. : Network Security Solutions – Vulnerability Management
eEye Digital Security, www.eeye.com
Retina® Network Security Scanner , recognized as the industry standard for vulnerability assessment, identifies known network security vulnerabilities and assists in prioritizing threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities. Users can also leverage Retina for security risk assessment , project risk management and enforcing standards-based registry settings through custom policy audits. And, because the majority of Retina scans can be conducted without administrator rights, Retina is the easiest scanner to use, and the most cost-effective to deploy.
Retina leverages the expertise of eEye's Security Research Team , incorporating the most comprehensive and up-to-date vulnerabilities database and scanning technology, which is automatically downloaded at the beginning of each Retina session. This enables network security professionals to proactively secure their networks against vulnerabilities.
For the most accurate and comprehensive vulnerability assessment scanning solution, download an evaluation of Retina Network Security Scanner and experience first hand the benefits of multiplatform security vulnerability risk assessment, scanning your network vulnerabilities while addressing regulatory compliance audits. For those organizations looking to enforce the overall security of their remote access deployments, eEye offers Retina® Scan on Connect to audit systems attempting to access the network via SSL/VPN's.
REM™ Security Management Console
eEye's REM™ Security Management Console provides a single point of visibility for security risk management solutions, managing critical data specific to network vulnerabilities and machine resiliency, providing the overall network security posture of an organization. REM can immediately assess and improve an organization’s risk profile, enabling security teams to focus their efforts on the areas that matter most. REM's vulnerability management portal allows for the rapid identification and prioritization of threats, thus optimizing resources to focus on the most critical vulnerabilities first. Advanced workflow capabilities also allow groups to collaborate in ongoing remediation efforts, increasing operational efficiency.
Leveraging vulnerability, attack and policy related information provided by Retina® and Blink® in local or distributed environments, REM provides organizations with metrics and graphical representations of enterprise security risk. This enables administrators to quickly determine security status on any number of levels, including business unit, geographic location, operating system, etc. This ability to pinpoint risk and quantify its impact gives security teams the information required to quickly adapt their security strategies.
For organizations that rely on enterprise applications such as help desk, framework or network monitoring solutions, REM’s open architecture provides for seamless integrations with those platforms, passing along vulnerability data to further leverage such investments, delivering reduced IT costs and further operational efficiencies.
For more information:
Document resources: http://www.eeye.com/html/resources/index.html
eEye Customers: http://www.eeye.com/html/clients/index.html
Solution Overview: McAfee Foundstone Enterprise
To improve your overall security status and effectively preserve your investment, it’s important to direct resources where you need them most. Our vulnerability management and risk mitigation solution balances asset value, vulnerability severity, and threat criticality.
- Measures regulatory compliance - Accurately determines whether you comply with common regulations; you get specific templates for Sarbanes-Oxley, FISMA, HIPAA, BS7799/ISO17799, and PCI, so that you can prepare for certification audits
- Find out how new threats affect you - Foundstone's Threat Correlation ranks the risk potential of new threats by correlating events to your asset and vulnerability data
- Two-way SNMP communication - Automatically creates trouble tickets in systems you already have and verifies successful remediation before allowing your system to close the ticket
- Integrates with IntruShield IPS - Works with our industry-leading network IPS to deliver the industry’s first risk-aware intrusion prevention solution; IntruShield correlates Foundstone data to direct you to the most relevant threats
- SSH credentialed scans for common platforms - In-depth scans of critical UNIX (Red Hat® Enterprise, Solaris™, AIX), Cisco IOS, and Microsoft Windows systems deliver accurate and detailed assessments
- Communicates and integrates via SNMP with third-party applications - Automatically opens and assigns trouble tickets to third party systems you already have; it also verifies remediation before allowing your system to close tickets
- Teams up with Preventsys for compliance management and reporting - McAfee® Preventsys Compliance Auditor analyzes Foundstone data to make sure users are adhering to policies; it also calculates risk, monitors your risk score, and automates compliance reporting from third-party tools
For more information:
McAfee-Foundstone datasheet: http://www.mcafee.com/us/local_content/datasheets/ds_foundstone_enterprise.pdf
Case Study – AT&T:
The StillSecure® VAM™ vulnerability management platform identifies, tracks, and manages the repair of network vulnerabilities across the enterprise. VAM mitigates the risk of network exploitation through end-to-end vulnerability lifecycle management. VAM serves as your vulnerability command and control center, delivering:
- Systematic vulnerability scanning: fast, accurate, comprehensive, with minimal network impact
- Automated, scheduled device discovery and network mapping; fully configurable, tunable
- Extensible Vulnerability Repair Workflow™: automatic assignment of repairs and scheduling, lifecycle tracking, automated repair verification, detailed device histories
- Technical and management reporting
- Trending and workflow analysis
- Multi-user, role-based permissions/access
- Distributed architecture for large organizations; centralized data warehousing
Integration within the enterprise IT environment
The optional Enterprise Integration Framework™ (EIF) module facilitates the complete integration of the vulnerability management process within the IT environment (shown at left). The EIF is a set of open APIs (available both in Java and XML) that allows external systems to execute commands, import data to, export data from, and act on vulnerability data within VAM's core vulnerability management process.
Through this open architecture, VAM serves as a network vulnerability command center, providing a common view of all vulnerability data, and consolidating data and processes from other vulnerability-related systems, such as third-party scanning tools and patch managers. For example, VAM can create, update, or close out a trouble-ticket in a third-party system such as Remedy or Peregrine (shown at left).
Likewise, VAM can import data from other vulnerability scanners, such as Nessus, ISS Internet Scanner, Harris STAT® and others. The VAM Enterprise Integration Framework provides:
- Centralized management of all vulnerability data – A single, integrated, end-to-end repository where all vulnerability information, activities, and data are managed.
- Vulnerability management across disparate systems – Integrates with third-party and internal systems to provide an auditable workflow.
- Leveraging of IT investments – Increases the value of existing IT systems and processes, streamlines security administration, and reduces training and management costs.
- Proactive risk mitigation – Requires less overhead and provides a repeatable means to continually mitigate the risk of an attack on the network.
The EIF also includes the Extensible Security Plug-In Architecture TM (ESPA), an open architecture that enables users to extend VAM’s functionality by fine-tuning the workflow to meet specific organizational requirements. Executed directly from the VAM interface, plug-ins perform business operations unique to the enterprise’s needs, such as sending data to business-critical systems or home-grown IT systems. Users can also build plug-ins to modify VAM; for example, customizing workflow prioritization or changing device profile information. Highly flexible, plug-ins can be developed using any programming or scripting language that can parse XML.
For more information:
VAM technical summary More »
VAM product datasheet More »
VAM feature list More »
White paper: Passing an
information security audit More »
Case study: Dickinson Wright More »
Case study: UCH Hospital More »
VAM 508 Accessibility (VPAT) More »
To know more about any of Secure Datacom’s Security Solutions, contact your SDI salesperson or email us.