domenick lionetti · solsoft solution • change management platform(provides a common platform for...
Post on 16-Oct-2020
3 Views
Preview:
TRANSCRIPT
Solsoft Network Security Change Management Platform
Domenick LionettiVP Sales and Business Development
AGENDA
Today’s Network Security Challenges
Compliance Issues
Customer Use Cases
Solsoft Products and Company
Summary of Benefits
Q & A
Company
Key industry partnerships
• Cisco AVVID/Ecosystem Certified Partner• Juniper/Netscreen Alliance Partner• Nortel Contivity Alliance• Check Point OPSEC • Internet Security Systems• Arc Sight, IBM (Micromuse, Guardednet), Network Intelligence,
netforensics• OPSWARE• Computer Associates Developer Partner• HP WW Reseller and OpenView Platinum Partner
History
Background/Focus
• Solsoft Established in 1997• Started workstation to Design ACL’s for Cisco
Routers, now supports large multi-vendor networks• 4th Generation Solution• Over 100 man-years in Product Development• US Headquarters in Mountain View, CA• Enterprise and Service Provider Markets• Oct 2006 Merged with Exaprotect
A unique PDCA Security Management Cycle
• Sec. policy design• Simulation• Audit trail
• Implement• Communicate
• Configure logging
• Report/Audit• Alert on sec.• Policy deviations• Spot configuration changes
• Incident management• Active/guided• remediation
Our Two Solutions to meet SecurityCompliance (Security Rule Design andMonitoring)
1. « Solsoft Policy Server »: Network Security Policy and Configuration Management (FW, Router, Switch, IPS/IDS)
- Solsoft SPM product- + new SPM features- + OS Updates, Restore, Full Config Management Features (Dec
2007)2. Exaprotect SIEM : (Security Event Monitoring)
- Exaprotect SMS product- + new SMS features- + new SPM features to do remediation
Over 200 Customers Worldwide
• Over 20 Fortune 500 • Johnson & Johnson, Visa International Turner
Broadcasting, Occidental Petroleum, Veritas, Best Buy, Marsh, Johnson Controls, KeyBank, TD Ameritrade, APPLE Computer…
• Service Providers and Telco’s• AT&T Solutions, ISS (IBM), Verizon (Totality
group) Maxis Wireless, Vodafone, T-Mobile,TelePac, WIND, Telecom Italia, Hutchinson 3G, Telekom Austria, UMC, E-Plus, Colt, Bouygues, Proximus, Unisys
• Government agencies• DOJ, US Army, Pentagon, US Postal Service
Israel Defense Force, State of Oregon, State of Minnesota, OECD, German Ministry of Finance, State of Freiburg (CH), La Poste, URSSAF, French Army, INA, NASA, French Weather Service, …
• Other Customers and Institutions• University of Chicago, University of Maryland,
Harvard, Nasdaq, MD Anderson, Lidl, Renault, Intelsat, Hugo Boss, Alcatel, Total, …
Solsoft Solution
• Change Management Platform (provides a common platform for Enterprise and Service Providers to receive, track and implementsecurity change requests across their network)
• Network Security Compliance and Audit Reporting Engine (provides proof of compliance, creates detailed reports on who, what, when and why security changes were performed) Ensures that Corporate Security Policy is actually running on the Network
• Intelligent Threat Mitigation/Remediation (understands impact of changes upon Network Security Policy, it virtualizes the impact of the rules prior to deployment)
• Policy Engine: engine is flexible and can design Security Policy for multi-vendor security technologies such as routers, switches, Firewalls, IPS/IDS.
Security Management Challenges
Show Proof of SOX, ISO BS7799, PCI Compliance, track and Implement Change Management Requests
Must Understand all the Devices which are Impacted by Policy Change
Managing Expired Rules
Must Have Experts on Multi-vendor Platforms
Hard to Manage Multi-vendor Network and Migrate to new Technology
Management
IssuesCost to Organization
Fines and Penalties
High Cost of Generating Audit and Compliance Reports
High Training and Personnel Costs (Require larger teams)
Damage from Network and Application layer attacks
Must remain on Higher Cost Network Security Platforms
Customer Security Requirements
• ISO and Payment Card Industry Data Security Standard (PCI)The audit item SS00.f019 listed the following requirements:
1. Ensure globally configurable rules are consistent among all firewalls2. Ensure firewall management consolidation project is completed3. Ensure a review process exists for installation of rule bases4. Routinely review firewall security configurations 5. Review firewall accounts, client lists, and firewall rules on a regular basis6. Ensure inappropriate firewall authentication methods are disabled7. Ensure firewall rule creation, installation, and review processes are
established8. Ensure standard firewall management procedures are appropriately
applied to all firewalls and are managed securely• In addition, ISO/PCI Requirements:
A. Provide security and separation-of-duties oversight for firewalls using Policy Management, including review and change control processes
B. Provide security and separation-of-duties oversight for routers using ACL’s, including review and change control processes
Security Compliancy Requirements
Common items that come up in an infrastructure audit include:• Only authorized personnel have access to security systems• Authorized personnel only have access to security systems and
functions for which they have responsibility for (separation of duties)
• All activity by authorized personnel as well as any security systems transactions are logged and identified with the responsible party and/or process
• Ensure workflow and tracking process exists for the implementation, maintenance, and decommission of approved services
• Insure security baseline standards are implemented on all systems
• Ensure configuration consistency for security systems providing global services
Open Security Management Platform
• Solsoft Policy Server APICustomer Portals: Policy review or
automated change requests• Network monitors• Event Correlation / SIEM• OSS• Help desk system• In-house and Legacy
• Solsoft Device SDK• New Device Integration
• Firewall, IPS, IDS• VPN• Routers and Switches
• Productized, used internally• Built-in tools + training and direct
development support• Certification program
SOLSOFTPOLICYSERVER
BusinessRequirements
Security Audit
VulnerabilityAssessment
Event Correlation
Firewalls
VPNs
Routers
Switches
Adaptive Security Management
BusinessRequirements
Security Audit
ExaProtectEvent
Correlation
VulnerabilityAssessment
Defensive Policy Change
(shunning ports and addresses)
Integration cases
Verify Status of Applied Policy Automatically
Query Active Policy to perform
better vulnerability
analyses
In House Help Desk
Enabling tracking new policy requests and apply
modificationsSOLSOFTPOLICYSERVER
SPS API
In House Audit Tools
Verify status of applied policies automatically
Vulnerability Assessment
Query Active Policy to perform better
vulnerability risk analysis
SIM /SEM
Get Policy information to enhance correlation
SIM/ SEM
Defensive Policy Change (shunning ports and
addresses)
Solsoft Security Change Management
• Translates Visual Security Policy into Multi-Vendor device-specificcommands (Design via: Topology, Tabular and API Scripting)
Example: Access Control Lists, Anti-spoofing, Fully Meshed IPsec VPN, Network Address Translation, Cluster and Virtual Systems
Security Policy Design Complex Security Rules
Device-Based vs. Policy Based
?
• Ensures consistent security policy throughout the network• Common Interface for management across multiple vendor technologies • Gains in efficiency, small team can manage more complex networks• Shortens Response time to Network and Application level attacks
Policy-basedDevice-based
All Cisco Network Security Management
VPN Concentrator
Layer 3 Switch
FirewallRouter ACLs
Firewall Enabled Router
• Secure Method of rule creation (DenyAll)
• Automatically generates security rules for each device in the path
• Device Independent• End-to-End Rule Enforcement
Mixed Vendor Network Security Management
Check Point
Nortel
Linux Linux
Cisco
NetScreen Nortel
Intel / Shiva Astaro
Symantec Cipheroptics
Cisco Check Point
ISS Proventia MLinux Net Filter
Network and Security Collaboration
• Client Server Based Architecture (Remote Change Management)
• Granular Role Based Access
• Policy Workflow Management
Security Policy Version Control
• All policy changes made are archived and users actions logged• Unlimited Roll-back of ANY configuration • Ability to Push out Pre-Defined Security Policy based on
different threat level scenarios• Diff Function can show changes between Policy Versions
Security Reporter: Search Engine
Search for any rules in a few clicks for policies enforced on multiple firewalls
All Rules that Expire this month
All rules for Change Request number 12345
All rules allowing port 135 (i.e. Blaster port)
All rules a specific source and destination
Full complete search for not only rules but any object defined in Solsoft
Extensive Reporting Capability: Who, When, What, Why
device communication
Individual policy changes
Topology changes
Delta Reports/Pre-Post: Who When, What, Why
Compliance/Auditing Reporting
Solsoft provides an automatic versioning control and records all actions performed under Solsoft like:
All device communications (upload, compare, checks)
All individual policy changes(new, modified, deleted rules)
Compare: show changes made outside Solsoft Interface via CLI
All topology changes(new, modified, deleted objects
VISA International
Challenge• Managing Security Changes on Firewalls at 3 Datacenters protecting
1,700 servers at each Datacenter. Security Team had no visibility into the network security policy in determining if VISA was within Security Compliance. They required a role based, scalable, easy to use solution that would allow the Network and Security Team to implement a security change management process.
Solsoft Solution• Solsoft Policy Server provided VISA a way to view complex Security
Rules and generate audit reports. The Network Team found a more efficient way to design and manage security rules across Cisco routers IOS (FW and VPN), PIX FW, VPN 3000, Catalyst Switches and Check Point devices.
United States Postal Service
Challenge• Manage over 300 Sites protect by Firewalls from Cisco PIX (majority),
Check Point and Netscreen . Vendor’s own management solutions where not scalable and flexible enough. Before Solsoft: It took 3 Engineers, 5 Days to make changes across their 300 site environment
Solsoft Solution• Solsoft Policy Server provided a flexible multi-vendor management
solution. It cut change management time by 73% and reduce learning curve for new engineers. AFTER Solsoft it takes USPS 2 Engineers, 2 Days to make the same changes.
AT&T Solutions MSSP (Department of Justice)
Challenge• Find a Scalable, Cost Effective Way to Manage a Mixed Cisco Security
Environment from a Single User Interface. Required the Ability to Manage 3,200 Cisco devices which include IOS, PIX FW, VPN and FWSM. Provide a competitive management solution versus Sprint Netscreen. Wanted the Flexibility to Expand Use of Management to Other Vendor Products Without Re-training Operators
Solsoft & Cisco Solution• Resulting in award AT&T award consisting of Cisco and Solsoft Policy
Server products. Solsoft provided the Visual Single Management Interface across Cisco routers IOS (FW and VPN), PIX FW). AT&T to development customer management portal using Solsoft Web Services API.
Solsoft Policy Server (SPS)
Customer Benefits
CONSISTENT SECURITYCHANGE MANGEMENT PROCESS AND RULE CREATION
IMPROVEMENT IN WORK FORCE EFFICIENCY (Lowers management Costs)
CENTRALIZED CONTROL OVERSECURITY
SOLSOFT POLICY SERVERIMPACT ON ROI
IMPROVED RISK MANAGEMENT/LOWER SECURITY RISK and SHOW PROOF OF SECURITY COMPLIANCE
INCREASED PRODUCTIVITY: Measurable Man-hour Savings. Small Team can manage more devices.
INVESTMENT PROTECTION, FLEXIBILITY TO MIGRATE
BENEFITS
Example of Existing Change Request Form
• Users type• Requestor (Business
Unit)• Authorizer (IT Team)• Security Officer • Firewall Admin (IT
Team)
Example Customizable CRF Web Pageby Solsoft
Integrated SIM-SEM and Security Policy Management
SOLSOFTPOLICYSERVER
Event Correlation
SPS API
Integration caseDefensive
Policy Change (shunning ports and addresses)
Defensive Policy Change
1) Connect SPS2) Open current running
version3) Add special denial policy4) Check Policy
(Regenerate configuration)
5) Re-Deploy or6) Request user to deploy
Alert
• Solsoft offers both a Stand Alone and combined/integrated solution
• Comprehensive solution managing all the network at once• Eliminates the necessity of multiple users to react, less error
prone
top related