risk Value Determined by business impact, vulnerabilities, and technical asset value. Displayed graphically (ie. high, medium, low) Device summary list as a column on the Manage Devices page Security Posture Display Dashboard Device Group Risk Value The values for all devices within a particular Device Group will be rolled up (through a similar algorithm) to derive a risk value at the Device Group level. A business impact rating may be applied at the group level to adjust the sensitivity of the overall Group rating. Risk Rating Algorithm: Risk Rating Algorithm Comprised of Technical Asset Rating (A) Vulnerability Rating (V) User defined Business Impact Rating (B) Formula DeviceRisk = A * V * B GroupRisk = ∑ DeviceRisk * B Enforce: Enforce Enforce – Fix the Problems: Enforce – Fix the Problems Policy Enforcement Define asset baseline Define security baseline Enforce IT security configuration Scan and Remediate Assess vulnerability state Remediate detected vulnerabilities Near Day Mitigation New, critical vulnerabilities Key assets Eliminate Existing Vulnerabilities Resolve Policy Exceptions Neutralize the Latest Threats Policy Enforcement – Compliance Check : Policy Enforcement – Compliance Check 'Compliance Check' mode of operation, security personnel will be able to audit the state of their organization’s systems with out actually modifying these systems. Hercules Policy Compliance provides a comprehensive policy and configuration assessment process to mitigate risk and ensure compliance with security policies, government regulations and industry standards. Hercules Policy Templates: Hercules Policy Templates Consistently audit and enforce security policy across the enterprise Supports multiple operating systems Scheduled or on-demand enforcement Tailor to your requirements and internal environment Share consistent policy Detailed compliance assessment Password settings, account privileges, event logs, audit settings, files, services, legal notices, etc. Brings non-compliant devices back into compliance Extend Enforcement to Endpoint Devices (Remote computing environment): Extend Enforcement to Endpoint Devices (Remote computing environment) Host-based quarantine and remediation solution Protection for disconnected devices (laptops, desktops, servers) Prevents un-trusted devices that have been off the network from gaining access to the network until remediated Delivers the fastest path to connectivity and productivity 'The consistent sanitization of infected endpoint devices and enforcement of security and configuration polices before reconnecting to the network is critical to ensuring the security of enterprise networks.' - The Meta Group End Point Security: End Point Security Capabilities of ConnectGuard ConnectGuard blocks a client from communicating with the network when it is first powered up. The Hercules Client will then contact its Hercules Server, and apply appropriate remedies and policy settings before being allowed on to the network. Cisco NAC Support: Cisco NAC Support Overview Network Admission Control (NAC) is an industry-wide initiative that provides for endpoint network security All endpoint devices seeking network admission are validated for their credentials and compliance with established security policies before being granted access NAC architecture allows Hercules to integrate the credential validation and policy enforcements of devices that seek access to the network into the framework A Hercules NAP enforcement can be implemented with either ConnectGuard or NAC Benefit Flexible solution for enterprise Network Access Control Cisco NAC: Cisco NAC Scan and Remediate (Bottom-up): Scan and Remediate (Bottom-up) Near Day Mitigation (Targeted): Near Day Mitigation (Targeted) Actionable asset intelligence Immediately identify and remediate vulnerabilities on key assets Asset Inventory Asset Query ActionPacks Empowers policy enforcement and remediation Compiled from CERT, SANS and Microsoft websites Maintain and Report: Maintain and Report Security posture interactive displays: Security posture interactive displays Security Risk posture risk quotient : Security Risk posture risk quotient Assists in Security Decisions Enterprise Risk Reporting: Enterprise Risk Reporting What is being done to mitigate risk: What is being done to mitigate risk Audit and Compliance Reporting: Audit and Compliance Reporting Most significant threats reporting: Most significant threats reporting Slide59: Enterprise / Departmental Reporting Enterprise Reporting: Enterprise Reporting Overview Three levels of reporting: Base reporting – reports that go with every Hercules offering Hercules server reporting – separately includes additional reports and the reporting schema is documented Hercules enterprise reporting – separately includes all functionality of Hercules server reporting plus the ability to Departmentalize and provide rollup reporting for many organizational entities Benefit Report on the state of security across the enterprise Management Reports: Management Reports Executive Review Report – Shows risk assessment, vulnerability exposure, device status, and action plan. Compliance Report - Shows the overall compliance of all devices that are in the managed Hercules network. Policy Compliance Report – Shows device compliance on a per-policy basis. Device Status Report – Shows device status, inventory, ConnectGuard, and Heartbeat sections. Remediation Status Report – Shows feedback from a scheduled remediation. Vulnerability Trend report – Shows trends in the number of threatening vulnerabilities. Compliance Trend Report – Shows trends in the number of devices compliant for remediations, policy enforcements, and action packs. Policy Compliance Trend report – Shows trends in the number of compliant devices for policies. Device Status Trend – Shows device coverage by the Hercules managed network over time. Risk Trend Report – Shows trends in the risk assessment for devices. Inventory Differential – Shows the delta between baseline, historical, and current inventory data. Do Not Fix Report – Shows vulnerabilities that have been marked for 'Do Not Fix'. Device Vulnerabilities Distinct Vulnerability by Import Session Recurring Vulnerabilities Remediation History Vulnerability and manual Fix Vulnerability Comparison by Date-Group Return on Investment (ROI) User Roles by Role Differential report Hercules Reports: Hercules Reports Executive Review – Vulnerabilities: Executive Review – Vulnerabilities Executive Review - Devices: Executive Review - Devices Executive Review – Action Summary: Executive Review – Action Summary Summary Hercules Advantages: Summary Hercules Advantages The MOST Remedies: The MOST Remedies 20,000 + Remedies Thank You! Tom Bossie: Thank You! Tom Bossie Questions? Phone: (678) 578.2442 Web: www.citadel.com Email: tbossie@citadel.com What Hercules Delivers: What Hercules Delivers - Manage IT risk under one roof A consistent enterprise business process solution - Extend the capabilities of your security team Get more done in less time with less effort - Matches the scope of your IT security policy Eliminate vulnerabilities before they’re exploited - Thorough auditing, remediation and reporting Provides timely, accurate evidence that you are secure and compliant Makes existing security technologies more effective - Manages what you manage Closes the gaps in security coverage - Improves utilization of resources Rapid ROI Drives cost efficiencies Consistent enterprise remediation Hercules AVR Technology: Hercules AVR Technology World’s largest repository of over 20,000 tested, signature remedies Remediation intelligence Actionable remedies– not manual steps Controlled automation Pre-remediation compliance checks and policy enforcement