eEye Digital Security — REM Security Management Console

Comprehensive vulnerability management and enterprise risk assessment using eEye’s REM™ Network Security Management Console. Enterprise risk management has security professionals faced with the challenge of identifying the areas most at risk on their network, in the midst of countless vulnerabilities, intrusion attempts and policy violations.

To maximize network security management and minimize the potential impact posed by these liabilities, security data must be accurately and efficiently collected, categorized and measured to allow organizations to identify risk before it can affect availability and productivity.

To meet this challenge, eEye's REM™ Security Management Console provides a single point of visibility for security risk management solutions, managing critical data specific to network vulnerabilities and machine resiliency, providing the overall network security posture of an organization. REM can immediately assess and improve an organization’s risk profile, enabling security teams to focus their efforts on the areas that matter most. REM's vulnerability management portal allows for the rapid identification and prioritization of threats, thus optimizing resources to focus on the most critical vulnerabilities first. Advanced workflow capabilities also allow groups to collaborate in ongoing remediation efforts, increasing operational efficiency as security and IT work to a common goal – eliminating network vulnerabilities.

Leveraging vulnerability, attack and policy related information provided by Retina® and Blink® in local or distributed environments, REM provides organizations with metrics and graphical representations of enterprise security risk. This enables administrators to quickly determine security status on any number of levels, including business unit, geographic location, operating system, etc. This ability to pinpoint risk and quantify its impact gives security teams the information required to quickly adapt their security strategies.

For organizations that rely on enterprise applications such as help desk, framework or network monitoring solutions, REM’s open architecture provides for seamless integrations with those platforms, passing along vulnerability data to further leverage such investments, delivering reduced IT costs and further operational efficiencies.

Features & Benefits

Comprehensive Risk Management
Leveraging vulnerability, attack and policy related information provided by Retina® and Blink® in local or distributed environments, REM provides metrics and graphical representations of enterprise security risk. This allows administrators to quickly determine security status on several different levels – business unit, geographic location, operating system, etc. These risk views are completely customizable by the end user, so calculations can be made according to corporate policies, internal objectives, etc.

• ‘Management at a Glance’ Display – REM’s home page view gives security team members an immediate view into the overall security posture of the network, by displaying overall asset risk, vulnerabilities currently resident on the network, progress of remediation activities, attacks overview and machines most at risk. All of this information is based on more detailed data available by choosing one of the supporting menus.
  
  
• Asset and Corporate Risk Calculations – REM provides visual representations of enterprise security risk, in both metric and graphical formats, based on information received from Retina and Blink deployments within an organization. Assets will be given a risk score, which takes data points such as vulnerabilities, targeted attacks and machine attack surface into account. These views will allow organizations to quickly determine the overall security state of their network. Risk can also be quantified from a corporate perspective, allowing users to view the security posture of business groups, geographies, even machine types. Users can customize these groupings to map to existing internal naming conventions.

• Asset-Driven Architecture – REM’s asset-driven architecture allows users to view and manage security data (including attacks, vulnerabilities and tasks) on a machine-level basis. Once an asset is initially discovered by a Retina scan or a Blink-related event being provided to the REM console, it’s history of attacks, vulnerabilities and tasks, in addition to the details (domain, MAC address, operating system, open ports, etc.) of the particular machine are presented for review and action.
  
  
• Asset Attributes – REM’s Asset Attributes capabilities provide a powerful method for classifying machines according to any number of customer defined values such as geography, facility, business unit, machine type, administrator ownership, etc. For example, a machine can be classified as being located in New York, part of the Finance business group and acting as a SQL server. Furthermore, rules can be set up to automatically create attributes for assets as they arrive within the system dramatically increasing the value and efficiency and value of the attribute system.
  
  
• Data Exporting – Data Exporting is available throughout the various information stores (assets, vulnerabilities, attacks, tasks) for quick extracts of raw data for use in spreadsheets or third party reporting engines. Data can be exported into XML, tab delimited, CSV and Excel to quickly enable ad hoc reporting.
  
  
• Alert and Rule Management - REM’s Rules capabilities provides a powerful method to automate many processes and actions by identifying situations that match a specific set of criteria and initiating a pre-defined activity. A wide range of actions can be taken, including creating an alert, auto-assigning an attribute, creating a task, or automatically deleting a vulnerability or attack from entry into the system.
  
  
• Filtering and Searching - The assets, events, tasks, vulnerabilities and attacks grids can be filtered and searched according to user criteria. If a user has implemented attributes, they can also filter and search according to attributes as well. For example, a user with 3000 devices in their asset database could search for all Windows 2000 machines located in New York and quickly be presented with that subset of information.

• Remediation Automation - Through the integration with leading patch management systems, REM users will be able to automate the process of fixing a vulnerable asset by calling the patching services to perform the job. The remediation engine can be called from any REM interface where vulnerabilities are displayed. An option is also available to completely automate the remediation process, triggered by rules. In such event the remediation configuration information will be retrieved from local storage, packed along with the required fix and asset information and sent directly for execution upon discovery of the vulnerability. REM can keep close tabs with the remediation system to verify the status of the request and take necessary action based result of the request.
  
  
• Task Management Progress - The task management progress view displays a quick update of the status of tasks, broken down by functional user. This allows team leads to quickly monitor the status of users in their group. User statistics are broken down by pending, open completed and closed tasks.

Specifications

• Windows 2000 Server SP4+, Windows Server 2003
• Microsoft IIS Server 5.0+
• Microsoft SQL Server 2000 SP3a+
• Internet Explorer 5.51+

REM Datasheet