Docstoc

SMS by Mohamed Helmy

Document Sample
SMS by Mohamed Helmy Powered By Docstoc
					Security Management System (SMS) - Updates

Mohamed Helmy, CISM , CISSP, ITIL
Technical Manager - KSA , Egypt and Levant
Agenda:
• SMS Overview
• Understanding the Problem
• How SMS Solves the Problem
  –   SMS New Features.
  –   SMS Policy.
  –   SMS High Availability.
  –   SMS Reports
Security Management System


• Easy Installation and on-
  going Management
  – Shipped with recommended
    settings
  – No false positive tuning
  – Set and forget policy enforcement
• Extremely Scalable
• Granular, enterprise-wide
  policy management
  –   Per segment policy
  –   Per VLAN policy
  –   Directional policy (per port)
  –   Per device policy
• Automated Reports
  – Provide compliance audit reporting
    details
Understanding the Problem


• SMS allows customers to control, monitor, and report
  on their enterprise security status in a single appliance:
      •   Asset Clarification and Inventory.
      •   Risks Identification.
      •   Improve Operational Security
      •   Vulnerability Remediation and Incident Response
      •   Reinforce company configuration policies with owners
      •   Segregation of Duties
      •   Track Record of Improvement
How SMS Solves the Problem
SMS: New Features.



•   Dynamic flexible security policy Deployment.
•   Quarantine Deployments – Ease of Use
•   Deeper IPS Management
•   API Overview
 Dynamic Flexible Security Policy Deployment




Now you can decide
what policies are active
during times they make
sense – can also have
them triggered by
external systems
Quarantine Deployments – Ease of Use




RADIUS no
longer needed
for switch
actions, switch
discovery is new,
any web API can
be invoked
Deeper IPS Management




Detailed graphs
with real time
update, data
copy for all
critical IPS
metrics
API Implementation

• API allows interaction between the SMS and a 3rd party
  system
   – Implemented as servlets
   – Accessed via the SMS’ web server
   – Three major functional areas
      • Retrieve data tables and event data
      • Retrieve, upload and distribute profiles
      • Quarantine / unquarantine hosts
Data Retrieval Use Cases

• Long term storage of event data
   – When 30 million rows are not enough
• Custom reporting
   – Combine event information from multiple SMS’
   – Although progress is being made here
• Integration to SIM tools
   – Remote SYSLOG is typically used, but that is a “push” model
      • Subject to the strengths and limitations of UDP
      • SMS API is a pull model, uses TCP
• Data may be required for other uses
   – Dynamic profile creation
Profile Management Use Cases

• Sharing profiles between SMS‟
   – May be done “manually” using the SMS client
• Distributing a profile
   – Time of day
   – Response to an external event
      • Distribute “Lockdown Profile” in an emergency
• Updating and distributing a profile based on
  vulnerability scan results
• Merging one or more profiles
• “MOM” functionality
   – Specific customer needs
Localizing Reports

• Translate the text after the „=„
• Example:
   Translate the text “Severity” to the French
   This entry:
   report.severity=Severity
   becomes:
   report.severity=Sévérité
SMS Policy
Categories
                                        Category
                                     Application Protection

             Exploits                                         √
             Identity Theft                                   √
                                           Informational

             Reconnaissance                                   √
             Security Policy                                  √
             Spyware                                          √
             Virus                                            √
             Vulnerabilities                                  √
                                         Infrastructure

             NW Equipment Protection                          √
             Traffic Normalization                            √
                                     Performance Protection

             Instant Messaging                                √
             Peer to Peer                                     √
             Streaming Media                                  √
Flow of Traffic


                    VLAN 1024-2148
              A
       VLAN 107-145
                                      B        B
      A
    Segment       Segment   Segment       Segment
       1             2         3             4

                                                    Order
                    Any-Any Segment


                       IPS (2400E)
SMS‟s POLICY by Direction

• Policy by direction
   – SMS’s solution Profile by direction
      • Each direction of the segment can be in different segment groups
        (or the same)
Network Configuration View

                              Physical Segments with Direction




             Virtual Segments with Direction
Simplify for the customer

1.   Any-Any segment in a segment group called “Unused
     Segments”
2.   Place the four “physical” segments in two segment groups
     A►B & A◄B
3.   Distribute a “noisy” profile for IP addresses they can
     control
4.   Distribute a “silent but protective” profile to the other
     direction
SMS and data retention
SMS - HA


 • High Availability
   –   Reduce Fail Over conditions
   –   Greatly increase HA situation awareness
   –   Give some Synchronization options
   –   Synchronization Timing
   – Failover Awareness techniques.
        - Allow shutdown & reboot
        - Conditional Failover.
Solution Ecosystem




SEM / SIM
 Vendors           CS-MARS



              Network Intelligence
                                     Integration by:

Remediation                          Syslog
                                     SNMP

   NBA                               eMail
                                     API
SMS Reports
Events Interface




Search
conditions shown
in pull down
menus.



New Aggregation
and sort options
for events view
TP Report Config Options
Reports Available
Reports

Different Reports Formats
      PDF.
      CSV
      HTML
      XML

Action sets:
     Block.
     Block and alert
     Permit and alert
     Permit and Rate Limit.
     Packet Trace, and/or email notify.


       -
Solving the Problem


• SMS allows customers to control, monitor, and report
  on their enterprise security status in a single appliance:
      •   Asset Clarification and Inventory.
      •   Risks Identification.
      •   Improve Operational Security
      •   Vulnerability Remediation and Incident Response
      •   Reinforce company configuration policies with owners
      •   Segregation of Duties
      •   Track Record of Improvement
Thank you…
Mohamed Helmy, CISM , CISSP, ITIL
Technical Manager - KSA , Egypt and Levant
mhelmy@tippingpoint.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:10
posted:5/1/2011
language:English
pages:29