ReadyARM

Overview

Security products are known to be:

• Difficult to learn
• Difficult to use
• Difficult to integrate

Many IDS solutions require a full-time employee (FTE) to administer this solution.

Regulatory Requirements now require:

• Monitor for intrusions
• Perform periodic vulnerability assessments
• Provide detailed reporting

Avanton provides enterprise class security and network monitoring for smaller enterprises.

ReadyARM installs in less than two hours.

Training for ReadyARM is done in less than one hour.

Users can get to reports in three mouse clicks.

Overview

Watches traffic throughput, compares packets to known "signatures".

Offline analysis, not a critical point in the data stream.

Simple installation and use.

No need to have a dedicated employee to operate and maintain (unlike other IDS solutions).

IDS Rules Editor

Ability to select which signatures are used or omitted from the database.

Ability to add signatures to database as well.

Extremely simple interface to add or omit signatures.

User can use mouse and select a check box to add or omit.

IDS Event Correlation

IDS events are correlated to vulnerability scans, to see if the attack will have an adverse effect on the network.

If the network is truly vulnerable, then the system will alert and report on it.

ReadyARM includes this as a capability in the base version of the appliance.

Very few competitive solutions offer this feature .

Auto-signature Updates

Ability to realize updates exist, from a lookup on the Internet.

Avanton keeps a watch on the required signatures.

Signatures are created on as needed basis.

Typical turnaround is 24 hours from known vulnerability to release.

If an update exists, the unit automatically downloads and installs (user can also select to notify and download/install manually)

Overview

Since we know that:

• 85% of all intrusions are accomplished via known vulnerabilities.
• 80 new vulnerabilities are found each week.

Scans all network devices for known vulnerabilities (or weaknesses that can be potentially exploited by an intruder).

Problems can exist in the:

• Operating system
• Registry setting
• Etc.

Testing must be done on a regular basis (also, required by regulatory agencies).

Avanton provides the end user with the ability to test their network regularly for vulnerabilities.

These scans can be scheduled at regular intervals, or run manually as required.

The IT department can use the lists and reports to play their activities for the week, knowing what vulnerabilities exist.

ReadyARM reports the vulnerabilities based on priority levels, which assists in the determination of which fix should be implemented.

Detailed Reports with Remediation

Detailed Lists of events

Detailed reports with graphical results

Remediation steps and recommendations

Reports provided in the formats required to comply with HIPAA, GLBA, SOX, and more.

Overview

Since we know that:

• 85% of all intrusions are accomplished via known vulnerabilities.
• 80 new vulnerabilities are found each week.

Scans all network devices for known vulnerabilities (or weaknesses that can be potentially exploited by an intruder).

Problems can exist in the:

• Operating system
• Registry setting
• Etc.

Testing must be done on a regular basis (also, required by regulatory agencies).

Avanton provides the end user with the ability to test their network regularly for vulnerabilities.

These scans can be scheduled at regular intervals, or run manually as required.

The IT department can use the lists and reports to play their activities for the week, knowing what vulnerabilities exist.

ReadyARM reports the vulnerabilities based on priority levels, which assists in the determination of which fix should be implemented.

Auto-signature updates

Ability to realize updates exist, from a lookup on the Internet.

Avanton keeps a watch on the required signatures.

Signatures are created on as needed basis.

Typical turnaround is 24 hours from known vulnerability to release.

If an update exists, the unit automatically downloads and installs (user can also select to notify and download/install manually).

Overview

Network Monitoring focuses on determining when key systems and/or services are not available. Then, steps are taken to alert the proper personnel.

Automatic Discovery

Automatically detects all devices on network (routers, switches, firewalls, PC, UNIX, Linux, Mac, etc.

Automatically detects what services are there.

ReadyARM does not require any input.

Automatically realizes all devices, software and services that exist.

Availability Polling

Device polling—Checks up/down status of monitored systems.

Service Polling—Looks for services running and extracts list of (HTTP, HTTPS, FTP, SNMP, POP, etc.)

ReadyARM does polling on a five-minute basis.

Should a device or service be down, the unit will notify the appropriate person (user definable).

Email Notifications

All aspects that are monitored can provide alerts if out of range.

ReadyARM will send message to email account, cell phone, or pager utilizing email server.

ReadyARM incorporates an email server, to permit sending of emails even if the email server is down.

Overview

Provides a detailed protocol analysis and inspection of traffic to determine any problems.

ReadyARM does not require any input.

Automatically realizes all devices, software and services that exist.

Protocol Distribution

Will analyze traffic within the network.

Provide detailed reports.

ReadyARM collects information in 5-minute blocks, and stores that in a database.

Reports can then be displayed in daily, weekly, monthly, or in various blocks (user definable) back in time for up to a year.

Reports show traffic reports in color coded division by protocol used:

• IP Protocol Traffi—shows the total bandwidth usage, and breaks it down by IP traffic and all other traffic forms
• Web—Breaks the traffic usage down by FTP, HTTP, and HTTPS protocols.
• Mail and News—Breaks the traffic down by POP3, POP3S, IMAP, IMAPS, NNTP, and SMTP protocols.
• Remote Login—Breaks the traffic down by SSH and Telnet protocols.
• Other—Breaks the traffic down by DNS, SNMP, and ÒOtherÓ (essentially all other protocols combined that are not otherwise noted).

Detailed Lists of Events

Detailed lists can be viewed for:

• IDS Events
• Vulnerability events
• Network events

ReadyARM not only displays, but makes it easy to sort columns for simple information extraction.

Summary Reports

Summary Reports with graphs and top 10 lists can be viewed for:

• IDS Events
• Vulnerability events
• Network events

ReadyARM can generate these reports in three mouse clicks.

Provides an excellent start for the audit requirements.

ReadyARM adds other formats as well.

Regulatory Audit Reports

Compliance agencies require reports for regulatory compliance audits.

These reports do not come automatically from the information above.

Additional report formatting is required, and not automatic in most products.

Some products charge more for this.

Avanton provides specific audit formatted reports.

• Bandwidth Monitoring
• Data Backup **
• Differential Vulnerability Scan
• IDS Event Summary
• IDS and Vulnerability Correlation
• Password Management **
• Risk Analysis **
• Vulnerability Scan Summary