9 SIEM 2010 v2

There is nothing more
important than our

customers
Sales Expert Advanced Solutions

Module 3 Security Information and Event
Management
A Division of Siemens Enterprise Communications
GmbH & Co KG
Agenda
Market Drivers, Challenges, Opportunities

Enterasys Value Proposition
Solution Components (Products/Services)
Key Differentiators
Competitive Strengths/Weaknesses
People to Target Questions to Ask
Sales Tools and Resources
Sales Expert Advanced

Solutions
Certification Modules
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications GmbH & Co KG - All
SIEM Market
Total 2010 revenue forecast to
almost $1B
Excellent growth (16%
average) projected from 20082013
Market Dynamics
2008 SIEM projects more
narrow, tactical focus,
Phase 1 deployments
Cisco MARS
Discontinued support for
any new third party devices
No longer considered a
viable SIEM product
(Gartner, 10/29/09)
Enterasys SIEM, positioned
as the master of the other
Sources: IDC, Gartner
SIEMs can provide a
smooth, transition for
migrating
from
Cisco MARS.
2010 Enterasys Networks, Inc., A Division of Siemens Enterprise Communications
GmbH & Co KG
- All
3
>80% of SIEM deployment projects

are funded to close a compliance gap
EMEA and APAC focused primarily on
external threat monitoring but
compliance also a strong driver
Threat Detection
Anomaly Based
Very reliable for known

exploits:
worms, viruses, adware,
spyware, trojans
Signature Based
Network attacks
Protocol anomaly detection
Denial of Service Attacks
Intrusion Prevention
Systems
(Host and Network-based)
Compares traffic
against library of
known threats =
signatures
Behavior Based
Day Zero Attack Detection

Backdoor Detection on Hosts
Security Policy Monitoring
Rogue Employee
Rogue AP Detection
Malicious Code
Behavior-based Systems
Network Behavior Anomaly
Detection (NBAD)
Establishes performance baselines
(apps. protocols, networks,
individuals/devices) & monitors for
anomalies
Security Threat Detection

User/Device
Distribution
Edge
Compliance
Monitoring &
Reporting
Core
Data Center
Threat Detection
NAC Appliances
Gateways
Controllers
Network IDS/IPS
NBAD Flow Collectors
Host IDS/IPS
WAN
Public Networks
or Internet
Threat Monitoring,
Detection,
Prevention
Router
Branch
Office
Router
Router
Remote
Office
Teleworker
Road Warrior
5
Security Information Overload

User/Device
Distribution
Edge
Compliance
Monitoring &
Reporting
Core
Raw Security Event Data
Data Center
Too much information

What is real and critical?
What is not?
NAC Appliances
Gateways
Controllers
Network IDS/IPS
Host IDS/IPS
WAN
Public Networks
or Internet
Threat Monitoring,
Detection,
Prevention
Router
Branch
Office
Router
Router
Remote
Office
Teleworker
Road Warrior
6
Security Information Overload

User/Device
Compliance
Monitoring &
Reporting
Distribution
Edge
Core
Data Center
Correlate
Prioritize
Normalize
Remove duplicate
Remove false positive
Present
SIEM Security
Information &
Event Mgt.
NAC Appliances
Gateways
Controllers
Network IDS/IPS
Host IDS/IPS
WAN
Public Networks
or Internet
Threat Monitoring,
Detection,
Prevention
Router
Branch
Office
Router
Router
Remote
Office
Teleworker
Road Warrior
7
Agenda
Key Differentiators

Solutions
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
Enterasys SIEM Value Proposition
Quick time to Value
Flexible Phased Deployments
Reduces the overload of network security

events to a manageable, prioritized view of
the network
Empowers security administrators to take

control of security event information
Deliver security and compliance reports

aligned with the goals of the organization
Prioritize evidence of malicious behavior into

practical steps for remediation
Open interoperability with third-party

devices and the Enterasys Automated
Security Manager for enhanced remediation
Enterasys SIEM Solves Information

Overload
Delivers threat management, log

management, compliance reporting and
increased operational efficiency
Collects and combines network activity

data, security events, logs, vulnerability
data and external threat data into a
powerful management dashboard
Intelligently correlates, normalizes and prioritizes

greatly improving remediation and response times,
and greatly enhancing the effectiveness of IT staff
Baselines normal network behavior by

collecting, analyzing and aggregating
network flows from a broad range of
networking and security appliances
Tracks extensive logging and trend

information, and generates a broad range
of reports for network security, network
optimization and regulatory compliance
purposes
10
Complete Visibility with Powerful

Dashboard
11
Compliance Enablement
Reports: Enterasys SIEM offers a
robust reporting engine providing
users with the capability to
quickly and easily create
customized reports for the
critical business assets essential
to compliance
Reports can be created for any
portion of the network and most
any measure taken by the SIEM
Default compliance-focused
reports and rules are based on
industry control frameworks
applied to specific regulations
Enterasys SIEM provides critical
and detailed compliance reporting
SOX, CoBIT, HIPAA, Gramm Leach Bliley,
NIST, COBIT, ISO Control Monitoring
12
Agenda
Key Differentiators

Solutions
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
13
Enterasys SIEM Components
SIEM Base Unit

Event Processor
Flow Processor
Flow Collectors
To scale beyond base unit event

limits
To scale beyond base unit flow

limits
Distribute flow collection

throughout the environment
***Flow support for existing NetFlow, sFlow, cFlowd, jFlow, or QFlow from the Behavioral Flow Sensor. A Behavioral Flow
Sensor is required to collect flows and forward to SIEM. Since NetFlow is unidirectional, the device can support about 1
times what is listed in the license.
14
Agenda

Key Differentiators

Solutions
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
15
Enterasys SIEM Key Differentiators

Most Advanced Data Reduction Engine
Real-time view any asset within the network
Intergrates/correlates information from widest
array of 3rd party devices
Built-in Scalable Network Behavior Anomaly
Detection system
Group and weight asset priority to quantify/qualify
security events risk
Custom data store eliminates the need for
secondary software costs and ongoing
maintenance
Highly instrumented console for device, application
and network level monitoring and reporting
Integration with Enterasys NMS for Dynamic
Response to reduce MTTR
16
Agenda

Key Differentiators

Solutions
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
17
SIEM Market
Log
Management
LogLogic
TriGeo
Nfx
EIQ
EventTracker
ArcSight
NIC
NetIQ/Attachmate
SIEM
e-Security/Novell
Symantec
Enterasys
SIEM
Intellitactics/Trustwave
Cisco
MARS
Lancope
Mazu
Arbor
Sourcefire
NBAD
Source: Gartner
18
E-SIEM Competitive Summary

Enterasys
SIEM
Log Management
Threat Management
Strong
Strong
Cisco MARS
Weak
Arcsight
Disjoint solutions for
Cisco-focused
log and threat

management
Limited Flow support
No NBAD
RSA Envision
Strong
Mazu/Lancope/
Arbor
No
Weak
No event data
Limited flow support
Flow data only
No NBAD
Compliance
Management
Strong
Weak
Strong
Strong
Weak
Scalability
Strong
Yes
Has limitations
Real-time analysis
Has limitations
Real-time analysis
Has limitations
Complexity
Simple
Moderate
Complexity
Complex
Moderate
Complexity
Simple
Cost
$$
$$
$$$$
$$$
$$
$$ - Moderate
$$$ - Expensive $$$$ - Very Expensive
19
Agenda

Key Differentiators

Solutions
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
20
Questions That Keep You Up At Night

How do you monitor risk to assets that
are critical to your regulatory and
corporate compliance mandates?
Can you viewe status of these assets and
their vulnerability in real-time?
Can you monitor the compliance control
elements necessary for auditors and
compliance?
Can you provide the reports necessary to
satisfy compliance?
Do you have the security/IT staff required
to satisfy compliance requirements?
Is your enterprise currently overwhelmed
with security event data such that you
can not adequately respond to attacks?
21
Agenda

Key Differentiators

Solutions
1.Enterasys
2.Enterasys
3.Enterasys
4.Enterasys
5.Enterasys
NAC
IPS
SIEM
Compliance
Convergence
22
Tools and Resources
Data Sheets
Request a Demo!
References
White Papers
23
Enterasys SIEM Summary

Compliance:
Demonstrating process enforcement / user

accountability
Monitoring control framework
CoBit, ISO 177999 and regulatory elements
Reporting specific to regulations
Pre-defined or customized
HIPAA, GLB, Sarbanes Oxley, European
Privacy, etc.
Security Event Correlation:
Enhances value of existing security tools

Firewalls, IDS, IPS, AV, Netflow, Sflow,
vulnerability tools, syslog
Most advanced data reduction in the industry
Tolly test Cisco MARS vs. Enterasys SIEM
Supports response and remediation
Integration with ASM
Network Optimization:
Leverages real time flow analysis

User or device behavior
Network utilization
Visibility into application use (layers 2-7)
24
There is nothing more

important than our
customers
2010 Enterasys Networks,

A Division
of Siemens
Enterprise
Communications GmbH & Co KG - All
2009Inc.,
Enterasys
Networks,
Inc. All
rights reserved.
25

9 SIEM 2010 v2

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

9 SIEM 2010 v2

Enviado por

Direitos autorais:

Formatos disponíveis

There is nothing more

important than our

Sales Expert Advanced Solutions

Market Drivers, Challenges, Opportunities

Sales Expert Advanced

>80% of SIEM deployment projects

Very reliable for known

Day Zero Attack Detection

Security Threat Detection

NBAD Flow Collectors

Security Information Overload

Raw Security Event Data

Too much information

NBAD Flow Collectors

Security Information Overload

NBAD Flow Collectors

Sales Expert Advanced

Enterasys SIEM Value Proposition

Quick time to Value

Flexible Phased Deployments

Reduces the overload of network security

Empowers security administrators to take

Deliver security and compliance reports

Prioritize evidence of malicious behavior into

Open interoperability with third-party

Enterasys SIEM Solves Information

Delivers threat management, log

Collects and combines network activity

Intelligently correlates, normalizes and prioritizes

Baselines normal network behavior by

Tracks extensive logging and trend

Complete Visibility with Powerful

Sales Expert Advanced

Enterasys SIEM Components

SIEM Base Unit

To scale beyond base unit event

To scale beyond base unit flow

Distribute flow collection

Market Drivers, Challenges, Opportunities

Sales Expert Advanced

Enterasys SIEM Key Differentiators

Market Drivers, Challenges, Opportunities

Sales Expert Advanced

E-SIEM Competitive Summary

Disjoint solutions for

log and threat

$$$ - Expensive $$$$ - Very Expensive

Market Drivers, Challenges, Opportunities

Sales Expert Advanced

Questions That Keep You Up At Night

Market Drivers, Challenges, Opportunities

Sales Expert Advanced

Tools and Resources

Enterasys SIEM Summary

Demonstrating process enforcement / user

Security Event Correlation:

Enhances value of existing security tools

Leverages real time flow analysis

There is nothing more

2010 Enterasys Networks,

Você também pode gostar