confidential and proprietary copyright ©2004 foundstone, inc. all rights reserved »foundstone...
Post on 21-Dec-2015
226 views
TRANSCRIPT
Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
» Foundstone Enterprise 4.0Detailed Product Presentation
2Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Agenda
» Foundstone Solutions
» Truly Enterprise-Class
» Asset-based Vulnerability Management
» Unmatched Assessment Horsepower
» Life-cycle Threat Management
» Stream-lined Remediation
» Measurement & Benchmarking
» Interoperability: Foundstone Link
» Total Cost of Ownership
» Competitive Comparison
3Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Foundstone Product Family
» Foundstone Enterprise v4.0– Enterprise-class, award-winning vulnerability management system– Options include:
– Remediation Module – Threat Correlation Module
– Appliance-based– Feature-rich and the most scalable risk management system available– Low cost of ownership: automated download and installation– All updates Foundstone tested & approved
» Foundstone Enterprise v4.0– Enterprise-class, award-winning vulnerability management system– Options include:
– Remediation Module – Threat Correlation Module
– Appliance-based– Feature-rich and the most scalable risk management system available– Low cost of ownership: automated download and installation– All updates Foundstone tested & approved
» Foundstone On-Demand Service– Hosted system engineered to manage and mitigate risk– Integrated threat intelligence alerts and correlation– Zero-deployment; no administration or maintenance
» Foundstone On-Demand Service– Hosted system engineered to manage and mitigate risk– Integrated threat intelligence alerts and correlation– Zero-deployment; no administration or maintenance
» Foundstone Professional TL– Designed for consultants and auditors– Enterprise-class functionality and scalability
» Foundstone Professional TL– Designed for consultants and auditors– Enterprise-class functionality and scalability
4Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
The Foundstone Vulnerability Management (VM) Lifecycle
Risk = A x V x TC C
Risk = A x V x TC C
5Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Enterprise-Class
» Web-based, centralized management
» Hierarchical user account system supports even the most complex organizations
» Flexible role-based access control for scanning & remediation
» Unprecedented performance & reliability: unique scanning architecture
6Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Enterprise-Class
Features & BenefitsFeatures & BenefitsWeb-based, centralized management
Automated vulnerability, threat and knowledgebase updates from Foundstone
Safe and lightweight: built-in scan traffic load balancing
Graceful handling of latency issues and network disruptions
7Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Enterprise-Class
Features & BenefitsFeatures & BenefitsHierarchical model supports even the most complex organizations
Easy, delegated administration using Workgroups for offices, regions, etc.
Flexible role-based access control for users
Granular permissions for scans, remediation
8Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Enterprise-ClassFeatures & BenefitsFeatures & Benefits
Unique parallel architecture allows many scans to execute at once on a single engine
A single scan is automatically distributed into multiple subscans for enhanced scan performance
Scan recovery with no data loss due to batch-based design
9Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Asset-Based Vulnerability Management
» Driven by agent-less asset discovery
» Classify using detailed, flexible criteria
» Scan by business function, geographic region, etc.
» Tickets can be automatically assigned to group asset owners
» Asset criticality can be used to focus remediation tasks on the most important systems
10Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Asset Classification
Features & BenefitsFeatures & BenefitsDriven by agent-less asset discovery
Classify using detailed, flexible criteria
Assign group properties such as asset owners & criticality values
11Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Asset-Based Scanning
Features & BenefitsFeatures & BenefitsCreate scans by asset value or owner
Easily include/exclude hosts based on OS, name, and other properties
Scan by business function, geographic region, etc.
12Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Asset-Based Remediation
Features & BenefitsFeatures & Benefits
Tickets can be automatically assigned to group asset owners
Asset criticality can be used to focus remediation tasks on the most important systems
13Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Assessment Horsepower
» Deep, agent-less assessment across all layers of infrastructure
» Discovers and analyzes every system on the network, from database to router
» Uses patent-pending OS identification and vulnerability analysis techniques
» Based on the customizable Foundstone Scripting Language (FSL)
» Unprecedented ease of use:– One-click quick scans– One-click scan performance / bandwidth
optimization
14Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Assessment HorsepowerBeyond Traditional Vulnerabilities:
Specialty Assessment Modules
» Windows Module – Patch & policy testing– Trojan & spyware detection
» Wireless Module– Discovery of access points
& clients– Mapping & vulnerability analysis
» Web Application Module– “Unknown” vulnerabilities within custom web apps.– Crawls, inventories & then intelligently analyzes
– Examples: source code disclosure, SQL error handling, weak usernames and passwords, “hidden” sensitive files and archives
15Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Life-Cycle Threat Management
» Intelligence alerts on critical breaking threat events such as worms and exploits
» Faster than a check– shows threat impact immediately without running another scan
» Risk-ranking of assets prioritizes threat response so that the most important hosts are protected first
» Threat response benchmarking by business unit
» Measures response efforts vs. an established remediation goal
16Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Threat Monitoring Features & BenefitsFeatures & BenefitsIntelligence alerts on critical breaking threat events such as worms and exploits
Automatically updated on a daily basis
Alert correlation rules show how a threat event will impact your networks
17Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Threat AnalysisFeatures & BenefitsFeatures & BenefitsFaster than a check– shows threat impact immediately without running another scan
5-factor correlation displays results by likelihood of a successful attack
Risk-ranking of assets prioritizes threat response so that the most important hosts are protected first
18Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Threat ScanningFeatures & BenefitsFeatures & Benefits
Correlation results feed rapid threat scans or remediation activities
Threat scans easily created for a single or several vulnerabilities
Threat scans complete quickly, even for large Class B and A networks
Alerts can be sent directly to staff pagers via email
19Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Threat BenchmarkingFeatures & BenefitsFeatures & BenefitsThreat response benchmarking by business unit (e.g. geographic region, workgroup, office) or operating system
Progress automatically updated based on enterprise remediation efforts
Effective comparison model: set up by administrator, seen by all users to gauge status versus peers
20Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Threat Compliance Tracking Features & BenefitsFeatures & BenefitsMeasures response efforts versus an established remediation goal
Progress measured in % of compliance-- based on # of vulnerable hosts for one or many threat events
Graphs easily downloaded or modified for on-the-fly reporting
21Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Stream-Lined Remediation Workflow
» VM Pioneers: Introduced integrated remediation workflow in early 2002
» Vulnerabilities automatically turn into easily managed tickets
» Rules-based automatic ticket assignment using multiple, flexible criteria
» “Ignore” vulnerability feature allows for creation of policy exceptions
» Closes tickets for fixed vulnerabilities with no manual intervention
22Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Automatic Ticket Creation Features & BenefitsFeatures & BenefitsVM Pioneers: Introduced integrated remediation workflow in early 2002
Vulnerabilities automatically turn into easily managed tickets
Comprehensive control over ticket creation by scan / vulnerability severity
Establishes accountability: the key to getting vulnerabilities fixed
23Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Automatic Ticket Assignment Features & BenefitsFeatures & BenefitsRules-based automatic ticket assignment using multiple, flexible criteria
Automated export of tickets to 3rd party helpdesk systems (e.g. Remedy)
“Ignore” vulnerability feature allows for creation of policy exceptions
24Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Automatic Ticket Closure Features & BenefitsFeatures & BenefitsCloses tickets for fixed vulnerabilities with no manual intervention
One-click verify scans to confirm fixes
Comprehensive searching feature enables for simple remediation progress analysis and tasking
25Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Measure and Benchmark
» FoundScore: intuitive 0-100 security scoring system based on vulnerabilities and asset criticality
» MyFoundScore: customizable scoring that matches your policy
» Risk Score: immediately visible statement of overall enterprise risk level– Considers impact of breaking
threat events on assets and existing vulnerabilities
» Interactive, executive dashboard for comparing business units/regions, platforms and tracking key statistics
26Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Interoperability: Foundstone Link
» Open architecture leverages current technology investments– Seamlessly integrates with existing database, network &
system management solutions– Open database design works with 3rd party reporting tools
& custom SQL queries– Web services-based
» API set to allow external applications to leverage the power of FoundScan engines
– Scan creation, scan management, scan results access
» Authentication API for use with Netegrity Siteminder, RSA SecurID, LDAP and other technologies
» Support for standards such as CVE, IAVA, & SANS/FBI Top 20
27Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
Total Cost of Ownership
» Focus on interoperability and management results in overall low TCO– Vulnerabilities, threats and system can be automatically updated– No appliance patches to test or install– Does not require additional staff or skill sets
» Comparison of TCO against competing vulnerability management services results in significant savings over a 5-year period
YearYear FoundstoneFoundstone CompetitorCompetitor DifferenceDifference
1st year $187,747 $140,079 $58,845
2nd year $240,494 $275,646 ($37,698)
3rd year $293,240 $411,213 ($134,241)
4th year $345,987 $546,780 ($230,784)
5th year $398,734 $682,347 ($327,327)Numbers based on projected pricing for a 10,000 system environment, HW/SW/Services included
28Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved
CapabilityFSton
enCircle
Qualys
Tenable
eEye ISS
Enterprise-Class
Assess. Quality/Depth
Flexible, Open Arch.
Threat Corr. Module
Risk Mgmt. / Metrics
Full, Flexible Reporting
Robust Remed. Module
Full User System / RBAC
Compliance Reporting
Competitive Comparison
- Full capability - Some capability (blank) – No capability