|
Overview
In a world of wireless and mobile computing devices, home offices and a myriad of compliance requirements, the traditional model of network defense is increasingly unreliable.
Highlights
• Client-based and hosted platform
• Guaranteed uptime
• 24x7x365 monitoring and escalation
• 24x7x365 help desk
• Service level agreement
• Flat monthly pricing
• Snort-based performance and precision
• Real-time network discovery
• Integrated normalized vulnerability database
• Change detection and management
• Surgical scanning of suspect assets
• Automated workflows and reporting
• SOX, GLBA, SB1386, HIPAA and FISMA compliance
The Managed Intrusion Detection solution (IDS) from CH2M HILL Managed Services automates an otherwise manual process, while providing the flexibility to suit the needs of any network regardless of size.
CH2M HILL’s IDS provides a secure, managed and fully integrated enterprise application that combines real-time network and asset awareness with state of the art threat detection. Managed IDS provides 24x7, real-time visibility into all network assets, resulting in action taken before a vulnerability becomes a bigger problem.
This includes:
• Threat detection and vulnerability shielding
• Proactive vulnerability monitoring
• Compromise detection and isolation
• Network usage and policy enforcement
• Notification of anomalous violations
Key Benefits
• Knowledge of each machine on the entire network
• Detection of Spyware compromise and quick quarantine of infected files
• Detection and shut-down of illegal mail servers and rogue desktop applications, including Web servers
• Enforcement of corporate policy regarding P2P restrictions (ex. music download and instant messaging)
• Knowledge of malicious behavior in a device
• Maximize integrity of network
• Documentation and assurance of industry compliance
Features
Continuous, instant, real-time visibility into all network assets:
• Network asset profiles including IP address, OS and version, services and version and ports
• Asset behavioral profiles including traffic flow and type
• Network profiles including hop count, TTL parameters and security vulnerabilities
• Change events for new, changed and behaviorally anomalous assets
Turnkey:
• 24x7x365 monitoring, management, help desk and response
• Manage multiple IDP sensors from a single management console
• Correlate event data to get an comprehensive network event activity report
• Prioritize security events based on relevance, vulnerability, operational importance and other factors
• Define network security policies that are applied to security information in real-time
• Prioritize response to security events at any desired automation level
• Defense center consoles configure as high availability guaranteeing 99.99% uptime
Intrusion sensors:
• Use a powerful combination of signature, protocol and anomaly-based inspection methods to achieve maximum attack detection and prevention capability
• Every aspect can be configured and customized to ensure users detect and prevent events more important to them
Sensor rules:
• Examine packets at both the IP protocol level and application level
• Look for specific occurrences of attacks against protocol or set to look for the conditions of an attack
• Set to alert not only on events, but to drop the packet or replace malicious content with benign
• Critical threats are contained via techniques including dropping traffic, disrupting device sessions and integrating with access control devices
24x7x365 help desk
• Centrally manage critical network functions
• Event monitoring, correlation and prioritization for incident response
• Forensic and trend analysis
Real time defense
• General event logging and sending of network discovery events to the defense center database
• SYSLOG notification which forwards events to the system log of a specified host. This notification is very useful if a SIM is being used.
• Email notification can be used to keep individuals and systems properly informed of selected events, page individuals or to draw attention of an analyst to a threat
• SNMP notification forwards events in the form of an SNMP trap to a specified network and system management framework such as Tivoli
• Interaction with any system that supports programmatic integration including active scanners, patch management systems and configuration management systems |
|