eEye Digital Security — Security Policy Enforcement

In spite of advances made in the world of network security, a vast majority of security incidents are still attributed to the “internal threat” – end users – responsible for mis-configuring devices and programs, unknowingly propagating malicious code, or disclosing proprietary business information.

• Individual systems can be protected by company-defined rules related to inbound/outbound connections and allowable network traffic.
  

• End-users of connected systems can be forced to adhere to guidelines which follow corporate standards, such as the blocking of non-approved applications such as P2P.
  

• Non-essential systems may be precluded for connecting to the Internet, further decreasing an organization’s overall security exposure.

Collectively, these threats are best managed through a comprehensive policy enforcement and compliance program including Retina® Network Security Scanner, Retina® Remediation Manager and Blink® Vulnerability Protection, which together have the capability to assess, remediate, secure and apply software patches to devices in non-compliance to ensure the highest security levels.

eEYE APPROACH

eEye Digital Security has developed a systematic approach to address the challenges with establishing, monitoring and enforcing security policies. This vulnerability management workflow enables you to align eEye's innovative approach to network security to the real business risks facing your organization, including preventing unauthorized applications or procedures from being executed when not part of your security policy architecture.

Discover
The critical first step in identifying, checking and tracking all of the servers, workstations and devices that are attached to your network. All systems and devices can contribute to security threats and ultimate downtime so must be identified and audited.

Audit
The linchpin of the entire vulnerability management process, which entails checking all operating systems, hardware configurations and application configurations. This phase must be fast, non-intrusive, customizable, centrally organized and remotely maintained.

Delegate
Upon completion of a given vulnerability assessment, remediation activities are prioritized and assigned to team members. Rules can be created to automatically delegate security events as tasks according to severity level, origin or vulnerability type.

Remediate
Now it is time to take action, and begin dialogues on how to best remediate the discovered vulnerabilities through a combination of technology, processes, policies and training. As vulnerabilities can impact the entire organization, this step will typically be a multi-departmental effort.

Report
Whether monitoring specific machine information, providing executive level views or communicating other important data, reporting is an important element that must be evaluated along with everything else.

Adapt
The final stage for this workflow comprises the ongoing review of data collected from each preceding stage, and modifying your work flows and security measures to continue increasing security, improving performance and reducing the likelihood of unauthorized security breach.

SOLUTION ARCHITECTURE

Consistent with eEye’s best practices approach to threat management and network security, the architecture of eEye’s policy enforcement solution is multi-tiered, starting with a comprehensive assessment and audit of all security threats on all network assets. This is accomplished through a Retina® Network Security scan.

Blink® performs the necessary intrusion prevention protection through the deployment of an agent on each identified network asset. This way each network asset, including mobile workers and wireless devices, may be reported upon, audited and logged, providing the necessary real-time protection each time a network connection is performed.

These events are logged and easily managed through REM™ Event Manager, a central management console, capable of real-time integration through pre-built APIs to larger IT management interfaces including CA’s UniCenter, IBM’s Tivoli and HP’s OpenView. As a whole, this architecture provides the means to holistically view your security resources, and to adapt your security solution over time to provide the optimal level of protection.