Go to Top

Security Solutions

Security solutions

In addition to helping your organization define its cyber security goals and requirements, ipss can provide select best-of-breed solutions to help you realize those goals. ipss has partnered with cutting-edge vendors to provide end-to-end solutions that may include product architecture, implementation planning, standard operating procedures, and training for these products.

 

Specialty Area

Best of Breed Solutions

Government Procurement

 

Anti-Virus / Whitelisting

Anti-Virus was originally developed to detect and remove computer viruses, however, with the spread of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, etc. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, etc.

Whitelisting is a list of e-mail addresses or domain names from which an e-mail blocking program will allow certain messages to be received. E-mail blocking programs are intended to prevent most unsolicited e-mail messages (also known as spam) from appearing in your inboxes. Most Internet users can tolerate the occasional unsolicited e-mail advertisement that a spam filter misses, but are concerned by the thought that an important message might not be received. The whitelist option is a solution to that problem. The list can be gradually compiled over a period of time, and can be edited whenever the user wants.

CylancePROTECT

CylancePROTECT uses a predictive mathematical model to identify malware, instead of relying on signatures to determine if an application is malicious. Unlike most traditional malware prevention tools, such as antivirus software, CylancePROTECT can detect malicious programs even when they have never been seen before or belong to a whole new family of malware. Granular policies to quarantine unsafe applications before they run can be configured in the CylancePROTECT console.

CylancePROTECT supports a workflow very similar to that of legacy antivirus products, but provides the ability to classify even previously unknown or unseen samples, improving security without the cumbersome operational overhead of application control solutions. For more information, visit www.cylance.com 

 

Cloud Visibility and Control

Cloud apps allow organizations to reduce costs and elastically allocate resources – but they introduce risks to their security and compliance posture. The “bring-your own” cloud app trend has created a blind spot that is not addressed by traditional perimeter and endpoint controls. IT has little or no visibility into which cloud apps are in use, who is accessing what information and who is performing privileged activities. They are unable to assess the risks associated with each cloud app and to enforce necessary policies and controls. In addition, many enterprises are deploying externally facing production applications for customers and partners which are increasingly the target of account takeover threats due to compromised or stolen credentials.

Imperva Skyfence Cloud Gateway

Imperva Skyfence Cloud Gateway is a cloud access security broker that provides visibility and control over sanctioned and unsanctioned cloud apps. Organizations can use this cloud security service to discover SaaS applications in use and assess related risks. They can also enforce controls to prevent account-centric threats, meet compliance requirements, and protect user accounts and data in the cloud. With Imperva Skyfence, users get the apps they want and IT gets the visibility and control they need.

Skyfence Cloud Gateway provides security controls for all your cloud apps, including data leak prevention, automatic anomaly detection, enforcement of risk-based multi-factor authentication, and granular controls over data proliferation and file sharing, including for unmanaged devices. Skyfence enables organizations to automatically enforce these security policies across all their cloud services while actually accelerating access to cloud apps.

As sensitive and business-critical data moves to the cloud, Skyfence Cloud Gateway helps organizations:

  • Enforce consistent policies across all apps and immediately detect and protect against account takeovers
  • Analyze cloud app risks, monitor user activity and access to sensitive data
  • Enforce consistent policies across all apps and immediately detect and prevent attacks based on anomalous behavior
  • Prevent data leaks and control how sensitive data is shared in the cloud

Please visit  www.imperva.com for additional information.

SLSA # EN578-100808/in progress

SLSA category : 1200 Security Operations

Subcategory: 1214 Data Loss Prevention Software

Data Loss Prevention Software identifies, monitors and protects data in use, data in motion and data at rest through deep content inspection and contextual analysis of transactions.

Read More >>

 

Database Activity Monitoring

Databases store extraordinarily valuable and confidential data. An increasing number of regulations compel organizations to audit access to this sensitive data and protect it from attack and abuse.

Imperva Securesphere

SecureSphere Database Activity Monitoring delivers an automated and scalable database auditing solution that monitors and audits all access to sensitive data across heterogeneous database platforms. SecureSphere helps organizations demonstrate compliance with industry regulations through automated processes, audit analysis and customizable reports. In addition, SecureSphere accelerates incident response and forensic investigation with centralized management and advanced analytics.

Key Capabilities

  • Continuous audit of all access to sensitive data by privileged and application users
  • Alert on abnormal access requests and database attacks, in real time
  • Accelerate incident response and forensic investigation through centralized management and advanced analytics
  • Provide audit reports to demonstrate compliance with regulatory requirements
  • Identify databases and objects in scope for Compliance and Security Projects

For more about Imperva’s SecureSphere Database Security Products, visit www.imperva.com .

SLSA # EN578-100808/in progress

SLSA category : 1200 Security Operations

Subcategory: 1214 Data Loss Prevention Software

Data Loss Prevention Software identifies, monitors and protects data in use, data in motion and data at rest through deep content inspection and contextual analysis of transactions.

Read More >>

 

DDoS Attack Protection

A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

Imperva Incapsula

Imperva Incapsula secures websites against the largest and smartest types of DDoS attacks – including network, protocol and application level (Layers 3, 4 & 7) attacks – with minimal business disruption. Their cloud-based service keeps online businesses up and running at high performance levels even under attack, avoiding financial losses and serious reputation damage. Incapsula’s service is built to handle the largest volume-based attacks, such as SYN flood and DNS amplifications, and also mitigates sophisticated application layer attacks by implementing advanced and progressive challenge mechanisms. The service automatically and transparently mitigates DDoS attacks with minimum false positives, so that site visitors won’t know that the site is under attack. Incapsula’s DDoS Protection service features a dedicated 24/7 NOC, manned by their experienced security experts, in order to ensure enterprise-grade uptime SLA when under attack. For additional information, go to www.imperva.com.

SLSA # EN578-100808/in progress

SLSA category : 1200 Security Operations

Subcategory: 1226 Intrusion Prevention and Detection Software

Intrusion Prevention and Detection Software inspects inbound and outbound network activity and identifies and prevents suspicious patterns that may indicate a network or system attack attempting to break into or compromise a system.

Read More >>

 

Encryption

Encryption is the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the Internet or other computer networks. Modern encryption algorithms play a vital role in the security assurance of IT systems and communications as they can provide not only confidentiality, but also the following key elements of security:

  • Authentication: the origin of a message can be verified.
  • Integrity: proof that the contents of a message have not been changed since it was sent.
  • Non-repudiation: the sender of a message cannot deny sending the message.

Stormshield Data Security

Stormshield Data Security allows controlling the confidentiality of sensitive information while enjoying the advantages of cloud-based collaboration in today’s mobile world. This security solution o­ffers end-to-end encrypted security in exchanges and collaboration. The identification of users and verification of their security keys through the solution in the trusted zone guarantees their authentication.

The unique Stormshield Data Security tool’s main features include:

Control over data

  • Seamless encryption of local or shared folders
  • Automated encryption
  • Integration with mail clients for electronic mail signature and confidentiality
  • Security of data shared confidentially between internal and external collaborators
  • Confidentiality of data contained in a virtual volume

Authentication and destruction

  • Sign any type of file
  • Help provided for digitizing administrative and sales procedures
  • Secure and irreversible deletion of files and folders

Centralized administration

  • Manage security policies

More information is available at www.stormshield.eu.

SLSA EN578-100808/038/EE

SLSA category : 1200 Security Operations

Subcategory: 1216 Encryption Software

Encryption Software encrypts and decrypts data, usually in the form of files on (or sectors of) hard drives and removable media, email messages, or network transmissions.

Read More >>

Thales

Hardware Security Modules (HSMs) from Thales e-Security provide a hardened, tamper-resistant environment for performing secure cryptographic processing, key protection, and key management. With these devices, you can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and practices—while also maintaining high levels of operational efficiency. Use their HSMs with a wide variety of commercial software products and in-house or custom developed software systems. For virtually any system that employs cryptography in the form of encryption and digital signatures, a Thales HSM will enable you to overcome the security vulnerabilities and performance challenges typically associated with software-only cryptography.

Flexible, scalable & fault-tolerant network-attached HSM – nShield Connect from Thales e-Security is a high-performance network-attached hardware security module (HSM) that delivers secure cryptographic services as a shared resource for distributed application instances and virtual machines. With nShield Connect, organizations have a cost-effective way to establish appropriate levels of physical and logical controls for server-based systems where software-based cryptography is inadequate. Fully supporting the Thales Security World architecture, nShield Connect provides an ideal combination of high assurance and operational ease. This makes it easier for you to define and enforce security policies such as dual controls while also automating burdensome and risk-prone administrative tasks. nShield Connect is fully compatible with the rest of the nShield HSM family, enabling mixed deployments and easy migration as performance requirements increase. For additional information, go to www.thales-esecurity.com.

 

Endpoint Security

In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.

Tanium

Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations.

Tanium arms IT operations teams with 15-second visibility and control over every endpoint to maximize asset visibility, minimize unnecessary costs, automate operational tasks with confidence and make better decisions.

The Tanium Endpoint Platform includes:

  • Tanium Connect is an integration layer that provides immediate and current endpoint data to enrich any number of external or third-party systems like SIEMs, log analytics tools, help desk ticketing systems, CMDBs and big data clusters.
  • Tanium IOC Detect provides the most adaptable and integrated threat detection solution available. Tanium IOC Detect can evaluate complex indicators of compromise (IOC), which may contain dozens of attributes like filenames, registry settings, IP addresses, MD5 hashes or even observable suspicious behaviors, on endpoints across networks of any size and return back results in seconds.
  • Tanium Trace continuously records endpoint activity and equips security incident responders with the agility to easily pivot from single endpoint forensic analyses to accurate enterprise-wide searches for historical data across millions of endpoints in seconds, or vice versa.
  • Tanium Patch successfully deploys patches across every endpoint with unprecedented speed and reliability, regardless of the size of the environment. Define custom workflows and schedule patches based on advanced rules or exceptions, including whitelists, blacklists, dynamic computer groups and patch lists.

More information is available at www.tanium.com or follow them on Twitter at @Tanium.

SLSA # EN578-100808/in progress

SLSA category : 1200 Security Operations

Subcategory: 1218 Endpoint Security Software

Endpoint Security Software distributes security applications to end-user devices (endpoints) on a network in a centrally managed fashion.

Read More >>

Stormshield Endpoint Security

Award-winning Stormshield Endpoint Security, a multi-layered modular endpoint security system, provides consistent, powerful, 360-degree protection by fusing a variety of robust functionalities into an integrated whole.

Arkoon’s Stormshield Endpoint Security protects laptops, desktops, and servers running the Windows operating system. This solution provides integrated device control, data encryption, application control, host-based intrusion prevention (HIPS), system firewall, wireless security, anti-virus/-spyware, and network access control (NAC). Stormshield Endpoint Security is the first proactive, multi-layer, real-time defense system for network endpoints. Stormshield addresses every aspect of endpoint protection, from signature-based anti-virus/anti-spyware, to behavioral-based intrusion prevention, to application and device control, to flexible content encryption – all through a single agent. With Stormshield, endpoint policies are enforced on each PC, protecting them from hackers, malware, or even users with administrative rights. These protections work regardless of the location – within the organization, at home networks, and over wireless hotspots. Policies change dynamically depending on the connectivity context, the current user, and the health assessment of the machine, ensuring that security levels meet or exceed risk levels.

  • Integrated Security provides consistent security policies that encompass user controls, system-level security, data protection, and network connectivity – all through a single agent.
  • Proactive Protection provides a combination of enforceable policies and intelligent behavioral-based and signature-based protections. This eliminates the need for IT to periodically check and update PCs for compliance and remove unauthorized applications.
  • Adaptive Control offers security and user control policies that change dynamically depending on the level of risk associated with the way the endpoint is used.
  • Flexible Policy Control gives IT the ability to secure endpoints through both quickly deployed automatic protections built into the security suite and fine-grained, customizable configurations that address the organization’s specific security and policy requirements. More information is available at www.stormshield.eu

SLSA # EN578-100808/038/EE

SLSA category : 1200 Security Operations

Subcategory: 1218 Endpoint Security Software

Endpoint Security Software distributes security applications to end-user devices (endpoints) on a network in a centrally managed fashion.

Read More >>

Bromium

Bromium is re-inventing enterprise security with its powerful new technology, micro-virtualization, which was designed to protect businesses from advanced malware by design, while simultaneously empowering users and delivering real-time threat intelligence to IT. Unlike traditional security methods, which rely on complex and ineffective detection techniques, Bromium protects against malware from the Web, email or USB devices, by automatically isolating each user-task at the endpoint in a hardware-isolated micro-VM, preventing theft or damage to any enterprise resource.

Bromium vSentry endpoint security software is transforming the way security practitioners protect their PCs and laptops. vSentry incorporates Bromium micro-virtualization technology to isolate and execute tasks within the safety of micro-VMs. vSentry requires very little end-user training, as applications running within micro-VMs appear as they would normally. When one instance of Internet Explorer is running, tabs corresponding to Internet websites are really running in micro-VMs—and this is completely transparent to the user.

Bromium LAVA extends the benefits of vSentry by observing malware that safely executes within a micro-VM to provide IT analysts with detailed threat information so reoccurrences of the same malware can be blocked at the perimeter. This is particularly useful for organizations where vSentry clients have not yet been deployed to all Windows 7 hosts, such as organizations with bring-your-own-device (BYOD) policies, where unmanaged laptops owned by employees and guests are permitted to connect to the network. LAVA also provides security analysts with rich forensic intelligence with minimal false positives. Although Windows hosts protected by vSentry are virtually immune to external cyberattacks, understanding how modern threats operate helps security analysts investigate potential threats on hosts not protected by vSentry. More information is available at www.bromium.com

SLSA # EN578-100808/252/EE

SLSA category : 1200 Security Operations

Subcategory: 1218 Endpoint Security Software

Endpoint Security Software distributes security applications to end-user devices (endpoints) on a network in a centrally managed fashion.

Read More >>

 

Endpoint Visibility and Management

Endpoint management is a comprehensive approach to managing all the computers within an organization. Despite its name, endpoint management includes overseeing laptops and other computing devices as well as desktop computers. Endpoint management is a component of systems management, which is the administration of all components of an organization’s information systems. Other components of systems management include network management and database management.

 

Tanium

Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations.

Tanium arms IT operations teams with 15-second visibility and control over every endpoint to maximize asset visibility, minimize unnecessary costs, automate operational tasks with confidence and make better decisions.

The Tanium Endpoint Platform includes:

  • Tanium Connect is an integration layer that provides immediate and current endpoint data to enrich any number of external or third-party systems like SIEMs, log analytics tools, help desk ticketing systems, CMDBs and big data clusters.
  • Tanium IOC Detect provides the most adaptable and integrated threat detection solution available. Tanium IOC Detect can evaluate complex indicators of compromise (IOC), which may contain dozens of attributes like filenames, registry settings, IP addresses, MD5 hashes or even observable suspicious behaviors, on endpoints across networks of any size and return back results in seconds.
  • Tanium Trace continuously records endpoint activity and equips security incident responders with the agility to easily pivot from single endpoint forensic analyses to accurate enterprise-wide searches for historical data across millions of endpoints in seconds, or vice versa.
  • Tanium Patch successfully deploys patches across every endpoint with unprecedented speed and reliability, regardless of the size of the environment. Define custom workflows and schedule patches based on advanced rules or exceptions, including whitelists, blacklists, dynamic computer groups and patch lists.

Visit www.tanium.com or follow them on Twitter at @Tanium.

SLSA # EN578-100808/in progress

SLSA category : 1200 Security Operations

Subcategory: 1218 Endpoint Security Software

Endpoint Security Software distributes security applications to end-user devices (endpoints) on a network in a centrally managed fashion.

Read More >>

AppSense Desktop Management Suite

Manage any Windows desktop, physical or virtual, across multiple devices, locations and delivery mechanisms with AppSense’s DesktopNow Suite. AppSense seamlessly spans physical and virtual desktops managing all aspects of the user, independent of the desktop.

The DesktopNow Suite enables you to deliver the fastest, easiest and lowest cost desktop ever to your users. With user abstraction, operating systems and applications can be seamlessly managed, delivered and upgraded independently of user settings and data.  This significantly reduces operational costs, streamlines desktop management and ensures a seamless user experience across all platforms, all without compromising IT security.

AppSense DataNow enables simple, secure access, sync and sharing of files from any device, while also helping you get more out of the storage you already have. Their unique data broker, delivered as a turn-key virtual appliance, integrates simply with your existing Active Directory and on-premises storage locations such as file servers and Microsoft SharePoint. DataNow puts IT teams in complete control over where files are stored and provides granular policy control over how data is accessed.

AppSense is the leading provider of User Environment Management solutions. AppSense user virtualization technology allows IT to deliver unprecedented user productivity while securing and simplifying workspace management at scale across physical, virtual, and cloud-delivered desktops. The AppSense Platform, which includes the Environment Manager, the Application Manager and the Performance Manager, has been deployed to over 7.5 million endpoints. More information is available at www.appsense.com

SLSA # EN578-100808/246/EE

SLSA category : 1200 Security Operations

Subcategory: 1218 Endpoint Security Software

Endpoint Security Software distributes security applications to end-user devices (endpoints) on a network in a centrally managed fashion.

Read More >>

 

Identity and Access Management (IAM)

Identity and Access Management (IAM) is the security and business discipline that “enables the right individuals to access the right resources at the right times and for the right reasons”. It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments

SailPoint

SailPoint provides integrated IAM solutions for compliance, provisioning, password management, single sign-on (SSO) and managing unstructured data.

IdentityIQ is SailPoint’s governance-based identity and access management (IAM) software solution that delivers a unified approach to compliance, password management and provisioning activities for applications running on-premises or from the cloud. IdentityIQ meets the needs of large organizations with complex identity management processes who prefer to tailor their solution to align with unique business needs.

IdentityNow is a full-featured cloud-based identity and access management solution, or IAM as a Service (IDaaS), that delivers single sign-on, password management, provisioning, and access certification services for cloud, mobile, and on-premises applications. As a critical component of the enterprise IT infrastructure, IdentityNow is architected to meet the most stringent security, scalability, performance and availability requirements. For more information, visit www.sailpoint.com

 

Intrusion Prevention Systems (IPS)

Intrusion prevention systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.

TrendMicro TippingPoint

TrendMicro TippingPoint’s Next Generation Intrusion Prevention System delivers a significant leap forward in threat protection. Defends your critical data and applications from advanced attacks without affecting performance and productivity with in-line, real-time intrusion prevention.

In addition to their NGIPS device, TrendMicro TippingPoint provides industry leading intelligence research through their unique TrendMicro TippingPoint DVLabs. Their DVLabs harness industry-leading threat intelligence with weekly Digital Vaccine updates and more than 10,000 security filters written to address zero-day attacks and known vulnerabilities. For more information, visit www.trendmico.com

 

Layer 4-7 protection

A Layer 4 DoS attack is often referred to as a SYN flood and works at the transport protocol (TCP) layer. A Layer 7 DoS attack is a different beast and it’s more difficult to detect. A Layer 7 DoS attack is often perpetrated through the use of HTTP GET. This means that the 3-way TCP handshake has been completed, thus fooling devices and solutions which are only examining layer 4 and TCP communications.

The goal of deploying an application firewall or proxy-based application delivery solution is to ensure the fast and secure delivery of an application. By preventing both layer 4 and layer 7 DoS attacks, such solutions allow servers to continue serving up applications without a degradation in performance caused by dealing with layer 4 or layer 7 attacks.

Citrix Netscaler™

Citrix NetScaler™ – is an integrated Web application delivery controller that functions as an application accelerator through caching and HTTP compression, and provides advanced traffic management through Layer 4-7 load balancing and content switching functions. NetScaler also includes application security via a Web application firewall, including PCI-DSS security mandate protection, and SSL VPN. NetScaler further offloads application and Web servers to ensure application availability, increased security through SSL, and server consolidation. NetScaler’s parallel processing nCore™ technology leverages multi-core processors to provide unprecedented performance and scalability for even the most challenging Web applications. NetScaler appliances are available in three editions running on a wide ranging array of dedicated MPX-series and SDX-series hardware platforms, or as server-based virtual appliances with NetScaler VPX for any throughput need from 10 Mbps through 50 Gbps. For more information, visit their website at www.citrix.com

NESS # EN578-030742/019/EW

NESS Class 3. Layer 4-7 Devices

Main Functionality:  Network device to improve Layer 4-7 network data traffic.

NESS Category 3.1.  Layer 4-7 Application Switch

Technical definition: Network Layer 4-7 device to switch/forward network data traffic.  The device may include hardware and software modules with specialized functionality that must be integrated within the device.

Read More >>

 

Mobility Management and Security

Mobility management is one of the major functions of a GSM or a UMTS network that allows mobile phones to work. The aim of mobility management is to track where the subscribers are, allowing calls, SMS and other mobile phone services to be delivered to them.

Mobile security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal and business information now stored on smartphones.

More and more users and businesses use smartphones as communication tools but also as a means of planning and organizing their work and private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company.

All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), Wi-Fi networks, Bluetooth and GSM, the de facto global standard for mobile communications. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users.

Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.

 

Rapid7 Mobilisafe and UserInsight

Eliminate mobile risks today! As your employees bring in the latest and greatest smartphones and tablets to access company data, this device diversity presents a challenge for you to determine their trustworthiness. Mobilisafe is the only mobile risk management solution that automatically performs a mobile risk assessment of all the devices in your organization and provides easy-to-use tools to eliminate these risks. The mobile ecosystem is complex and software updates require coordination between handset manufacturers, OS vendors and carriers, and can take months to deploy, creating large windows of risk. If you are looking to gain an overall view of your mobile threat landscape you should perform a mobile risk assessment to get a clear view as to what risks need to be eliminated to maintain company security. In order to achieve this, you need a mobile risk management solution like Mobilisafe. More information is available at www.rapid7.com

Only Rapid7 UserInsight provides visibility into user activity across on-premise, cloud and mobile environments. Traditional monitoring tools have focused on monitoring traffic between assets within the firewall but this paradigm is failing as more activity occurs outside the perimeter in cloud services or on user-supplied devices. In addition to tracking activity on traditional sources such as the firewall and web proxy, UserInsight deeply integrates with ActiveSync to monitor mobile devices and key cloud services such as SalesForce and Box. This means that you get visibility when users are accessing corporate resources even if they’re not on a corporate network or are using their own devices. More information is available at www.rapid7.com

SLSA # EN578-100808/103/EE

SLSA category : 1200 Security Operations

Subcategory: 1238 Security Risk Management and Policy Compliance software

Security Risk and Policy Compliance Software is used to manage, monitor, report on, and audit both security risks and policies to address those risks. Solutions often include remediation management, compliance and enforcement, policy assessment, vulnerability management, remediation, and reporting towards the objective of sustainable compliance.

 Read More >>

 

Network Access Control (NAC)

Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.

Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

ForeScout CounterACT

ForeScout CounterACT® expands the capabilities—and meaning—of network access control. CounterACT provides real-time visibility of users, devices, operating systems and applications that are connected to the network. After discovering and classifying devices, CounterACT provides comprehensive network access control capabilities to enforce your network access and compliance policies. Several CounterACT capabilities raise the bar well above traditional NAC offerings:

  • Agentless visibility lets you see unmanaged devices, such as Bring Your Own Device (BYOD) and non-traditional Internet of Things (IoT) endpoints
  • Continuous monitoring and assessment discovers new devices and those that drop on and off the network
  • ForeScout ControlFabric® Architecture shares contextual information and extends the enforcement capabilities of CounterACT to a wide range of IT and security management products

For more information, visit www.forescout.com

 

Network Monitoring and Analysis

Network monitoring is a difficult and demanding task that is a vital part of a Network Administrators job. Network Administrators are constantly striving to maintain smooth operation of their networks. If a network were to be down even for a small period of time productivity within a company would decline, and in the case of public service departments the ability to provide essential services would be compromised. In order to be proactive rather than reactive, administrators need to monitor traffic movement and performance throughout the network and verify that security breeches do not occur within the network.

Organizations require pervasive visibility into the behavior of all network traffic, reconstructed from the network to the application layer in order to have detailed information on the ongoing performance of network-related governance, risk and compliance controls.  A comprehensive approach to network security monitoring ensures that the performance of your IT controls and information systems security can be measured and monitored continuously and completely.

EMC/RSA Security Analytics

Built on the proven architecture of RSA NetWitness® technology, RSA® Security Analytics fuses SIEM, Network Forensics, & Big Data analytics into a security platform that will be the cornerstone of next generation security operations centers. By providing security professionals with the visibility to see and understand vulnerabilities and attacks, RSA Security Analytics enables the discovery of risks as they occur, thus significantly cutting the time required for investigations from days to minutes. Furthermore, by helping security professionals understand digital risks originating from both inside and outside their enterprise, organizations can better defend business assets including intellectual property and other sensitive data while reducing the time and cost associated with threat management and compliance focused reporting.

The RSA® Security Analytics Unified Platform delivers:

  • Quick Capture and Analysis — Security-relevant data, including full network packets, logs, and threat intelligence, are captured and quickly analyzed to speed up the detection of potential threats.
  • High Powered Analytics — Enables much larger-scale collection of data and empower new methods of than traditional siem-based approaches to security.
  • Integrated Threat Intelligence — Helps organizations operationalize the use of threat intelligence feeds to accelerate detection and investigations of potential attack tools and techniques targeting the enterprise.
  • Context for Threats — Through integrations with RSA GRC and RSA DLP, and by fusing data produced by other products, analysts can use business context to prioritize and allocate resources to the threats which pose the greatest risk.
  • Malware Identification — Using a variety of investigative techniques, the solution indentifies a much wider range of malware-based attacks.
  • Automates Compliance Reporting — Enables compliance as an outcome of good security practices.
  • The integration of proven Big Data platforms and analytic methods into security tools provide a significant advancement to how security is performed. RSA’s Security Analytics bring together unparalleled leadership in visibility, leverages market leading big data platforms and advanced analytic methods capable of identifying high risk activities, advanced threat mitigation and meeting compliance objectives. Information about EMC’s products and services can be found at www.emc.com

 

Penetration Testing

In today’s environment, where technology introduction, maintenance and support has created a landscape of near constant change, and in which outside attackers move quickly to take advantage of newly discovered vulnerabilities in popular products, organizations need to supplement or substitute third-party penetration testing with an automated process, thereby increasing the frequency, scope and consistency of security evaluations. Regulatory requirements notwithstanding, automated software solutions enable the best use of your penetration testing dollars by performing tests on a continuous basis, monitoring assets between consulting engagements, enabling you to ensure an ongoing, high level of security.

Rapid7 Metasploit

Rapid7 Metasploit is a powerful platform that helps defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying remediation, and conducting penetration tests.

  • largest public collection of quality-assured exploits: Metasploit leverages the world’s largest public database of quality assured exploits and payloads, making your penetration tests both realistic and safe to simulate attacks on your infrastructure;
  • streamlined workflow in a graphical user interface: Metasploit simplifies usability and greatly streamlines the workflow of penetration testers and security experts in a step-by-step model, helping you complete your assignments in less time;
  • risk validation and verification: by integrating Metasploit with the Rapid7 Nexpose vulnerability management solution, you can prioritize vulnerabilities that are most likely to lead to a data breach and should be first on your list to remediate;
  • extensive attack targets: Metasploit enables you to compromise standard and custom Web applications, network devices, database servers, endpoint systems, and email users, broadening your range of attack vectors;
  • advanced attack capabilities: Metasploit offers workflows for network scanning, smart brute forcing and exploitation, social engineering, all amplified with shell and VPN pivoting as well as stealth features, enabling you to get deeper into the network;
  • team collaboration for large projects: Metasploit enables teams to collaborate on larger projects. Team members can see and search each other’s action, progress, and notes to make Red Team efforts more efficient. Metasploit can scale to hundreds of concurrent sessions and thousands of target hosts to support team efforts; and
  • automated reports for all stakeholders: Metasploit includes reports with detailed vulnerabilities descriptions, remediation information, and customized design templates, making it easier for you to report your findings and for your company to document compliance.

For more information on the Metasploit platform, visit www.rapid7.com

SLSA # EN578-100808/103/EE

SLSA category : 1200 Security Operations

Subcategory: 1238 Security Risk Management and Policy Compliance software

Security Risk and Policy Compliance Software is used to manage, monitor, report on, and audit both security risks and policies to address those risks. Solutions often include remediation management, compliance and enforcement, policy assessment, vulnerability management, remediation, and reporting towards the objective of sustainable compliance.

Read More >>

 

Security Information and Event Mgmt.

Security Information and Event Management (SIEM) technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.

The term Security Information Event Management (SIEM), coined by Mark Nicolett and Amrit Williams of Gartner in 2005, describes the product capabilities of gathering, analyzing and presenting information from network and security devices; identity and access management applications; vulnerability management and policy compliance tools; operating system, database and application logs; and external threat data. A key focus is to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response.

HP ArcSight®

HP ArcSight® ESM is the brain of the HP ArcSight® SIEM platform. It analyzes and correlates every event that occurs across the organization—every login, logoff, file access, database query—to deliver accurate prioritization of security risks and compliance violations. The powerful correlation engine of HP ArcSight® ESM sifts through millions of log records to find the critical incidents that matter. These incidents are then presented through real-time dashboards, notifications, or reports to the security administrator. For more information, go to www.hpe.com.

IBM® QRadar®

Leading the Next-Generation Security Intelligence Revolution –  IBM’s security unit is a global provider of high-value, cost-effective next-generation security intelligence products. QRadar® SIEM delivers the industry’s only solution that enables security professionals to gain the visibility they need to protect their networks and better protects IT assets from a growing landscape of advanced threats as well as meet current and emerging compliance mandates. QRadar®’s Next-Generation SIEM is the most intelligent, integrated and automated SIEM in the industry. What sets QRadar® SIEM apart is its unrivaled platform architecture that delivers: unified, turnkey deployments and more efficient administration and management; distributed correlation that allows for billions of logs and records to be monitored per day, and single log archival capacity ensures seamless reporting and comprehensive searching; centralized command and control reduces security management solution acquisition costs and improves IT efficiency; advanced threat and security incident detection that both reduces the number of false positives and detects threats that other solutions miss; compliance-centric workflow that enables the delivery of IT best practices that support compliance initiatives; distributed appliance architecture scales to provide log management in any enterprise network. Please visit www.ibm.com for more information.

 

Service-Oriented Architecture (SOA)

Service-oriented architecture (SOA) is a software design and software architecture design pattern based on distinct pieces of software providing application functionality as services to other applications. This is known as service-orientation. It is independent of any vendor, product or technology.

A service is a self-contained unit of functionality, such as retrieving an online bank statement. Services can be combined by other software applications to provide the complete functionality of a large software application. SOA makes it easy for computers connected over a network to cooperate. Every computer can run an arbitrary number of services, and each service is built in a way that ensures that the service can exchange information with any other service in the network without human interaction and without the need to make changes to the underlying program itself.

IBM® WebSphere® DataPower®

IBM® WebSphere® DataPower® Appliances simplify, govern, and optimize the delivery of services and applications and enhance the security of XML and IT services. They extend the capabilities of an infrastructure by providing a multitude of functions. As IBM has grown its line of WebSphere® DataPower® Appliances, the capabilities have increased from the core business of service-oriented architecture (SOA) connectivity. WebSphere® DataPower® Appliances now serve areas of business-to-business (B2B) connectivity and web application proxying. These appliances also support Web 2.0 integration with JSON and REST, advanced application caching, rapid integration with cloud-based systems, and more. WebSphere® DataPower® Appliances deliver their functions in a dedicated network device, cutting operational costs, reducing complexity, and improving performance. The latest generation of purpose-built hardware appliances includes increased capacity, flexibility, performance, and serviceability as compared to its predecessors. These appliances offer a pragmatic approach to security, integration, and intelligent application delivery as purpose-built, easy-to-consume, and easy-to-use products. WebSphere® DataPower® Appliances help you take advantage of the value of existing infrastructure investments and help reduce total cost of ownership. More information can be found at www.ibm.com

 

 

Vulnerability Management

Vulnerability Management is the “cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities”, especially in software and firmware. Vulnerability management is integral to computer security and network security.

Rapid7 Nexpose

The increasing frequency and sophistication of cyber-attacks requires an evolution in vulnerability management approaches. Traditional “scan-and-patch” approaches just won’t cut it anymore. What is needed is a new approach to vulnerability management and configuration assessment that “closes the loop” on vulnerability remediation while reducing the cost and effort it takes to secure your environment. Rapid7 Nexpose enables a holistic approach to vulnerability management so that security and network operations teams can make better decisions, faster. Nexpose ensures that you can:

  • scan 100% of your infrastructure: scan physical and virtual networks, databases, operating systems and web applications to ensure you know about all of your vulnerabilities and misconfigurations;
  • accurately understand your real risk exposure: with continuous discovery of physical and virtual assets along with integrated information on Malware and Exploit exposure, Nexpose provides accurate insight into where your most significant risks exist;
  • prioritize vulnerabilities quickly and accurately: scans can uncover thousands of vulnerabilities; with Real Risk, Nexpose effectively prioritizes your remediation efforts so you don’t waste time; and
  • verify that vulnerabilities have been remediated: with integrated data from Metasploit, your security teams can verify that remediation efforts have been successful, reducing duplicate efforts and more effective risk reduction.

For more information, visit www.rapid7.com

SLSA # EN578-100808/103/EE

SLSA category : 1200 Security Operations

Subcategory: 1238 Security Risk Management and Policy Compliance software

Security Risk and Policy Compliance Software is used to manage, monitor, report on, and audit both security risks and policies to address those risks. Solutions often include remediation management, compliance and enforcement, policy assessment, vulnerability management, remediation, and reporting towards the objective of sustainable compliance.

                                                                                                                       Read More >>

 

 

WAN Optimization

Wide Area Networks (WANs) — and now hybrid networks — connect people, applications, and data to make business possible.  And, as organizations of all sizes turn to private cloud to improve efficiency and enterprise collaboration, they’re increasingly reliant on Wide Area Network (WAN) performance.  Organizations are migrating key infrastructure and applications to the cloud to lower server costs, improve disaster recovery and increase workforce productivity. But to do so successfully, they need to address network limitations to quickly and reliably connect resources and remote end users.

WAN Optimization solutions enable collaboration, communication, user productivity, and risk mitigation. State-of-the-art technologies—including adaptive compression, data deduplication, and TCP optimizations— can accelerate everything from data replication and backup to application performance and virtual machine migrations.

Citrix Cloudbridge

The Citrix family of products and services centralize, virtualize, and minimize the complexity of traditional computing – significantly reducing costs, improving information security, mobilizing people, and delivering enterprise agility. Citrix Cloudbridge available as a physical or virtual appliance, is a WAN optimization solution that provides a high definition desktop and application experience to branch and mobile users while dramatically reducing WAN bandwidth costs and simplifying branch infrastructure. Cloudbridge accelerates desktop and application delivery, decreases WAN bandwidth consumption, and enables server consolidation. The Cloudbridge product family addresses the full range of WAN optimization scenarios and delivers unparalleled application acceleration benefits, especially for Citrix XenDesktop™ and Citrix XenApp™ deployments. For more detailed information, go to www.citrix.com .

NESS # EN578-030742/019/EW

NESS Class 3. Layer 4-7 Devices

Main Functionality:  Network device to improve Layer 4-7 network data traffic

NESS Category 3.2 – WAN Acceleration Appliance

Technical definition: Network device for accelerating network data traffic over WAN links.  The device may include hardware and software modules with specialized functionality, which must be integrated within the device.

Read More >>

 

Web Application Firewall

Web applications are a prime target for attack because they are easily accessible and they offer a lucrative entry point to valuable data. To combat complex and distributed attacks, organizations need to protect their websites from new and emerging threats without affecting application performance or uptime.

Imperva SecureSphere

More organizations rely on Imperva to protect their critical web applications than any other vendor. Imperva Web Application Security solutions fit seamlessly into physical, virtual and cloud-based data centers and deliver the market’s most advanced security capabilities, updated with threat intelligence based on research and big data analytics.

The market-leading SecureSphere Web Application Firewall (WAF) has transformed the way businesses protect their applications by automating web security and providing flexible, transparent deployment. With its comprehensive protection and low administrative overhead, SecureSphere is the ideal solution to secure valuable web assets and achieve PCI compliance. Imperva SecureSphere is available on physical and virtual appliances, and on Amazon Web Services. More information is available at www.imperva.com.

SLSA # EN578-100808/in progress

SLSA category : 1200 Security Operations

Subcategory: 1220 Firewall Software

Firewall Software is designed to prevent unauthorized access to or from a private network by permitting or denying computer applications based upon a set of rules and other criteria. Firewalls typically function as filters, gateways, and/or proxies.

 Read More >>

 

Web Application Testing

Web Application Testing is software testing focuses on web application. Complete testing of a web-based system before going live can help address issues before the system is revealed to the public. Issues such as the security of the web application, the basic functionality of the site, its accessibility to all users, its ability to adapt to the multitude of desktops, devices, and operating systems, as well as readiness for expected traffic and number of users and the ability to survive a massive spike in user traffic.

Rapid7 AppSpider

AppSpider includes interactive actionable reports that prioritize the highest risk and streamline remediation efforts by enabling users to quickly get to and analyze the data that matters most. With one click, you can drill deep into a vulnerability to get more information and replay attacks in real-time. Sifting through pages and pages of vulnerabilities in a PDF report takes too much time. AppSpider provides interactive actionable reports that behave like web pages with great organization and links for deeper analysis. Analysis is easy because findings are organized and consolidated by attack types (XSS, SQLi, etc.) and with one click, you can drill deep into a vulnerability to get more information. AppSpider’s sophisticated reports reduce remediation time and streamline communication with developers. With AppSpider, you can:

  • Conduct deeper analysis with interactive reports
  • Quickly re-play web attacks
  • Categorize applications for easy reporting

For more information, visit www.rapid7.com