1. Review the Week 7 & 8 readings and then research 3 or more points of analysis that can be used in a critical analysis for Case Study #4. Choose your points of analysis from the following list:
• Enterprise Security Architecture
• Component Security Architecture
• Security Service Management Architecture
• IT Management Roles (in the context of IT Security Solutions
• Architect / Builder
• Partner
• Project Coordinator
• Systems Provider
• Technological Leader
2. Choose two different case studies posted by your peers and then write a critical analysis for each using the points of analysis identified under item #1 (see the Discussion Rubric for additional requirements).

Introduction to Security Information and Event Management (SIEM)

Every network infrastructure needs technology that is able to control and detect threats that may occur throughout its network life. The use and deployment of this technology along with its capabilities is a vital key in the success of the security of the company. This technology is security information and event management (SIEM). This technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources (Gartner IT Glossary, 2016). The centralized storage of information in the SIEM system combines both a security information management (SIM) and security event management (SEM) system functions into one. This makes the interpretation of logs and real-time analysis easier for security personnel to review in order to take appropriate action (Rouse, 2016). The use of a SIEM system allows for monitoring of systems in multiple locations from a single point of view. These systems include end-user devices, servers, network equipment, firewalls, anti-virus and intrusion prevention devices.

Features, Capabilities, and Deficiencies

The McAfee Enterprise Security Manager is a leader in the Gartner Magic Quadrant for SIEM. This is an ideal security solution that delivers performance that a network needs to monitor all activity on systems as a whole. The McAfee solution has real-time monitoring and an understanding of outside threat data and reputation feeds as well as a view of the systems, data, risks, and activities inside an enterprise (McAfee.com, 2016). This monitoring is able to prioritize information in a matter of minutes. This is critical to be able to access long-term event data. This process can collect and correlate log events from multiple years at the speed enterprises require. The McAfee Enterprise Security Manager is able to store billions of events and flows, which allows information to be available for immediate ad hoc queries, forensics, rules validation and compliance (McAfee.com, 2016). This security manager has a few deficiencies that were found. Some users found the McAfee support services as hit or miss. There are also several add-ons that are not included with the base McAfee Enterprise Security Manager. Although, not necessarily needed, to provide a full range of protection, the client would be advised to purchase them as well. It does come with a heavy price tag of $47,994 for the hardware version and about $8,000 less for the VM software version (SC Magazine, 2016).

Client Integration

The client is looking for a SIEM or UTM solution that will fit well into their network infrastructure. They are looking for a unified solution that is more up to date that is able to provide real-time monitoring, threat analytics with event management and reporting. The McAfee Enterprise Security SIEM Solution has the ability to give the client each of these requirements with even more benefits beyond. This solution will give the client the high level analytics that it is looking for by integrating with McAfee Network Threat Behavior Analysis application for the protection it desires. The McAfee Application Data Monitor provides the detection that is needed for the client by using packet-level inspecting to monitor data and data access (Richards, 2015). The McAfee Enterprise Security Manager is able to react to event and audit information from all of the McAfee network technologies. The detection requirement is customizable to each enterprise. The client is able to set a baseline of what is considered normal operations. There is a centralized interface that shows the documentation of incidents that have occurred and require investigation. The McAfee solution is well suited for the clients needs. It is easy to use and drops quickly into existing infrastructure, which adapts to new requirements (McAfee.com, 2016). It is able to grow with the client by offering single appliance deployments for smaller enterprises to distributed solutions for large enterprises (McAfee.com, 2016). This solution is able to monitor network traffic, user activity or application use. Because the client is looking for protection from email attachments and web browsing, this fits perfectly. It also provides integrated prevention within anti-virus applications, host-based firewalls as well as router-based firewalls. Finally, the McAfee Enterprise Security Manager is easy to use right out of the box. It has the ability to set up hundreds of reports, views, rules and alerts to use immediately and are easily customizable (McAfee.com, 2016). The use of this solution is a smart decision, which will allow a comprehensive and optimized benefit to any network enterprise.

Reference

McAfee Enterprise Security Manager. (2016). McAfee.com. Retrieved from http://www.mcafee.com/us/resources/data-sheets/ds-enterprise-security-manager.pdf

Richards, K. (2015). Security Readers' Choice Awards 2014: SIEM. SearchSecurity. Retrieved from http://searchsecurity.techtarget.com/feature/Security-Readers-Choice-Awards-2014-SIEM

Rouse, M. (2016). What is security information and event management (SIEM)?. SearchSecurity. Retrieved from http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM

Security Information and Event Management (SIEM). (2016). Gartner IT Glossary. Retrieved from http://www.gartner.com/it-glossary/security-information-and-event-management-siem/

SIEM | SC Magazine. (2016). Scmagazine.com. Retrieved from http://www.scmagazine.com/ siem/products/6428/0/

2)

To provide the customer with stronger protection against what the firm’s insurance company recommends: email anti-virus, URL filtering, and a stronger protection against network-based threats, A Unified Threat Management solution is the avenue to pursue in this case.  According to the Gartner IT Glossary, “Unified Threat Management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs).  Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus [AV]) and messaging security (anti-spam, mail AV).” (Gartner, Inc., 2016)  Check Point is the perfect vendor to pursue for the solution, as they provide a solution that will cover all of these aspects, and more, by subscription, so the firm only needs to purchase what it needs.

Strengths

• “Check Point’s reporting and management console is consistently very highly rated by midsized companies that need to handle any complexity.” (D'Hoinne, Hils, Young, & Kaur, 2015)
• “Check Point provides a strong set of options to protect against custom malware with its sandboxing subscription (Threat Emulation Cloud Service), a variety of threat intelligence feeds (ThreatCloud IntelliStore) and a recently released feature that can automatically remove suspected harmful content from downloaded file (Threat Exraction).” (D'Hoinne, Hils, Young, & Kaur, 2015)
• “Check Point UTM integrates with the vendor’s cloud-based security service for mobile and remote users, providing a unified security policy for mobile and corporate users.” (D'Hoinne, Hils, Young, & Kaur, 2015)

Having the capability of having threat intelligence built in to the product allows the customer to get the latest information on threats available, and that is highly recommended for the security of the firm’s network environment.  Also, have the capability to protect both the mobile and remote users is paramount to the success of the firm.  Even if the mobile platform is not yet being used within the firm, the capability to be able to secure those assets is a must.

“As the threat landscape continues to grow more complex, Check Point is committed to protecting organizations of all sizes today against the ever-changing threats of tomorrow.  The combination of Check Point’s Next-Generation Firewalls, Next-Generation Threat Prevention and mobile security technology represent the most innovative and cohesive enterprise security technologies on the market.”  (Check Point Software Technologies Ltd, 2015)  This could be the main reason that Check Point has been named the Leader in the Magic Quadrant for the fifth consecutive year (as of 2015).  Having the vision to see, and prepare for the threats of the future is what makes Check Point a must have.

In a review of Check Point’s UTM products – straight out of the box – David Strom states: “It also offers a leading-edge user interface that is clean, easy to understand, and has the best-looking and clearest menus of any of the boxes I have used.  It’s policy-creation tools are also straightforward, and it’s easy to understand the inherent workflow – unlike the tools on Juniper’s SRX or Dell’s SonicWall.  It also works well with mixed Mac and Windows networks.” (Strom, 2016)  This is advantageous to many organizations, as most have these mixed environments.  Finding the necessary security tools that operate in these types of environments ensures the security of those devices.

Flexibility is also a factor in the product that is chosen.  “Be default, Check Point’s appliance enables all of its ports on a single LAN switch, and you can define any port to be part of any network via its configuration software; so, it is quite flexible.  For the smaller boxes that have an integrated wireless access port, organizations can set up multiple SSIDs for the wireless interface with just a single policy selection.” (Strom, 2016)  Also having the wireless security capability factors in to the mobile user environment.  Ensuring that there is security in place for these users ensures that productivity doesn’t suffer, as teams can collaborate in the environment without having to be hard-wired in to the network.

Check Point offers a robust capability to secure the firm’s environment from a single console. The ease in securing the IT infrastructure is something that normally weighs heavily in the decision making process, as there is hardly the resources available to be able to secure the environment. Having the capability to secure any type of device, operating system, or email product is provided in Check Point’s solution. It provides everything that the insurance company is basically mandating, and then some. Check Point provides everything straight out of the box, with some configuration, but with the ease of using its management console, should not take a lot of time to implement. The threat intelligence that the tool offers is advantageous to any organization to stay ahead of the threats that may arise at any time, and provides the capability to see and remediate those threats.

References

Check Point Software Technologies Ltd. (2015, September 15). Check Point Positioned as a Leader in the 2015 Magic Quadrant for Unified Threat Management. Retrieved from Check Point Software Technologies Ltd.: http://www.checkpoint.com/press/2015/check-point-positioned-as-leader-in-2015-magic-quadrant-for-unified-threat-management/

D'Hoinne, J., Hils, A., Young, G., & Kaur, R. (2015, September 14). Magic Quadrant for Unified Threat Management. Retrieved from LinkedIn Pulse: https://www.linkedin.com/pulse/magic-quadrant-unified-threat-management-c-selection

Gartner, Inc. (2016). IT Glossary. Retrieved from Gartner: http://www.gartner.com/it-glossary/unified-threat-management-utm

Strom, D. (2016). Check Point UTM Threat Prevention Appliances: Product review. Retrieved from SearchSecurity: http://searchsecurity.techtarget.com/feature/Product-review-Check-Point-Software-UTM-Threat-Prevention-Appliances