IT SECURITY & COMPLIANCE - PROBLEM SOLVED!

NNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker™ Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps™ is delivered and underpins effective, ongoing security and operational availability.

Change Tracker Features And Benefits

Automates CIS Controls Spot cyber threats, identify any suspicious changes and adjust the secure baseline for all of your systems in real-time with NNT Change Tracker™ Gen7R2. Approve changes to the authorized baseline with a simple point and click. Breach Prevention Ensure all IT assets are secure and breach free at all times by leveraging state of the art, recommended security and configuration hardening settings along with real-time system vulnerability and configuration drift management. Breach Detection Change Tracker™ Gen7 R2 identifies suspicious activity using highly sophisticated contextual change control underpinned by threat intelligence to spot breach activity while reducing change noise. Real-Time Contextual File Integrity Monitoring Change Tracker™ intelligently analyzes all changes in real-time leveraging the world’s largest repository of independently verified whitelisted files combined with intelligent and automated planned change rules to significantly reduce change noise and deliver a true FIM solution. System Hardening & Vulnerability Management Minimize your attack surface with continuous and real-time clear configuration guidance and remediation based on CIS and other industry standard benchmarks for system hardening and vulnerability mitigation guidance. Continuous Compliance Monitoring Across all Industries NNT provides comprehensive tailored or pre-built reports to provide vital evidence to security staff, management and auditors of the ongoing and improving state of your organizations secure and compliant posture.

New Features and Functionality

• All new Dashboard, fully customizable with choice of widgets and multiple tabs for alternative Dashboard layouts

• ‘Single-Page Application’ design gives a contemporary, super-responsive Change Tracker experience

• New universal Query/Report controls, consistently available, enables reports to be built ‘off the page’

• New Reports Center – build and schedule any reports, with graphically-rich content, including all new Executive Report showing overall security of your estate

• ‘Expert Event Analysis’ sections for reports, with events automatically pre-analyzed to show ‘noisiest’ devices, paths, registry settings and any other monitored configuration attributes to aid decision making in your Change Control Program

• Report production now performance optimized, even large volume event reports are generated on a streamed basis to minimize impact on Hub server resources

• Report properties can be tailored – include a hyperlinked Table of Contents, Event Details table and Query Parameters, together with as many/few event attributes as required

• New Group & Device/Date & Time filter and selection control panel, selections persist for any page accessed, panel can be hidden when not in use to give a ‘full screen’ display of the Dashboard

• User-defined auto-refresh settings for all pages

• New componentized Planned Changes, allowing easy re-use of schedules and/or rulesets, driven by a new Planned

• New ‘FAST list’ planned change rule option, ensures only file changes you select as permitted, allows a user-defined list of approved file changes to be operated – like a personal FAST Cloud!

Operating at a forensic level within the IT infrastructure, Change Tracker™ works across all popular platforms such as:

• Windows, all versions including Server 2019, 2016 and Windows 10, XP, 2003/R2, Windows 7, Windows 8/8.1, 2008R2, 2012/R2 (Core and GUI)
• Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat, Oracle, FreeBSD and Apple MAC OS
• Unix, all versions including Solaris, HPUX, AIX, Tandem Non-Stop
• VMWare, all versions including ESXi
• Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL
• Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper, Fortinet and Checkpoint

Gain visibility into attacks on your environment

Basic security measures are no longer sufficient to protect your business against today’s rapidly evolving cyber threats; this reality is made glaringly evident by the constant stream of breaches reported in the news. Traditional perimeter security technologies such as firewalls and Intrusion Prevention Systems (IPS)—as well as endpoint security like anti-malware—do not provide the broad and deep visibility across your IT infrastructure needed to detect these threats. Evidence of attacks and incursions within your environment can be found in log records and machine data generated by your networked systems, security devices and applications, but how do you unlock these critical insights? Most businesses struggle with the continuous investment in technology and people required to maintain ongoing monitoring of their security posture. The ControlScan Managed SIEM service combines enterprise-class SIEM technology from the ControlScan Cyphon platform with our deep security expertise and service excellence. Comprehensive service collects, correlates, analyzes and stores log data from network infrastructure, servers and applications in order to identify and mitigate security incidents while facilitating compliance with requirements within PCI, HIPAA, GLBA, SOX and other frameworks. The secure, cloud-based Cyphon platform collects log data generated by devices such as firewalls, IPS solutions, servers, desktops and applications. Correlation logic is applied to the aggregated logs to identify potential security threats, and alerts are generated and sent in real time, on a 24x7x365 basis. ControlScan Security Analysts are on hand to support the assessment and investigation of critical alerts and to provide guidance on proper response.

Key features of the ControlScan Managed SIEM Service

• Log Collection for your entire IT infrastructure
• Event Correlation and Analysis leverages multi-sourced log data and advanced correlation rule sets to detect security incidents
• Prioritization and 24 x 7 Alerting
• 12 Months of Log Retention for compliance requirements, including PCI DSS requirement 10
• Reporting and Data Access available to you through ControlScan's web-based platform
• Advance Functionality including:
• File Integrity Monitoring (FIM)
• Custom real-time dashboards

A Unique Solution to Solving the Security Challenge.

As the leader in providing cloud-based, unified security and compliance solutions, ControlScan offers unique value through its Managed SIEM service.

Deploy with ControlScan and get benefits that include the following:

Security-as-a-Service – Avoid costly, up-front investments in hardware, software and technical expertise with ControlScan’s cloud-based services. You’ll be up and running quickly and effectively with an enterprise-class, scalable solution. A solution that gets better with time – Ongoing upgrades and enhancements to the Managed SIEM service ensure the addition of new capabilities for identifying evolving attack methods. At the same time, your ControlScan security team is continually creating and tuning correlation rules for your environment to ensure maximum visibility to true, critical alerts. A staff of security experts watching your back – Only the largest organizations can afford a staff of resources maintaining security and compliance day-in and day-out. ControlScan brings extensive knowledge and experience in both areas, validated by the range of IT Security, PCI and HIPAA certifications held by our team of experts. This knowledge continues to grow as threats become more advanced. A single solution for your biggest challenges – The ControlScan Managed SIEM service delivers functionality you need on three different fronts: 1) Security 2) Compliance 3) Operations. By collecting, aggregating, correlating and analyzing data from your environment, you gain visibility to your organization’s overall security posture, support for key controls in most compliance frameworks, and assurance of the health of your networked systems.

The Elemental Security Platform (ESP) is an advanced enterprise level security compliance automation system that is suited for any size organization — in the cloud, datacenter or on premise. ESP is the game changing self-adaptive policy enforcement driven cyber security solution that ensures critical digital assets are continuously in compliance hence always protected. As a highly integrated, comprehensive, scalable system the Elemental solution is the answer to effective information security, auditable compliance and risk management. It achieves this through automatic deployment, consistent monitoring and pervasive enforcement of cyber security policies and controls Key Features: Security Policy Management Automation of security policies is a key component of the Elemental solution. ESP admins express and deploy policies simply byselecting from an extensive library of security controls and policy templates. Elemental also makes it simple to define target groups or security zones and automatically apply policies to all hosts in the group. As the activity of hosts and their security posture changes, group membership also changes automatically and the correct policies are applied accordingly, which makes the ESP system selfadaptive to a changing security context. Security and Regulatory Compliance Elemental provides the framework to achieve compliance with industry and government regulations, this includes an extensive policy library. Unparalleled Visibility Auto-Discovery – the Elemental agents passively monitor the network for new computers. Unauthorized machines are quickly discovered and classified to identify their operating system, hardware details, and networking activity. Protect Critical Resources Layered Protection – ESP provides highly targeted, granular, and always-on host level access controls that ensures only secure and authorized systems are granted access to critical resources. Elemental Security Operations Center The Elemental system provides extensive reporting capabilities, including a suite of executive dashboards, detailed views and histories of compliance, risk and value, network traffic activity, and trouble ticket administration. The ESP reporting makes it easy for administrators to document the state of their networked systems and to identify changes that occur on individual systems or in the communications among systems. Risk Management The ESP programmatically determines the value and risk of machines based on a myriad of observed characteristics, roles, behavior, and usage information. The ESP quantifies the value and risk of all machines on the network, both managed and unmanaged, through the analysis of multiple factors including compliance, trust, system properties, the type and volume of networking activity, stored information, as well as the roles of machines and users. This capability identifies high value and at-risk systems enabling organizations to identify, mitigate, and manage IT risks. ESP is a holistic, affordable solution leveraging next-generation technologies to provide tremendous value to security professionals:

• Improves the efficiency of security and IT staff

 

• Unifies visibility across IT security controls

 

• Supports the shift from end–point and disparate tools to a holistic and adaptive integrated solution

 

• Reduces network attack surface through ‘always-on’ adaptive network access control and micro-segmentation

 

• Provides automatic security posture assessment and adjustment

 

• Provides business aligned metrics to measure the compliance, value, and risk of systems

 

• Reduces time and cost for audits

 

Security Manager helps enterprises manage their firewalls, routers, switches and load balancers more effectively, by detecting and reporting any changes to firewall policy, increasing visibility and reducing the cost of making changes. Security Manager shows you which of your rules are unused and how traffic flows through each rule, letting you clean up unnecessary access and tighten down existing rules. And with continued, automated analysis of regulations like PCI, HIPAA, SOX, NERC-CIP, ISO 27001, and NSA guidelines, Security Manager greatly improves your compliance posture. Access Path Analysis expands visibility of enterprise network behavior by identifying the detailed risk path through the network, including the interfaces, routes, security rules and address translation rules that allow the access path that introduces risk. It gives network security operators the information necessary to make a precise change and reduce risk without impacting network operations. And FireMon Insight, a real-time dashboard, gives users a one-stop view of the critical metrics from across your security configurations.

As the creators of the original SaaS security platform – well before cloud security services became all the rage, and long before competitive companies saw the light – Digital Defense continues to set the standard for the delivery of SaaS solutions and services. The Frontline.Cloud security Software as a Service (SaaS) platform supports multiple systems including Frontline Vulnerability Manager™ (Frontline VM™), Frontline Pen Testing™ (Frontline Pen Test™), Frontline Web Application Scanning™ (Frontline WAS™) and a new offering, Frontline Active Threat Sweep (Frontline ATS™). Frontline.Cloud, is hosted on Amazon Web Services (AWS) and incorporates Digital Defense’s patented and proprietary technology. The platform, already industry recognized for ease of use and rapid deployment, now offers organizations significant administration efficiencies for assessing premise-based, cloud, or hybrid network implementations through AWS hosting. The Frontline.Cloud platform delivers high quality results and includes unified management and comprehensive reporting. Extensive application programming interfaces are also available, enabling tight integration with 3rd party cloud and/or premise-based systems resulting in effective automation of security operations.

The Frontline.Cloud™ Systems

Frontline Vulnerability Manager (Frontline VM) is the industry’s most comprehensive, accurate, and easy to use VM platform – bar none. Frontline VM comprehensively identifies and evaluates the security and business risk postures of network devices and applications deployed as premise, cloud, or hybrid network-based implementations. Now residing entirely in Amazon Web Services (AWS), Frontline VM easily addresses the security compliance requirements of organizations around the globe. Competitors’ vulnerability management software solutions may have, in fact, reached “commodity” stature – being milked for cash at the expense of continued R&D investment. Nothing could be further from the truth for Frontline VM.  Frontline Active Threat Sweep (Frontline ATS), an agentless system, enhances your existing defense-in-depth coverage by uncovering gaps in your present endpoint protection, active threats and indicators of compromise. Digital Defense’s Frontline Active Threat Sweep™ (Frontline ATS™) complements your existing endpoint protection technologies providing an agentless, easy to deploy method to quickly and reliably analyze assets for active threat activity and indications of compromise. Enhance your existing defense-in-depth coverage by uncovering gaps in your existing protection. Pinpoint which assets have no endpoint protection installed or that are out-of-sync and out-of-date leaving one or more assets at risk. Frontline ATS enables organizations interested in threat hunting to deploy a threat detection capability on top of Digital Defense’s proprietary technology architecture that is lightweight and effective, to gain instant visibility into assets that demonstrate indications of compromise. Frontline Web Application Scanning (Frontline WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained. Frontline Web Application Scanning™ (Frontline WAS™), a Frontline.Cloud SaaS security system, is housed in Amazon Web Services and has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained. Enjoy the benefits of a technology you can trust to deliver unparalleled accuracy with minimal consumption of resources. Underpinned by DDI NIRV™, Digital Defense’s patented scanning technology, Frontline WAS overcomes frustrations experienced by security professionals such as the lack of accurate results and complexity found in deploying other web application scanning tools.

• Easy deployment and configuration
• High level dashboards at the scan level and a per web application to easily expose overall security postures at various levels
• “Blind Spot” coverage commonly missed by other web application assessment technologies
• Prioritization of the most critical vulnerabilities, saving organizations valuable resources through targeted remediation efforts
• Tracking of and trending on new, recurred and fixed vulnerabilities
• Intuitive results navigationActive View – web application scan data management across all web application scan activities
• Robust filtering – providing the data and views you want instantly
• Dynamic reporting / visualization including OWASP Top 10
• Frontline Security GPA® trending that offers a dynamic view of your security posture
• Ability to compare Frontline VM and WAS Asset Ratings automatically, with no manual intervention required

Monitoring and event management is the first step in harnessing the power of an edge-to-cloud IIoT solution. With Predix Essentials, you can centralize data, apply analytics, then visualize and act on the insights. It allows you to connect assets and IT/OT data, monitor conditions, analyze alerts, and manage incidents through resolution without any software development required. By leveraging Predix Essentials, you can reduce downtime and lower maintenance costs—and that’s just the beginning. Connectivity and data collection Predix Essentials can collect data from common data sources, using a variety of secure connection and forwarding methods. The data can then be viewed, analyzed, and more using the Event Console. Edge-to-cloud processing Predix Essentials is based on Predix Platform and provides a secure and scalable foundation for your evolving IIoT needs. Core Predix Platform capabilities are included with Predix Essentials, while others are available as additional services. Event Console The rich user capabilities enable utilization from engineers to executives, including remote experts, operators and supervisors, safety and compliance teams, executive management, and customer self-service. For monitoring and event management, Predix Essentials provides a complete end-to-end workflow. Operators and supervisors can:

• Monitor. View assets, operational data, metrics, and KPIs via customizable dashboards

 

• Analyze. Visualize and analyze data for ad-hoc investigation and root cause analysis

 

• Detect. Get alerts from thresholds, business rules, and machine learning analytics

 

• Respond. Recommend and assign actions, create cases, and track through resolution

 

Benefits The rich connectivity, processing, and Event Console features of Predix Essentials enable a host of uses across any industry. Whether you’re directly connecting assets or augmenting current investments in MES or HMI/SCADA systems, Predix Essentials delivers centralized visibility, augmented analytics, and analysis capabilities for monitoring, exception handling, and decisioning. Typical use cases include:

• Centralized asset and process visibility
• Condition-based monitoring
• Remote HMI monitoring and support
• Cross-plant dashboards
• OEM fleet monitoring and service

Key Capabilities: Dashboards reporting; Alerts, metrics, KPIs; Visualization analysis; Criticality analysis; HMI visualizations alarms; Recommendations; Case management; Policy management.

Meeting key information security challenges

• Detection of complex targeted attacks at an early stage
• Prevention of financial and reputation loss
• Protection of internal networks, email, and file storage systems
• Optimisation of security processes and costs

High level of protection guaranteed In-depth understanding of threats Extensive insight thanks to data contained in Group-IB’s proprietary Threat Intelligence system, deemed among the best in its class by top agencies such as Gartner, IDC and Forrester Hands-on experience in incident response Our experience in responding to incidents and investigating cyber crimes helps us be the first to detect the use of new tools Modern technologies File behaviour analysis, unique signatures, detection of network anomalies through machine learning Detection of attacker infrastructure on a global scale Technology conceived to collect a large amount of data and unique search algorithms designed to find connections help detect infrastructure that hackers intend to use in future attacks TDS modules Managed detection & response 24/7 CERT-GIB

• Alerts monitoring
• Anomaly analysis
• Threat Hunting
• Remote response
• Incident management
• Critical threats analysis

Detecting infrastructure management & data analysis TDS Huntbox

• Internal Threat Hunting
• Retrospective analysis
• Modules management
• Single interface
• External Threat Hunting
• Correlation & attribution
• Data storage
• Events analysis

Attacks detection & prevention TDS Sensor

• Traffic analysis
• Files extraction
• Anomalies detection

TDS Polygon

• Isolated environment
• Files analysis
• Links analysis

TDS Endpoint

• Events logging
• Response at hosts
• Threats detection

Interset is an extensible analytics engine, wich used principled approach to math, and its scalable architecture. This platform has been proven through extensive testing and deployment across the U.S. intelligence community and some of the world’s largest enterprises. Features: Detect Indicators of compromise manifest themselves in different ways, depending on the type of attack. Interset collects and correlates events from the broadest set of data classes, right out of the box, quickly increasing threat visibility. Investigate
Connect the dots of events related to an attack. Create a prioritized list of what needs to be investigated first. Remove noise, and greatly reduce false positives, eliminating alert fatigue. Security analysts will know where to start and what to do. Interset’s precision means greater accuracy in threat detection. Respond The more context your security team, the faster they can mitigate a security incident. Interset provides a contextualized view of riskiest behaviors in your enterprise and gives your security teams the right tools to visualize and investigate incidents. Once an anomaly is detected, Interset sends actionable, easy-to-understand reports with downstream security systems to begin remediation. Main differents:

• Platform comes with a broad set of data-class support and out-of-the box analytics models, with the ability to quickly add more

 

• Analytic models cover more threat surfaces and visualize each stage of an attack

 

• Best-in-class scalability to hundreds of thousands of users

 

• Principled machine learning and advanced analytics engine are proven every day by our IQT partners

 

Controlling User Access while Delivering a Personalized Experience IT organizations must balance control of applications, services, and assets with enabling personalized user access. What apps and services do workers need? What printers should they have access to? What resources should be blocked if they’re on an unsecure public network? IT teams typically handle these issues manually, often relying on scripts that must be managed and maintained, overloading the team and preventing them from working on more strategic projects. The results are often:

• Delays in providing workers access to the digital resources they need

• Inadequate definition and enforcement of access policies—especially restriction of privileges when users work from non-secure devices or locations

• Valuable IT staff time consumed by routine administration

These problems impact the business in the form of lost productivity, security risks, poor compliance, user frustration, high IT expenses, and compromised user productivity. Ivanti® Workspace Control, powered by RES, allows IT to centrally manage and control the user workspace across physical, virtual, and hybrid environments. Workspace Control drives user productivity by providing workers with a familiar and seamless experience that adjusts to changes in their work context.

Key Feature: Easy Workspace Personalization Workspace Control lets IT create a highly personalized user workspace for workers based on what they need to do their jobs—and what they can access based on IT and corporate policy.

Key Feature: Context Awareness Allows IT to apply the appropriate policies to each user’s desktop session, whether that session is delivered via VDI, app virtualization, or conventional thick-client architecture.
Context rules detect aspects of the user’s current state related to access policies (like location, network connection type, device type, time of day, etc.) and controls access accordingly.

Key Feature: Web-based Management Workspace Control provides IT with an easy-to-use, webbased interface for managing user and application security settings and allowing the IT helpdesk to troubleshoot the desktop configuration. Key Feature: File Certificate-based Application Whitelisting File certificates allow IT to create rules to whitelist applications from a specific vendor or product name using the certificates of signed executables—providing the same level of security as file hashes, but with fewer rules and a lot less maintenance.

Key Feature: Application Whitelist Monitor Simplifies security whitelisting across a large, dynamic application set by automating the generation and maintenance of hashes and file certificates.

Transform Digital Workspaces Ivanti Workspace Control is an ideal complement to VDI, mobility, and other digital workplace transformation strategies, since it provides an automated, policy-based way of mapping individual users to their digital workspaces across devices and delivery platforms. Users can roam seamlessly across hybrid environments for full productivity. And, because Workspace Control decouples the desktop experience from underlying infrastructure, IT upgrade projects are easier to execute and less disruptive to users.

Deliver a Consistent User Experience Workspace Control helps IT provide a consistent user experience across desktops, laptops, tablets, and smartphones—while still applying the appropriate resource limitations as workers move from office to home to the road.

Regulatory and Corporate Compliance Whether it’s meeting software licensing agreements or adhering to regulatory restrictions, Workspace Control allows IT to set, enforce, and report on granular policy rules at the user level. IT gains control over user behavior while still providing the necessary access to resources to keep users productive, plus the ability to document and demonstrate compliance.

Citrix XenApp and XenDesktop Support Workspace Control is compatible with Citrix XenApp/XenDesktop 7.15 LTSR.

Updated macOS and Linux Support The macOS and Linux agents have been updated to support the latest releases of macOS, CentOS, and Red Hat Enterprise Linux.
Ivanti Workspace Control reduces the complexity of managing the user workspace to deliver:

• A more productive and engaged workforce

• Improved corporate and regulatory compliance

• Lower cost of IT operations

• Better allocation of IT staff and skills

• Greater organizational agility

• Simplified infrastructure upgrades

NTX uses threat intelligence to identify the “known bad” before applying our machine learning derived algorithms to identify the “unknown bad”, immediately cutting the window of compromise on your network. How it Works? 1. It takes just minutes to install one of our NTX Collector components on your network. This gives us visibility of your DNS traffic for real-time monitoring and action. 2. Threats are found and instantly blocked by our unique algorithms, giving your organisation immediate protection from known and unknown threats. 3. All captured threats are visually displayed by attack type, category and IP address. This intelligence is easily integrated into your SIEM platform to enrich data and speed up response time. Features: Events Dashboard The NTX dashboard provides an at-a-glance overview of the DNS traffic in your organisation and any suspicious events hidden there. Get straight to the issues that matter and fix them fast. Events Browser You can search and view recent and historic events detected by the system. Get straight to the cause, in real time or historically, for a forensic investigation. Automated Reports Reports detailed events detected by NTX, IP addresses of affected machines, risk profiles presented by the events and recommended remedial actions. Take the hassle away from reporting. Board-ready reports at the click of a button. Custom Views Build your own customised dashboards or detailed views of events in your DNS infrastructure. For analysts and power users with a deep understanding of DNS protocol. Work the way you want to, built around your workflow. Policy Management Ability to customise policy beyond the defaults provided and apply these to your DNS server. Find it, understand it, block it. All with a single click. Benefits of the NTX Platform Real-Time Intelligence

• Proactive real-time threat blocking designed to cut malicious activity off instantly.
• Rich APIs which allow DNS threat intelligence to be integrated into existing SIEM and management reporting systems, speeding up response times and providing intelligence for post-breach forensics.
• NTX gives you visibility and actionable threat intelligence, highlighting suspicious events and giving you the ability to respond.

Action Performance

• Delivered either in-cloud or on-premise, NTX cloud environments can be deployed in a matter of minutes.
• The NTX platform is built to detect malicious activity in seconds so that you can start protecting your business straight away.
• Ground-breaking technology uses unique compression, analysis and machine learning algorithms to instantly detect single malicious packets hidden in vast quantities of legitimate enterprise data, before they harm your business.

Custom Reporting

• Custom dashboards tailored to your business needs and an intuitive web control panel give you unprecedented visibility of your DNS traffic and any associated threats.
• Daily logs of blocked domains associated with threats such as malware, phishing, and data exfiltration.
• Periodic analysis of service usage and regular service management reports including identification and prioritisation of risks and vulnerabilities.

Expert Team

• World renowned DNS analysts with over 20 years’ experience running the .UK namespace, now a part of Critical National Infrastructure.
• Award-winning service delivery teams offering around the clock access to online documentation, expert support and dedicated account management.
• Chosen by UK Government to run DNS analytics services across the UK public sector, we are proud to be part of the Active Defence Programme run by the National Cyber Security Centre.

Managing SNORT events is not new to open source. What makes us unique is the Blend Security & Network Analytics. Both SNORT and Suricata are great examples of technology, but they lack an enterprise-ready open source management system. This is what redborder has created, a very powerful complement to both, allowing you to centrally configure, supervise, and apply security policies in the open source realm. Its hierarchical, multi-tenant and multi domain structures control thousands of devices. Outstanding visuals help you investigate any security incident with ease. In short, redborder offers cloud-based Open Source IPS/ IDS protection. The Management Platform The events generated by thousands of IPS/ IDS probes will reach a central point where they are collected, enriched, and stored by a real-time pipeline with scale-out capacity. This pipeline squeezes any value out of them before storage. Give your users the capacity to supervise and search the categorized and prioritized events of their interest, to visualize them in relation to other data sources and take action. Contextualization Data is enriched with context without alteration based on existing data fields. This improves the decision-making and understanding processes. Additional data can come from external sources such as geolocation or reputation feeds, but also from other Apps active in the platform. Dashboards and Reports Create and share outstanding dashboards that help you detect threats and trends at a glance. Any view, with any filter applied, translates into a widget. Concurrent dashboards prioritize information relevant to each target user. Create automatic reports the same way. Slice & Dice Dig into enormous amounts of data to get the most relevant information with the Druid OLAP engine. Any meta field can be searched and filtered to find what you need, and RAW data is stored in Hadoop for when you require maximum detail. Policy Control Managing SNORT events is not new to open source. What makes us unique is the combination of scale and enterprise quality policy management in the same open source platform. Centrally manage thousands of Intrusion Detection System probes with proper access rights and privileges, device dependencies, rule feed alternatives, configuration rollback, and management auditing. This would make redborder stand on its own, but combined with the other Apps the only limit is your imagination. Hierarchical Policies Devices are configured in a hierarchical structure that allows you to manage them as groups, with configuration and policies enforced downstream while maintaining local independence. This applies to all levels, including the probe itself, its segments, and the different networks. Policy Workflow Policy management is a complex task. Create policy profiles with ease and apply them hierarchically to your devices. Rules can be searched, ordered, or categorized for simplicity. Any change can be recovered and is trackable. All deployments are controlled by you. Multiple Feeds redborder doesn’t provide its own rules feed, but enables you to access the best of them concurrently, without sacrificing anything. Be it Talos or Emerging Threats, Community or Paid, external or you own, control when you activate an update and mix and match rules as you need. Centralized Configuration When using SNORT redborder Edition probes, configuration capabilities go beyond event and policy management. Through provided Chef templates, you can fully configure the probe, its network segments and its operation mode: IDS, IPS and IDS forwarding

Skybox® Firewall Assurance provides comprehensive automation of firewall management tasks across different firewall vendors and complex rulesets. It simplifies compliance management, ensuring the state of your network is always in line with security policy design. And Firewall Assurance supports implementation of DISA STIGs and CIS benchmarks. Skybox also helps reduce risk on firewalls themselves, so they can better protect your assets. With config data, OS versions and powerful analytics, Firewall Assurance can spot vulnerabilities on firewall devices. Designed as a complete firewall life cycle management solution, Firewall Assurance empowers you to:

• Analyze virtual and cloud–based firewalls to better control east–west or north–south traffic

• Detect security and compliance problems using out–of–the–box or customized policies

• Track changes for continuous firewall monitoring

• Clean up and optimize firewall rules

• Normalize firewall rulesets for a consistent view across multiple vendors

FIREWALL ASSURANCE BENEFITS

• Identify security policy violations and platform vulnerabilities on your firewalls

• Get change recommendations to fix overly permissive rules through syslog and ACL data analysis

• Analyze how network traffic could flow through a firewall

• Automate firewall management for traditional, next–gen, virtual and cloud–based firewalls

When you’re responsible for keeping your network secure and firewalls compliant and optimized, you need to see how firewall rules and configurations impact your attack surface. Powerful analytics deliver accurate insights on–demand, and automated end–to–end rule life cycle management ensures continuous control of your firewalls. Delivers Continuous Detection of Security Threats and Compliance Risks

• Highlights access policy violations and provides root cause analysis

• Identifies rule conflicts and misconfigurations

• Identifies vulnerabilities on firewalls

• Incorporates compliance metrics and configuration analysis

Supports Next-Generation Firewalls

• Supports next-generation firewall access and rule compliance at the user and application level

• Shows the relationship between IPS signatures and vulnerability occurrences on assets, helping admins configure IPS signatures correctly

Provides Comprehensive Visibility and Reporting

• Gives fast insight to how firewall risks impact your attack surface

• Shows the relation between firewalls and zones on an interactive map

• Automates reporting for firewall ruleset audits

Keeps Firewalls Continuously Optimized

• Imports, combines and normalizes firewall data automatically from multiple vendors

• Automates rule recertification to streamline rulesets and ensure compliance

• Continuously monitors firewalls to eliminate security gaps

• Targets redundant, hidden and obsolete rules for cleanup and optimization

The Skybox® Security Suite is a cyber risk management platform built to conquer security challenges in complex enterprise networks. By integrating with more than 120 networking and security technologies, the Suite gives exceptional and seamless visibility across physical IT, multi–cloud and OT networks. Our analytics and intelligence provide the context needed to bridge the gaps between point solutions, so security teams can fulfill the goals of vulnerability, threat, firewall and security policy management programs — even in the world’s largest organizations. TOTAL VISIBILITY See everything in your hybrid network in one view Skybox analyzes information from your organization’s assets and networks to provide a contextual understanding of your risk of cyberattack so you can proactively address that risk. Collecting data from a variety of sources, Skybox builds a model encompassing your:

• Network topology (routers, load balancers, switches)

• Security controls (firewalls, IPS, VPN)

• Assets (servers, workstations, networks including traditional IT, multi–cloud and OT)

• Vulnerabilities and threats

The model is regularly and automatically updated to reflect the actual state of your network. THREAT–CENTRIC VULNERABILITY MANAGEMENT Stop chasing the wrong vulnerabilities Skybox takes a fundamentally different approach to vulnerability management. Using asset, network and threat context, we focus remediation on vulnerabilities most likely to be attacked: those with active exploits in the wild and exposed in your environment. Skybox analyzes multiple factors to prioritize remediation, including:

• Vulnerability severity

• Compliance

• Age

• Location

• Exploitability

• Prevalence (density)

• Asset role

• Asset value

• Threats

• Network topology

• Security controls

SECURITY POLICY MANAGEMENT Automate and orchestrate across your entire network Skybox delivers automated tasks and workflows to simplify and centralize security policy management across traditional IT, multi–cloud and OT networks.

• Create analytics–driven, automated processes that scale and adapt to a growing network

• Ensure firewall rules and security policies enable reliable connectivity and continuous compliance — without exposing the organization to risky attack vectors

• Streamline the creation of new firewall rules and efficiently manage rule recertification

• Perform same–day audits and simplify reporting

The Suite includes 5 modules and Research Lab’s intelligence feed on a common platform. Modules can be licensed individually or together:

• Skybox® Vulnerability Control

• Skybox® Change Manager

• Skybox® Firewall Assurance

• Skybox® Network Assurance

• Skybox® Horizon

• Skybox® Research Lab

Panaseer helps businesses make informed, risk-based security decisions using our proprietary Cyberfuse and Cyberoptics technology. The platform doesn’t use any agents, scanners or probes and integrates seamlessly with any data source.

How does Panaseer work?

1. The platform ingests data from any source in the cloud or on-premises, across security, IT and business domains through out-of-the-box Data Connectors.
2. It uses entity resolution to clean, normalise, aggregate, de-duplicate and correlate this data, creating a continuous feed of unified asset and controls insights across devices, applications, people, databases and accounts. 
3. Business Risk Perspectives (BRP) capability identifies and isolates risks associated with mission-critical parts of the business, providing a continuous view of security risk aggregated and unified to any process, department, location, system or other grouping.
4. Controls coverage gaps are identified by comparing internal compliance policies with the baselined inventory. Previously unidentified assets are checked to ensure controls are applied against them.
5. Real-time, automated reports are produced, removing the need for manual data gathering. Security data can be mapped to your organisation’s structure, providing business context for security metrics, demonstrating investment impact and risk improvements.

Deep analysis across eight security domains

• Vulnerability Management
• Endpoint Security and Management
• Privileged Access Management
• Identity and Access Management
• Application Security
• User Awareness
• Patch Management

A single view of the entire IT estate

Panaseer provides security teams, stakeholders and other security tools with a single view of all security and IT systems, reducing the need for manual data gathering and breaking down information silos. It also automates risk prioritisation and remediation and aligns security with recognised frameworks and internal policies.

Trustwave’s MAC solution monitors and records all endpoint and server activity to prevent, detect and respond to cyber threats that evade traditional security defenses. Based upon flexible, policy-based application whitelisting technology, Trustwave has crafted a managed offering which gives you the freedom to outsource the day-to-day operations of administering the MAC solution within your enterprise, while retaining overall control of your corporate security policies. Leverage Trustwave’s deep managed security experience along with the ultimate application whitelisting solution to rapidly heighten your security posture, while retaining control of your security policies and freeing your internal team to focus on other important security objectives. Trustwave has a wealth of experience and knowledge on best practices for administering the MAC solution to secure any organization on a global scale.

Trustwave Managed Application Control

• Real-time Visibility & Control
• Over every endpoint and server
• No polling or network scans
• Signature-less Detection
• With built-in advanced threat indicators
• Granular, policy-based control
• Multiple server and desktop OS support 
• Default Deny Policy
• Trust based and policy driven application control
• Detect-and-Deny
• Signature-less advanced threat indicators
• Detonate-and-Deny
• Automatic detonation services

Additional Benefits

• Address legacy OS concerns while meeting compliance needs within PCI or HIPAA
• Maintain best practices and ensure your policies and rules are optimally configured
• Infuse Trustwave’s extensive security expertise into your organization
• Free your internal team to focus on other security objectives
• Actionable reports and intelligence across managed servers
• Default Deny Policy
• Trust based and policy driven application control
• Detect-and-Deny
• Signature-less advanced threat indicators
• Detonate-and-Deny
• Automatic detonation services

Trustwave’s MAC solution is the industry’s most comprehensive endpoint threat protection solution leveraging advanced application control for both servers and desktops. Combining a trust-based and policy-driven approach to application control with real-time threat intelligence from Trustwave, managed solution monitors and records all endpoint and server activity to prevent, detect and respond to cyber threats that evade traditional security defenses.

MAC Agent Features

• Lightweight footprint
• Minimal memory usage
• Complete tamper protection
• Centralized management
• Horizontal scaling with support for up to 250,000 agents per managed platform

Supported Platforms & Use Cases

• Comprehensive OS support for Microsoft Windows, Mac OS X, and Red Hat and CentOS Linux
• Advanced server security monitoring and application control
• Point-of-Sale systems
• ATM / Banking systems
• Critical infrastructure and Health Care systems

Fully Managed, Hands Free Operation. Total solution provided by Trustwave

• Hourly event review by Trustwave SOC
• Policy enforcement action(s) by Trustwave
• As previously agreed by policy
• Audit trail of all actions taken
• Extended incident analysis / trending
• Monthly reporting

Gain visibility & control across physical networks & hybrid cloud environments Reduce the attack surface & ensure continuous compliance Implement security changes in minutes instead of days Tufin Security Policy Orchestration for Today’s Enterprise Networks Learn how the Tufin Orchestration Suite empowers you to visualize and control your network security policy across all on-premise environments and cloud platforms Whatever your industry, at Tufin we understand the serious network security challenges that your enterprise faces every day: Complexity Today’s hybrid IT reality is multi-vendor as well as multi-technology, resulting in limited visibility and control for enterprise networks spanning physical and cloud platforms. Change Ever-changing network security policies introduce new attack vectors. In addition, enterprises must handle an overwhelming volume of changes, while remaining secure and efficient. Cybersecurity Cyber-attacks will happen and organizations must do everything they can to contain these threats which are increasing at an alarming rate. Connectivity Application-centric security and connectivity management is critical to avoid outages and ensure business continuity. Compliance There is an ever-present need for audit readiness to enforce and demonstrate compliance with internal and regulatory standards as your industry requires. In addition, massive projects like data center migration, application migration and moving workloads to the cloud magnify the challenges of daily operations. The Tufin Orchestration Suite Solution The award-winning Tufin Orchestration Suite is a policy-centric solution for automatically analyzing risk, designing, provisioning and auditing network security changes. Tufin reduces the attack surface and minimizes disruptions to critical applications. Its network security automation enables enterprises to implement security changes in minutes instead of days with continuous compliance and increased agility. Tufin Orchestration Suite provides multi-vendor device support for leading enterprises networks, including finance, telecom, energy and utilities, healthcare, retail, education, government, manufacturing, transportation and auditing. Tufin’s Technology Alliance involves close partnership with industry leaders to provide seamless integration of the award-winning Tufin Orchestration Suite with their solutions. Capabilities Single Pane of Glass for Network Security Network Security Policy Baseline Application-Centric Security & Connectivity Management Network Security Change Automation Compliance & Audit Readiness Interoperability with IT Service Management, Ticketing & 3rd Party Systems

Highly targeted assets demand perfect security, but can’t afford loss in performance. Critical systems are increasingly targeted because they contain the most valuable information. These systems cannot afford a moment of unscheduled downtime or performance degradation as they are the lifeblood of the organization. They often run on out-of-date or unsupported operating systems, which are costly to secure and support. The most common approach to defending these systems typically relies on layering multiple, ineffective security products, which is costly, creates risk and jeopardizes performance. VMware Carbon Black App Control is an industry-leading application control product, used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. Leveraging cloud reputation services, IT-based trust policies and multiple sources of threat intelligence from the VMware Carbon Black Cloud, VMware Carbon Black App Control ensures that only trusted and approved software is allowed to execute on an organization’s critical systems and endpoints. VMware Carbon Black App Control combines application whitelisting, file integrity monitoring, full-featured device control and memory/tamper protection into a single agent. VMware Carbon Black App Control watches for behavioral indicators of malicious activity and conducts continuous recording of attack details to provide rich visibility into everything suspicious that attackers attempt to do. With the addition of the File Delete feature, VMware Carbon Black App Control is now a direct control for requirement 5 of PCI DSS, enabling customers to remove traditional antivirus without the need for undergoing the compensating control process. Security teams can harden their new and legacy systems against all unwanted change, simplify the compliance process, and provide the best possible protection for corporate systems at enterprise scale. VMware Carbon Black App Control is available through MSSPs or directly through on-premise.

KEY CAPABILITIES VMware Carbon Black App Control is a powerful positive security solution for data centers and critical systems that allows server admins to control change while consolidating agents. Using a ‘Default Deny’ approach, VMware Carbon Black App Control reduces your attack surface and downtime by automating approval of trusted software and eliminating the burden of whitelist management. Lock Down Critical Systems Stop malware and non-malware attacks by preventing unwanted changes to your applications and files, providing you with the control over your environment that you need. Ensure Continuous Compliance Accelerate compliance by meeting many of the requirements in regulatory standards and frameworks, such as PCI-DSS, HIPAA/HITECH, SOX, NERC CIP, GDPR and NIST 800-53. High Performance and Low Touch Application Control Be confident that your solution is blocking the “bad” and allowing the “good” without interrupting daily operations.

BENEFITS

• Stop malware, ransomware and next-gen attacks

• Eliminate unplanned downtime of critical systems

• Consolidate endpoint agents

• Prevent unwanted change to system configuration

• Meet IT risk and audit controls across major regulatory mandates

• Increase efficiency of IT resources with streamlined IT audit processes

• Protect legacy systems running on unsupported operating systems

• App Control is now a direct control for requirement 5 of PCI DSS

FEATURES

• Application control

• File integrity monitoring and control

• Device control

• Memory protection

• Reputation services

• Open APIs

PLATFORMS

• Sensor Support:

• Windows XP, Server, Vista, Embedded, POS

• Mac OS X

• RHEL Linux

• CentOS Linux

• Oracle RHCK Linux

WatchGuard Dimension is a cloud-ready network security visibility solution that comes standard with WatchGuard's flagship Unified Threat Management and Next Generation Firewall platform. It provides a suite of big data visibility and reporting tools that instantly identify and distill key network security threats, issues and trends, accelerating the ability to set meaningful security policies across the network. Use WatchGuard Dimension to monitor and gain critical and timely insights about network security, in real-time, from anywhere and at any time, easily and quickly Start with the Big Picture A picture is worth a thousand words or traffic logs! Get a high-level, aggregated “big picture” view of network activity that pinpoints top threats and trends, active policies and traffic patterns, and correlated views of top users and applications. Tap into Visible Insights See network activity presented visually, in real-time, in intuitive and interactive dashboards and reports. The elegant visualizations make it easy to identify potential threats, monitor Internet usage and to gain critical insights about related traffic trends. See, at a glance, who is consuming the most bandwidth, if there are unusual traffic patterns, and what are the most-visited websites. Easily pivot, drill-down, and filter to get exactly the info you need, when you need it. Then, you can drill all the way down to individual log data that reveals key details Spot Patterns, Make Better Decisions Choose from over 100 comprehensive reports, with the ability to schedule reports for email delivery to key stakeholders – from C-level executives and IT Directors, Network Managers and Security Analysts, to HR and Department Managers. Special reports are available for PCI and HIPAA compliance. Then Take Action with Dimension Command Dimension Command is our suite of management tools for WatchGuard Dimension. With it, IT pros have access to a host of network control features including one-click configuration changes, the ability to jump back to previous configurations, direct access to individual appliances through a web UI, and VPN management tools. Dimension Command is a purchase upgrade, and is automatically included in our Total Security Suite. Zero Install No complicated setup is required. Simply deploy a virtual appliance - includes OS, database, utilities, and WatchGuard server software - and you’ll be up and running in a few minutes.

NetArgos is the world’s first Cyber Security Blackbox. It uses optimized packet storage technology to extend network recording time dramatically and minimizes network security blind spots through periodic retroactive security analysis. NetArgos also provides optimized security policies with existing security devices. NetArgos is capable of responding to security blind spot which is caused due to Operational and Temporal security blind spot, by providing of longer term storage and RSC (Retroactive Security Check) capabilities which today’s traditional devices are not able offer. What it can do? Network Recording in Real-Time

• Max 20 Gbps
• Creates Real-Time network meta data: Flow and Session
• Extract variable length session firs N packets by application

Optimized Data Storage

• Different N values for different applications: 0 - MAX
• Based on Packet count or Packet size
• Standart format and External export

Security Blank Analysis

• Security blind spot detection and elimination by periodic retroactive security analysis
• Convenient security blind spot information analysis provided by automated smart report
• Optimized network security policy

Network Problem Analysis

• Time and 5-tuple based information search
• Drill-down search in station,flow, packet order
• Extract and transfer the searched network information