1. CA: A New Step into Security Management

2.  eBusiness = business  A cultural shift — security is a part of the business fabric  Security is prevention AND enablement It’s not just about blocking  Increased pressure for regulatory compliance, for example, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) and California Senate Bill 1386  Breadth and depth of solutions Security — The New Realities

3. Antivirus The Theory of “Defense in Depth” (DiD) A B C D F Information Security Readiness Application Gateway Network and Host Intrusion Detection Systems (IDS) Physical Security Content Filters Identity Management Access Control Typical DiD Mix of Products Quantity and Sophistication of Solutions More = better, right? Firewalls

4. Antivirus Logs A B C D F No Information Sharing Between Products Unmanageable Signal/Noise Ratio Information Security Readiness Application Gateway Logs Network and Host IDS Logs Physical Security Logs Content Filters Identity Management Logs Access Control Security Data Diminishes Security Readiness The Reality of “Defense in Depth” Firewall Log More = Less

5. Do the Math Millions of Events/ Day = Security Information Overload Millions of Events/ Day = Security Information Overload Security Solutions Multiple Antivirus Vendors Firewall VPNs Access Control Web Access Control Intrusion Detection User Administration Public Key Infrastructure Vulnerability Tools Alarms/Alerts Security Solutions Multiple Antivirus Vendors Firewall VPNs Access Control Web Access Control Intrusion Detection User Administration Public Key Infrastructure Vulnerability Tools Alarms/Alerts Platforms MS Windows 9x NT/2000/2003 MS Windows XP Linux UNIX z/OS Embedded System Platforms MS Windows 9x NT/2000/2003 MS Windows XP Linux UNIX z/OS Embedded System Number of Servers Gateways Desktops PDAs Phones Mobile Handhelds Number of Servers Gateways Desktops PDAs Phones Mobile Handhelds Applications Sap Oracle PeopleSoft WebLogic Apache IIS External Internaal Shared Applications Sap Oracle PeopleSoft WebLogic Apache IIS External Internaal Shared Number of Users Number of Users xxxx=

6. eTrust ™ Security Command Center (eTrust SCC) “I have 1.3 million events a day. I need more than a GUI that will display these. I need to see only what’s important without saturating my network.”

7. Control Access to Resources Manage Vulnerabilities and Content Manage Users What is eTrust ™ ?

8. Managing Security Information Overload eTrust ™

9. Partner Quote “ CA’s eTrust Security Command Center fits very well within our overall solutions strategy, and is something we’re very excited to add to our portfolio of offerings. Many of our clients talk about the need to bring logic and order to the overwhelming amount of security-related data they deal with on a daily basis, and products like CA’s eTrust Security Command Center are a big step toward making this a reality.” Mark Doll Americas Director Security and Technology Solutions Ernst & Young

10. eTrust SCC Operational & Situational Awareness Third-Party Integrations Role-Based Views

11. eTrust SCC Reports

12. Manage Users Manage Vulnerabilities and Content Control Access to Resources eTrust ™ Network Forensics Introducing eTrust ™ Network Forensics

13.  eTrust Network Forensics Value Proposition –Mitigate risks through proactive network security analysis –Provide holistic insight into nodal communications to help enable regulatory and corporate policy compliance through early detection of misuse and abnormal behavior –Complement existing security solutions with powerful visualization rendering and analysis during forensic investigations  Managing Risk and Protecting Value –Data collection and visualization for network security forensics –Pattern and content analysis –Forensic analysis and investigation eTrust Network Forensics Value Proposition

14. Note: The entire eTrust Network Forensics system methodology is protected by PAT SR 6,304,262 and SR 6,269,447 eTrust Network Forensics components  Data collection and visualization –Monitor and analyze data from all seven layers of the Open Systems Interconnection (OSI) stack –Binary tree ontology for knowledge base –TCP dump recording: records traffic being monitored in an unprocessed state for forensic evidence  Pattern and content analysis –“Intelligence-grade” traffic analysis –Binary-level, n-gram analysis –Functions irrespective of language  Forensic analysis and investigation –Visual arrangement production that includes source, destination, time, type and duration of communication –Monitor and record content Key Features

15. A Picture is Worth a Thousand Words

16.  Profile –A computer crime investigations company servicing Wall Street firms –Focuses on post-incident forensic analysis  Issue –Costly and time-consuming effort to provide investigation services –Manual aggregation and correlation of logs to identify issues, breaches and patterns –Labor-intensive, manual generation of credible evidence  Action taken –Deployed eTrust Network Forensics at customer sites  Result –Rapidly identified “trouble spots” through visual cues –More quickly identified abnormal traffic behavior through link-node correlative analysis –Enabled incident sequencing to understand event propagation Computer Crime Investigators

17. VPN Traffic Events Overlay Intrusion Detection System Alerts Blocked Firewall Traffic eTrust Network Forensics Analyzer Example: Event Correlation

18.  More than 100 customers –More than 20 customers are government security agencies/departments  Significant presence in regulated or IP-intensive industries, such as health care and financial services eTrust Network Forensics Customers

19. Thank you