Enterprise Security Management Franklin Tinsley COSC 481
Overview Introduction Examples of PSP’s Point Solution Products What is ESM What ESM Does Purpose Desired Properties of ESM Conclusion
Introduction Given the important role of information technology in today’s enterprise, information security is a key component in modern planning and management. However as enterprises continue to grow larger security continues to become more challenging. To meet this challenge, security vendors began providing point solution products for known security problems.
Examples of PSP’s Firewalls control access to company network IDS monitor possible intrusions Sniffers analyze packets transmitted in and out of networks Antivirus Software mitigate risk of virus attacks
Point Solution Products Usually come from different vendors and run on different operating systems. This results in large complex environments, because of the different pieces of hardware, operating systems and application software. Each product performs the functions that is was designed to do. However as a whole the products are not usually compatible and often do not talk to each other.
What is ESM ? Enterprise Security Management involves creating enterprise wide security solutions and managing security information from an enterprise perspective. This occurs by creating a solution that determines the best way to design and configure the products to complement and enhance the security solution
What ESM Does ESM centralizes network information in one local place and has the ability to collect, process and report in real time the various types of security devices or applications deployed on a network ESM takes into account the business function of the network and the mission criticality of the information residing in the network device.
ESM Cont ESM must be flexible enough to provide efficiency in information transfer, filtration and transmission minimizing network congestion. While allowing peer to peer communication and continuous growth for future network expansion.
Purpose The purpose of ESM is to help reduce the amount of data that is forwarded to the analysts by only forwarding important events, reducing the number of false positives, leaving more time to deal with actual attacks. Allowing for more insightful decisions during the decision making process.
Holistic Approach Holistic Approach- Taking into account the nature of the business, the security information captured, and its relationship to the organization’s security policy. Ensuring that the solution chosen is relevant to the enterprise and serves the correct security need.
Event Correlation Event Correlation- Takes information from diverse sources and find relationships that are not immediately obvious. This results in improved incident response with relevant solutions to problems.
Centralized Management Centralized Management- ESM should allow for an enterprise view of security in the organization from a central location. Allowing for remote deployment of policies to multiple devices along with communication between the control point and remote devices.
Portability The ESM should be platform independent. This will ensure that deployment is not a costly process when the organization has to modify its business to a new environment when ESM is deployed
Conclusion As a result of the level of complexity that goes with capturing, classifying analyzing and correlating different types of data from a number of sources enterprise security management will remain a demanding task. However management will be able to make better decisions regarding the business and security based on the information gathered.
References sei/features/2005/1/feature htmhttp:// sei/features/2005/1/feature htm als/practicals/gsec/2750.phphttp:// als/practicals/gsec/2750.php Matunda Nyanchama, PhD, CISSP & Paul Sop, CISSP, CISA. “Enterprise Security Management: Managing Complexity” hitepapers_form.htmlhttp:// hitepapers_form.html