Solsoft Network Security Change Management Platform

Domenick LionettiVP Sales and Business Development

AGENDA

Today’s Network Security Challenges

Compliance Issues

Customer Use Cases

Solsoft Products and Company

Summary of Benefits

Q & A

Company

Key industry partnerships

• Cisco AVVID/Ecosystem Certified Partner• Juniper/Netscreen Alliance Partner• Nortel Contivity Alliance• Check Point OPSEC • Internet Security Systems• Arc Sight, IBM (Micromuse, Guardednet), Network Intelligence,

netforensics• OPSWARE• Computer Associates Developer Partner• HP WW Reseller and OpenView Platinum Partner

History

Background/Focus

• Solsoft Established in 1997• Started workstation to Design ACL’s for Cisco

Routers, now supports large multi-vendor networks• 4th Generation Solution• Over 100 man-years in Product Development• US Headquarters in Mountain View, CA• Enterprise and Service Provider Markets• Oct 2006 Merged with Exaprotect

A unique PDCA Security Management Cycle

• Sec. policy design• Simulation• Audit trail

• Implement• Communicate

• Configure logging

• Report/Audit• Alert on sec.• Policy deviations• Spot configuration changes

• Incident management• Active/guided• remediation

Our Two Solutions to meet SecurityCompliance (Security Rule Design andMonitoring)

1. « Solsoft Policy Server »: Network Security Policy and Configuration Management (FW, Router, Switch, IPS/IDS)

- Solsoft SPM product- + new SPM features- + OS Updates, Restore, Full Config Management Features (Dec

2007)2. Exaprotect SIEM : (Security Event Monitoring)

- Exaprotect SMS product- + new SMS features- + new SPM features to do remediation

Over 200 Customers Worldwide

• Over 20 Fortune 500 • Johnson & Johnson, Visa International Turner

Broadcasting, Occidental Petroleum, Veritas, Best Buy, Marsh, Johnson Controls, KeyBank, TD Ameritrade, APPLE Computer…

• Service Providers and Telco’s• AT&T Solutions, ISS (IBM), Verizon (Totality

group) Maxis Wireless, Vodafone, T-Mobile,TelePac, WIND, Telecom Italia, Hutchinson 3G, Telekom Austria, UMC, E-Plus, Colt, Bouygues, Proximus, Unisys

• Government agencies• DOJ, US Army, Pentagon, US Postal Service

Israel Defense Force, State of Oregon, State of Minnesota, OECD, German Ministry of Finance, State of Freiburg (CH), La Poste, URSSAF, French Army, INA, NASA, French Weather Service, …

• Other Customers and Institutions• University of Chicago, University of Maryland,

Harvard, Nasdaq, MD Anderson, Lidl, Renault, Intelsat, Hugo Boss, Alcatel, Total, …

Solsoft Solution

• Change Management Platform (provides a common platform for Enterprise and Service Providers to receive, track and implementsecurity change requests across their network)

• Network Security Compliance and Audit Reporting Engine (provides proof of compliance, creates detailed reports on who, what, when and why security changes were performed) Ensures that Corporate Security Policy is actually running on the Network

• Intelligent Threat Mitigation/Remediation (understands impact of changes upon Network Security Policy, it virtualizes the impact of the rules prior to deployment)

• Policy Engine: engine is flexible and can design Security Policy for multi-vendor security technologies such as routers, switches, Firewalls, IPS/IDS.

Security Management Challenges

Show Proof of SOX, ISO BS7799, PCI Compliance, track and Implement Change Management Requests

Must Understand all the Devices which are Impacted by Policy Change

Managing Expired Rules

Must Have Experts on Multi-vendor Platforms

Hard to Manage Multi-vendor Network and Migrate to new Technology

Management

IssuesCost to Organization

Fines and Penalties

High Cost of Generating Audit and Compliance Reports

High Training and Personnel Costs (Require larger teams)

Damage from Network and Application layer attacks

Must remain on Higher Cost Network Security Platforms

Customer Security Requirements

• ISO and Payment Card Industry Data Security Standard (PCI)The audit item SS00.f019 listed the following requirements:

1. Ensure globally configurable rules are consistent among all firewalls2. Ensure firewall management consolidation project is completed3. Ensure a review process exists for installation of rule bases4. Routinely review firewall security configurations 5. Review firewall accounts, client lists, and firewall rules on a regular basis6. Ensure inappropriate firewall authentication methods are disabled7. Ensure firewall rule creation, installation, and review processes are

established8. Ensure standard firewall management procedures are appropriately

applied to all firewalls and are managed securely• In addition, ISO/PCI Requirements:

A. Provide security and separation-of-duties oversight for firewalls using Policy Management, including review and change control processes

B. Provide security and separation-of-duties oversight for routers using ACL’s, including review and change control processes

Security Compliancy Requirements

Common items that come up in an infrastructure audit include:• Only authorized personnel have access to security systems• Authorized personnel only have access to security systems and

functions for which they have responsibility for (separation of duties)

• All activity by authorized personnel as well as any security systems transactions are logged and identified with the responsible party and/or process

• Ensure workflow and tracking process exists for the implementation, maintenance, and decommission of approved services

• Insure security baseline standards are implemented on all systems

• Ensure configuration consistency for security systems providing global services

Open Security Management Platform

• Solsoft Policy Server APICustomer Portals: Policy review or

automated change requests• Network monitors• Event Correlation / SIEM• OSS• Help desk system• In-house and Legacy

• Solsoft Device SDK• New Device Integration

• Firewall, IPS, IDS• VPN• Routers and Switches

• Productized, used internally• Built-in tools + training and direct

development support• Certification program

SOLSOFTPOLICYSERVER

BusinessRequirements

Security Audit

VulnerabilityAssessment

Event Correlation

Firewalls

VPNs

Routers

Switches

Adaptive Security Management

BusinessRequirements

Security Audit

ExaProtectEvent

Correlation

VulnerabilityAssessment

Defensive Policy Change

(shunning ports and addresses)

Integration cases

Verify Status of Applied Policy Automatically

Query Active Policy to perform

better vulnerability

analyses

In House Help Desk

Enabling tracking new policy requests and apply

modificationsSOLSOFTPOLICYSERVER

SPS API

In House Audit Tools

Verify status of applied policies automatically

Vulnerability Assessment

Query Active Policy to perform better

vulnerability risk analysis

SIM /SEM

Get Policy information to enhance correlation

SIM/ SEM

Defensive Policy Change (shunning ports and

addresses)

Solsoft Security Change Management

• Translates Visual Security Policy into Multi-Vendor device-specificcommands (Design via: Topology, Tabular and API Scripting)

Example: Access Control Lists, Anti-spoofing, Fully Meshed IPsec VPN, Network Address Translation, Cluster and Virtual Systems

Security Policy Design Complex Security Rules

Device-Based vs. Policy Based

?

• Ensures consistent security policy throughout the network• Common Interface for management across multiple vendor technologies • Gains in efficiency, small team can manage more complex networks• Shortens Response time to Network and Application level attacks

Policy-basedDevice-based

All Cisco Network Security Management

VPN Concentrator

Layer 3 Switch

FirewallRouter ACLs

Firewall Enabled Router

• Secure Method of rule creation (DenyAll)

• Automatically generates security rules for each device in the path

• Device Independent• End-to-End Rule Enforcement

Mixed Vendor Network Security Management

Check Point

Nortel

Linux Linux

Cisco

NetScreen Nortel

Intel / Shiva Astaro

Symantec Cipheroptics

Cisco Check Point

ISS Proventia MLinux Net Filter

Network and Security Collaboration

• Client Server Based Architecture (Remote Change Management)

• Granular Role Based Access

• Policy Workflow Management

Security Policy Version Control

• All policy changes made are archived and users actions logged• Unlimited Roll-back of ANY configuration • Ability to Push out Pre-Defined Security Policy based on

different threat level scenarios• Diff Function can show changes between Policy Versions

Security Reporter: Search Engine

Search for any rules in a few clicks for policies enforced on multiple firewalls

All Rules that Expire this month

All rules for Change Request number 12345

All rules allowing port 135 (i.e. Blaster port)

All rules a specific source and destination

Full complete search for not only rules but any object defined in Solsoft

Extensive Reporting Capability: Who, When, What, Why

device communication

Individual policy changes

Topology changes

Delta Reports/Pre-Post: Who When, What, Why

Compliance/Auditing Reporting

Solsoft provides an automatic versioning control and records all actions performed under Solsoft like:

All device communications (upload, compare, checks)

All individual policy changes(new, modified, deleted rules)

Compare: show changes made outside Solsoft Interface via CLI

All topology changes(new, modified, deleted objects

VISA International

Challenge• Managing Security Changes on Firewalls at 3 Datacenters protecting

1,700 servers at each Datacenter. Security Team had no visibility into the network security policy in determining if VISA was within Security Compliance. They required a role based, scalable, easy to use solution that would allow the Network and Security Team to implement a security change management process.

Solsoft Solution• Solsoft Policy Server provided VISA a way to view complex Security

Rules and generate audit reports. The Network Team found a more efficient way to design and manage security rules across Cisco routers IOS (FW and VPN), PIX FW, VPN 3000, Catalyst Switches and Check Point devices.

United States Postal Service

Challenge• Manage over 300 Sites protect by Firewalls from Cisco PIX (majority),

Check Point and Netscreen . Vendor’s own management solutions where not scalable and flexible enough. Before Solsoft: It took 3 Engineers, 5 Days to make changes across their 300 site environment

Solsoft Solution• Solsoft Policy Server provided a flexible multi-vendor management

solution. It cut change management time by 73% and reduce learning curve for new engineers. AFTER Solsoft it takes USPS 2 Engineers, 2 Days to make the same changes.

AT&T Solutions MSSP (Department of Justice)

Challenge• Find a Scalable, Cost Effective Way to Manage a Mixed Cisco Security

Environment from a Single User Interface. Required the Ability to Manage 3,200 Cisco devices which include IOS, PIX FW, VPN and FWSM. Provide a competitive management solution versus Sprint Netscreen. Wanted the Flexibility to Expand Use of Management to Other Vendor Products Without Re-training Operators

Solsoft & Cisco Solution• Resulting in award AT&T award consisting of Cisco and Solsoft Policy

Server products. Solsoft provided the Visual Single Management Interface across Cisco routers IOS (FW and VPN), PIX FW). AT&T to development customer management portal using Solsoft Web Services API.

Solsoft Policy Server (SPS)

Customer Benefits

CONSISTENT SECURITYCHANGE MANGEMENT PROCESS AND RULE CREATION

IMPROVEMENT IN WORK FORCE EFFICIENCY (Lowers management Costs)

CENTRALIZED CONTROL OVERSECURITY

SOLSOFT POLICY SERVERIMPACT ON ROI

IMPROVED RISK MANAGEMENT/LOWER SECURITY RISK and SHOW PROOF OF SECURITY COMPLIANCE

INCREASED PRODUCTIVITY: Measurable Man-hour Savings. Small Team can manage more devices.

INVESTMENT PROTECTION, FLEXIBILITY TO MIGRATE

BENEFITS

Example of Existing Change Request Form

• Users type• Requestor (Business

Unit)• Authorizer (IT Team)• Security Officer • Firewall Admin (IT

Team)

Example Customizable CRF Web Pageby Solsoft

Integrated SIM-SEM and Security Policy Management

SOLSOFTPOLICYSERVER

Event Correlation

SPS API

Integration caseDefensive

Policy Change (shunning ports and addresses)

Defensive Policy Change

1) Connect SPS2) Open current running

version3) Add special denial policy4) Check Policy

(Regenerate configuration)

5) Re-Deploy or6) Request user to deploy

Alert

• Solsoft offers both a Stand Alone and combined/integrated solution

• Comprehensive solution managing all the network at once• Eliminates the necessity of multiple users to react, less error

prone