Solsoft Network Security Change Management Platform Domenick - - PowerPoint PPT Presentation

solsoft network security change management platform
SMART_READER_LITE
LIVE PREVIEW

Solsoft Network Security Change Management Platform Domenick - - PowerPoint PPT Presentation

Nov 09, 2023 285 likes •587 views

Solsoft Network Security Change Management Platform Domenick Lionetti VP Sales and Business Development AGENDA Todays Netw ork Security Challenges Compliance Issues Customer Use Cases Solsoft Products and Company Summary of Benefits Q

slide-1
SLIDE 1

Solsoft Network Security Change Management Platform Domenick Lionetti VP Sales and Business Development

slide-2
SLIDE 2

AGENDA

Today’s Netw ork Security Challenges Compliance Issues Customer Use Cases Solsoft Products and Company Summary of Benefits Q & A

slide-3
SLIDE 3

Company

Key industry partnerships

  • Cisco AVVI D/ Ecosystem Certified Partner
  • Juniper/ Netscreen Alliance Partner
  • Nortel Contivity Alliance
  • Check Point OPSEC
  • Internet Security Systems
  • Arc Sight, IBM (Micromuse, Guardednet), Network Intelligence,

netforensics

  • OPSWARE
  • Computer Associates Developer Partner
  • HP WW Reseller and OpenView Platinum Partner
slide-4
SLIDE 4

History

Background/ Focus

  • Solsoft Established in 1997
  • Started workstation to Design ACL’s for Cisco

Routers, now supports large multi-vendor networks

  • 4th Generation Solution
  • Over 100 man-years in Product Development
  • US Headquarters in Mountain View, CA
  • Enterprise and Service Provider Markets
  • Oct 2006 Merged with Exaprotect
slide-5
SLIDE 5

A unique PDCA Security Management Cycle

  • Sec. policy design
  • Simulation
  • Audit trail
  • Implement
  • Communicate
  • Configure logging
  • Report/Audit
  • Alert on sec.
  • Policy deviations
  • Spot configuration changes
  • Incident management
  • Active/guided
  • remediation
slide-6
SLIDE 6

Our Two Solutions to meet Security Compliance (Security Rule Design and Monitoring)

1. « Solsoft Policy Server »: Network Security Policy and Configuration Management (FW, Router, Switch, IPS/IDS)

  • Solsoft SPM product
  • + new SPM features
  • + OS Updates, Restore, Full Config Management Features (Dec

2007)

2. Exaprotect SIEM : (Security Event Monitoring)

  • Exaprotect SMS product
  • + new SMS features
  • + new SPM features to do remediation
slide-7
SLIDE 7

Over 200 Customers Worldwide

  • Over 20 Fortune 500
  • Johnson & Johnson, Visa International Turner

Broadcasting, Occidental Petroleum, Veritas, Best Buy, Marsh, Johnson Controls, KeyBank, TD Ameritrade, APPLE Computer…

  • Service Providers and Telco’s
  • AT&T Solutions, ISS (IBM), Verizon (Totality

group) Maxis Wireless, Vodafone, T-Mobile, TelePac, WIND, Telecom Italia, Hutchinson 3G, Telekom Austria, UMC, E-Plus, Colt, Bouygues, Proximus, Unisys

  • Government agencies
  • DOJ, US Army, Pentagon, US Postal Service

Israel Defense Force, State of Oregon, State of Minnesota, OECD, German Ministry of Finance, State of Freiburg (CH), La Poste, URSSAF, French Army, INA, NASA, French Weather Service, …

  • Other Customers and Institutions
  • University of Chicago, University of Maryland,

Harvard, Nasdaq, MD Anderson, Lidl, Renault, Intelsat, Hugo Boss, Alcatel, Total, …

slide-8
SLIDE 8

Solsoft Solution

  • Change Management Platform (provides a common platform for

Enterprise and Service Providers to receive, track and implement security change requests across their network)

  • Network Security Compliance and Audit Reporting Engine

(provides proof of compliance, creates detailed reports on who, what, when and why security changes were performed) Ensures that Corporate Security Policy is actually running on the Network

  • Intelligent Threat Mitigation/Remediation (understands impact of

changes upon Network Security Policy, it virtualizes the impact of the rules prior to deployment)

  • Policy Engine: engine is flexible and can design Security Policy for

multi-vendor security technologies such as routers, switches, Firewalls, IPS/IDS.

slide-9
SLIDE 9

Security Management Challenges

Show Proof of SOX, I SO BS7 7 9 9 , PCI Com pliance, track and I m plem ent Change Managem ent Requests Must Understand all the Devices w hich are I m pacted by Policy Change Managing Expired Rules Must Have Experts on Multi-vendor Platform s Hard to Manage Multi- vendor Netw ork and Migrate to new Technology

Managem ent I ssues Cost to Organization

Fines and Penalties High Cost of Generating Audit and Com pliance Reports High Training and Personnel Costs ( Require larger team s) Dam age from Netw ork and Application layer attacks Must rem ain on Higher Cost Netw ork Security Platform s

slide-10
SLIDE 10

Customer Security Requirements

  • ISO and Payment Card Industry Data Security Standard (PCI)

The audit item SS00.f019 listed the following requirements:

1. Ensure globally configurable rules are consistent among all firewalls 2. Ensure firewall management consolidation project is completed 3. Ensure a review process exists for installation of rule bases 4. Routinely review firewall security configurations 5. Review firewall accounts, client lists, and firewall rules on a regular basis 6. Ensure inappropriate firewall authentication methods are disabled 7. Ensure firewall rule creation, installation, and review processes are established 8. Ensure standard firewall management procedures are appropriately applied to all firewalls and are managed securely

  • In addition, ISO/PCI Requirements:
  • A. Provide security and separation-of-duties oversight for firewalls using

Policy Management, including review and change control processes

  • B. Provide security and separation-of-duties oversight for routers using

ACL’s, including review and change control processes

slide-11
SLIDE 11

Security Compliancy Requirements

Common items that come up in an infrastructure audit include:

  • Only authorized personnel have access to security systems
  • Authorized personnel only have access to security systems and

functions for which they have responsibility for (separation of duties)

  • All activity by authorized personnel as well as any security

systems transactions are logged and identified with the responsible party and/or process

  • Ensure workflow and tracking process exists for the

implementation, maintenance, and decommission of approved services

  • Insure security baseline standards are implemented on all

systems

  • Ensure configuration consistency for security systems providing

global services

slide-12
SLIDE 12

Open Security Management Platform

  • Solsoft Policy Server API

Custom er Portals: Policy review or autom ated change requests

  • Network monitors
  • Event Correlation / SIEM
  • OSS
  • Help desk system
  • In-house and Legacy
  • Solsoft Device SDK
  • New Device Integration
  • Firewall, IPS, IDS
  • VPN
  • Routers and Switches
  • Productized, used internally
  • Built-in tools + training and direct

development support

  • Certification program

SOLSOFT

POLI CY SERVER

Business Requirem ents Security Audit Vulnerability Assessm ent Event Correlation Firew alls VPNs Routers Sw itches

slide-13
SLIDE 13

Adaptive Security Management

Business Requirem ents

Security Audit ExaProtect Event Correlation

Vulnerability Assessm ent Defensive Policy Change ( shunning ports and addresses)

I ntegration cases

Verify Status of Applied Policy Autom atically Query Active Policy to perform better vulnerability analyses I n House Help Desk Enabling tracking new policy requests and apply m odifications

SOLSOFT

POLI CY SERVER

SPS API

I n House Audit Tools Verify status of applied policies autom atically Vulnerability Assessm ent Query Active Policy to perform better vulnerability risk analysis SI M / SEM Get Policy inform ation to enhance correlation SI M/ SEM Defensive Policy Change ( shunning ports and addresses)

slide-14
SLIDE 14

Solsoft Security Change Management

  • Translates Visual Security Policy into Multi-Vendor device-specific

commands (Design via: Topology, Tabular and API Scripting)

Example: Access Control Lists, Anti-spoofing, Fully Meshed IPsec VPN, Network Address Translation, Cluster and Virtual Systems

Security Policy Design Complex Security Rules

slide-15
SLIDE 15

Device-Based vs. Policy Based

?

  • Ensures consistent security policy throughout the network
  • Common Interface for management across multiple vendor technologies
  • Gains in efficiency, small team can manage more complex networks
  • Shortens Response time to Network and Application level attacks

Policy-based Device-based

slide-16
SLIDE 16

All Cisco Network Security Management

VPN Concentrator Layer 3 Sw itch Firew all Router ACLs Firew all Enabled Router

  • Secure Method of rule creation (Deny

All)

  • Automatically generates security rules

for each device in the path

  • Device Independent
  • End-to-End Rule Enforcement
slide-17
SLIDE 17

Mixed Vendor Network Security Management

Check Point Nortel Linux Linux Cisco

NetScreen Nortel Intel / Shiva Astaro Symantec Cipheroptics Cisco Check Point ISS Proventia M Linux Net Filter

slide-18
SLIDE 18

Network and Security Collaboration

  • Client Server Based

Architecture (Remote Change Management)

  • Granular Role Based

Access

  • Policy Workflow Management
slide-19
SLIDE 19

Security Policy Version Control

  • All policy changes made are archived and users actions logged
  • Unlimited Roll-back of ANY configuration
  • Ability to Push out Pre-Defined Security Policy based on

different threat level scenarios

  • Diff Function can show changes between Policy Versions
slide-20
SLIDE 20

Security Reporter: Search Engine

Search for any rules in a few clicks for policies enforced on multiple firewalls

All Rules that Expire this month All rules for Change Request number 12345 All rules allowing port 135 (i.e. Blaster port) All rules a specific source and destination

Full complete search for not

  • nly rules but any object

defined in Solsoft

slide-21
SLIDE 21

Extensive Reporting Capability: Who, When, What, Why

device communication Individual policy changes Topology changes

Delta Reports/Pre-Post: Who When, What, Why

Compliance/Auditing Reporting Solsoft provides an automatic versioning control and records all actions performed under Solsoft like:

All device communications (upload, compare, checks) All individual policy changes (new, modified, deleted rules) Compare: show changes made

  • utside Solsoft Interface via CLI

All topology changes (new, modified, deleted objects

slide-22
SLIDE 22

VISA International

Challenge

  • Managing Security Changes on Firewalls at 3 Datacenters protecting

1,700 servers at each Datacenter. Security Team had no visibility into the network security policy in determining if VISA was within Security

  • Compliance. They required a role based, scalable, easy to use solution

that would allow the Network and Security Team to implement a security change management process.

Solsoft Solution

  • Solsoft Policy Server provided VISA a way to view complex Security

Rules and generate audit reports. The Network Team found a more efficient way to design and manage security rules across Cisco routers IOS (FW and VPN), PIX FW, VPN 3000, Catalyst Switches and Check Point devices.

slide-23
SLIDE 23

United States Postal Service

Challenge

  • Manage over 300 Sites protect by Firewalls from Cisco PIX (majority),

Check Point and Netscreen . Vendor’s own management solutions where not scalable and flexible enough. Before Solsoft: It took 3 Engineers, 5 Days to make changes across their 300 site environment

Solsoft Solution

  • Solsoft Policy Server provided a flexible multi-vendor management
  • solution. It cut change management time by 73% and reduce learning

curve for new engineers. AFTER Solsoft it takes USPS 2 Engineers, 2 Days to make the same changes.

slide-24
SLIDE 24

AT&T Solutions MSSP (Department of Justice)

Challenge

  • Find a Scalable, Cost Effective Way to Manage a Mixed Cisco Security

Environment from a Single User Interface. Required the Ability to Manage 3,200 Cisco devices which include IOS, PIX FW, VPN and

  • FWSM. Provide a competitive management solution versus Sprint
  • Netscreen. Wanted the Flexibility to Expand Use of Management to

Other Vendor Products Without Re-training Operators

Solsoft & Cisco Solution

  • Resulting in award AT&T award consisting of Cisco and Solsoft Policy

Server products. Solsoft provided the Visual Single Management Interface across Cisco routers IOS (FW and VPN), PIX FW). AT&T to development customer management portal using Solsoft Web Services API.

slide-25
SLIDE 25

Solsoft Policy Server (SPS)

slide-26
SLIDE 26

Customer Benefits

CONSISTENT SECURITY CHANGE MANGEMENT PROCESS AND RULE CREATION IMPROVEMENT IN WORK FORCE EFFICIENCY (Lowers management Costs) CENTRALIZED CONTROL OVER SECURITY SOLSOFT POLI CY SERVER

I MPACT ON ROI

IMPROVED RISK MANAGEMENT/ LOWER SECURITY RISK and SHOW PROOF OF SECURITY COMPLIANCE INCREASED PRODUCTIVITY: Measurable Man-hour Savings. Small Team can manage more devices. INVESTMENT PROTECTION, FLEXIBILITY TO MIGRATE

BENEFI TS

slide-27
SLIDE 27

Example of Existing Change Request Form

  • Users type
  • Requestor (Business

Unit)

  • Authorizer (IT Team)
  • Security Officer
  • Firewall Admin (IT

Team)

slide-28
SLIDE 28

Example Customizable CRF Web Page by Solsoft

slide-29
SLIDE 29

Integrated SIM-SEM and Security Policy Management

SOLSOFT

POLI CY SERVER

Event Correlation

SPS API

I ntegration case

Defensive Policy Change ( shunning ports and addresses) Defensive Policy Change 1 ) Connect SPS 2 ) Open current running version 3 ) Add special denial policy 4 ) Check Policy ( Regenerate configuration) 5 ) Re-Deploy or 6 ) Request user to deploy

Alert

  • Solsoft offers both a Stand Alone and combined/integrated

solution

  • Comprehensive solution managing all the network at once
  • Eliminates the necessity of multiple users to react, less error

prone