Endpoint Security Risk Management:
Control Without Compromise
Introduction
3
The Current Information Security Landscape
4
Red Lambda’s
Assurity SRM
™: Unified Security Risk Management
5
Features & Benefits
6
Why Red Lambda?
8
A Look to the Future
8
Introduction
Driven by competitive pressures and a changing climate of accountability,
organizational strategies toward information security are changing.
Operational responsibilities increasingly span functional units, requiring a move away from disconnected islands of policy toward comprehensive risk management solutions that bridge disparate technologies. As such, there is a growing trend among vendors toward delivering a one-stop-shopping approach to security risk management. However, in order to achieve the uniform policy control promised by these all-in-one solutions, administrators have to rely on one vendor, and relinquish their ability to choose the best point solutions.
Successfully managing risk within the context of organizational strategy requires the flexibility to choose the best technologies
that meet operational objectives. By integrating security processes across the organization into a single, holistic framework, organizations are able to reduce their exposure to risk efficiently while addressing the demands of compliance and competition. This white paper outlines how Red Lambda’s Assurity SRM™ product can provide organizations with a comprehensive security risk management solution that maximizes return-on- investment for existing hardware, software and training expenditures, while improving the operational efficiency of risk and compliance processes.
The Current Information Security Landscape
As organizations have become increasingly information-centric,the motivations for threats against these resources have evolved from the casual to the criminal. With each new wave of attack, point solutions have been introduced to address them. In fact, if anything is certain in the security marketplace, it is that threats, and the safeguards that contain them, will continue their steady march forward.
Historical Trends of Attack or Misuse, 2006 CSI/FBI Computer Crime and Security Survey
Meanwhile, security management has been caught in a quagmire. Organizations are forced to choose between selecting the best tools for their budget and operational needs, and integrated security management solutions are focused on certain platforms or network hardware. Faced with expanding government regulations and competitive pressures, the need
for consolidation and integration of security operations could never be greater, yet the security market continues its winner-take-all approach.
Even in environments that choose to implement a single-vendor risk management approach, organizations find themselves integrating many different devices, interfaces, and applications together in a process that is anything but simple. Instead of reaping the benefits of reduced complexity and improved efficiency, organizations find themselves locked into a web of compromises. Defense in depth necessitates a layered approach to security across the endpoints, devices and resources in an organization. No single vendor will ever be able to provide all of the best-in-class tools in the risk management equation at the same time. It is clear that a fresh approach to this problem is required to ensure effective risk management and sound compliance practices in real-world environments.
“We need to move beyond today’s
scenario, where users struggle to
implement NAC as a successful security
framework. Just how bad is it?
We’ve found that 40% of enterprises
surveyed had begun NAC deployments,
but only 4% actually finished.”
Overview
Red Lambda’s security risk management system, Assurity SRM™, has a different approach to proactively managing and protecting endpoints, information and resources. Assurity SRM™ uses Red Lambda’s patent-pending collaborative grid technology to integrate seamlessly with existing devices and tools
distributed across an organization, while marshalling unused resources to maximize efficiency. Assurity SRM™ coordinates these tools and devices into virtual teams, each one focused on collecting, processing, responding or proactively managing the environment to mitigate risk and achieve compliance.
Linking threat protection, vulnerability management, network access control, leakage protection and other security controls to a highly-scalable, modular automation framework, Assurity SRM™ gives organizations the flexibility to select the best point technologies for their specific needs without compromise. The entire risk management process of the organization may be controlled and monitored from a central location, or parceled out across a federation of responsible parties, regardless of the underlying technologies in place.
Assurity SRM™ acts as a pervasive policy abstraction layer, allowing administrators to specify proactive and reactive risk mitigation policies spanning the enterprise without worrying about whether or not the specific components were designed to work together. Security controls may be snapped into the framework via modular wrappers that make the controls available as services on Assurity SRM™ collaborative grid. By leveraging these security services together as the building blocks of policy workflows, Assurity SRM™ ensures that the most appropriate technologies are used to address threats, support compliance and mitigate risk.
Real-world security management, punctuated by a high level of integration required by its supporting processes, is frequently a web of one-off scripting and complicated management. Well-understood, proven best practices guide most strategic decisions, yet integrating each new element complicates management and creates new dependencies. Because safeguards from different vendors frequently have no way to coordinate to secure information, overlapping controls can misalign security, creating vulnerabilities rather than protecting from threats.
Unfortunately, IT organizations faced with these challenges find themselves trading agility and efficiency for security. Red Lambda’s Assurity SRM™ solution enables organizations to fully leverage their previous security, endpoint and infrastructure investments, readily accommodate future technologies, and make policy decisions and take action unfettered by the limitations of a specific product suite and inappropriate redundancies.
Red Lambda’s Assurity SRM
™
:
Unified Security Risk Management
5
“The value of access control and threat mitigation
technology is that it’s flexible and not baked into
your infrastructure. This architecture more easily
accommodates a centralized or federated policy
store for consistent enforcement. Moreover,
a software-based solution will operate across
heterogeneous environments, ranging from
hardware like routers, switches, and security
appliances to software like configuration
management, Active Directory, and the client
security server.”
Features and Benefits
Total Security Visibility:
Assurity SRM
™collects,
filters, correlates and aggregates security events from
devices, tools and endpoints across the organization to
monitor and react to threats.
Assurity SRM
™automatically
maps network topology, dependencies, and endpoints,
and performs vulnerability analysis and relative asset
valuations. Combining threat, vulnerability, value and
other factors, Assurity SRM™ quantitatively profiles the
security risk posture of the network, and provides full
threat analysis with path mapping, vulnerability analysis
and automated endpoint security management from
a single interface.
Assurity SRM
™modular wrapper
library has full support for a wide array of open source
and commercial endpoint, network security, logging and
vulnerability analysis tools. In addition,
Assurity SRM
™has an integrated, fully-distributed deep packet inspection
engine, capable of monitoring traffic, applications,
behavior and anomalies across the network.
Ubiquitous Network Access Control:
As part of
its suite of preventative safeguards,
Assurity SRM
™provides fully integrated pre/post-admission network
access control (NAC). Its flexible Java architecture
provides a seamless end-user experience for Windows,
Mac and Linux endpoints over wired, wireless and VPN
connections, with or without 802.1x. Administrators may
choose from a broad array of Layer 2, 3 & 7 quarantine
controls, including VLAN steering, ARP poisoning,
dynamic ACLs, firewall & IPS rules, proxy redirection and
others. Administrators also have the freedom to deploy
any mix of installed agents or agent-less endpoints as
required. Endpoint posture assessment supports a
variety of popular software, and provides administrators
with the ability to add custom applications as required.
Multi-vendor VPN support ensures that policies are
applied correctly to remote hosts. In addition, existing
commercial NAC deployments can be invisibly integrated
into
Assurity SRM
™, providing advanced automation and
risk management capabilities across platforms.
Mitigates Endpoint Information Exposure:
Assurity SRM™ proactively tracks endpoint information exposure, monitors and configures access controls, correlates audit records and maintains encryption. The system proactively manages endpoint information leakage protection (ILP) policy and integrates with best-in-class 3rd part ILP solutions for complete solutions for protecting data in motion and data at rest. Integrated risk analysis incorporates exposure information for more thorough risk visualization.
Supports Compliance Requirements:
Assurity SRM’s™ underlying collaborative grid maintains secure archives of correlated and aggregated threat, vulnerability, control and policy action information. Users may choose retention periods, encrypted storage and other options in support of the most demanding compliance requirements. Holistic auditing, extensive notification support and automated reporting save time associated with compliance and regulatory processes.
Red Lambda’s Assurity SRM
™system provides numerous benefits to
organizations seeking to holistically take control of their risk management
operations. Namely:
Vulnerability & Configuration Management:
Assurity SRM™ provides automated configuration and remediation of endpoint security, including support for popular patch deployment tools, native OS manipulation and other mechanisms. Administrators may also choose to mix in self-remediation processes that transfer responsibility for compliance to the end user for environments desiring that approach. In addition, Assurity SRM™ supports a large collection of open source and commercial vulnerability analysis tools to take full advantage of existing investments in training and software.
Modular Software-based Framework:
Assurity SRM™ is a software-only solution that is designed to harmonize, not replace, existing network hardware, security appliances, software tools and endpoints. Its collaborative grid framework seamlessly coordinates underutilized resources, information and interfaces across an organization to perform the underlying tasks required for security risk management. A modular wrapper-based architecture allows new third party point solutions to be included ad-hoc as needed, and a large library of wrappers for open source and commercial security tools, network hardware and software applications is included.
Assurity SRM™ acts as a policy abstraction layer, coordinating disparate capabilities, and allowing administrators to take a strategic, integrated approach to security risk management.
Integrated Risk Management Console:
Assurity SRM™ management console provides dashboard views of all risk, threat, vulnerability, configuration, exposure and network access control information. Central policy administration, asset valuation and the visual workflow
designer combine with overlay-driven network visualization, comprehensive reporting and integrated case management to dramatically reduce the cost of managing security risks and meeting compliance requirements.
Streamlines IT Operations Workflow & Reduces Costs:
Assurity SRM™ provides an extensive library of pre-defined policy actions that can be selected for rapid deployment. In addition,
Assurity SRM™includes a visual workflow automation designer, which allows the deployment of complex actions by simply drawing their flow chart. This capability drastically reduces the burden of administration by acting as an abstraction layer between custom actions and the specific devices and tools of the network.
Radical Scalability:
Assurity SRM™ underlying foundation is based upon collaborative grid architecture, a unique fusion of the best elements of grid computing and P2P. Unlike other solutions based on dedicated hardware, or client-server architectures, Assurity SRM’s™ underlying collaborative grid architecture is scale-free. This means that Assurity SRM™ has no practical limit to the size of its deployed environment. With its ability to leverage spare distributed resources, Assurity SRM™ continues to become more resilient and more capable the more nodes that are deployed. This means no requirement for dedicated hardware, no more monolithic upgrades and best of all, a minimal total cost of ownership (TCO).
Features and Benefits
Red Lambda is a leader in the development of collaborative grid technology - a fusion of traditional grid computing and P2P - for use in distributed computing applications, Red Lambda’s proprietary cGRID™architecture is at the forefront of collaborative grid platforms. Every Red Lambda product leverages cGRID™’s extreme scalability, resiliency, and computational efficiency, resulting in products that integrate easily into various network environments.
Red Lambda was founded by a quorum of experts from network engineering, security, the sciences and software development who believed that there had to be a better way to secure
organizations. Instead of trying to build a better mousetrap, the team at Red Lambda focused on solutions that coordinated and harmonized resources, allowing them to be used together to collectively protect against threats, automate workflow and mitigate risk.
Red Lambda’s proven security solutions have yielded exceptional results, and earned high praise from customers, analysts and reviewers alike. Please visit www.redlambda.com for case studies, and more information about how we can help you let your network protect your network.
Why Red Lambda?
A Look To The Future
Red Lambda’s mission is clear: We are committed to delivering practical,
experience-driven security solutions for integrated security management,
automation and risk mitigation.
The future of yesterday has become the reality of today.
Information security is on the cusp of an integration renaissance, during which organizational strategy and security operations will be unified to achieve practical goals and solve real problems. IT administrators need to continue to be able to choose the best technologies for their goals, budget and immediate needs, without losing integrated policy coordination. Aligning business priorities with information security requires a flexible, intelligent solution that
works with, not against, existing investments to maximize ROI and minimize TCO. A system focused on proactively mitigating risk as the means to providing tangible value to the enterprise.
Red Lambda’s Assurity SRM™ solution is the first fully distributed, modular security risk management framework designed to streamline operations, eliminate vendor compromises, ensure compliance and most importantly, improve security.
