赛门铁克合规管理解决方案.pptVIP

* Introduction This scenario involves the deployment of four appliances: - Three Collection appliances (model 9500) - One Correlation appliance (model 9650) In this example, the company has decided to deploy a Collection appliance in each office (company Headquarters and regional offices). The Correlation appliance is located at the company Headquarters. Regional offices In each regional office, the Collection appliance receives events from all types of security sensors (for example, firewall, IDS, antivirus and vulnerability sensors). Each collection appliance is configured to forward their events to the Correlation appliance at the company Headquarters. Company Headquarters At the company Headquarters, the Collection appliance is only tasked with receiving events from Firewall and IDS sources. Those events are then forwarded to the Correlation appliance. The Correlation appliance also receives Vulnerability and antivirus events directly from the Agents configured to forward those events from the corresponding sensors. Benefit Such a scenario is advised in network environments with different physical locations, willing to implement centralized security information management. The workload on the Correlation appliance is kept to a minimum by the use of Collector appliances in each physical location, and in the parts of the network that receive the most events. * * Agenda 合规性管理方案整体架构 1 客户关注的其他问题 3 现场交流和问答 4 具体功能模块介绍 2 * 内置的第三方软件组件 Operating System: White Box Linux 3.0 (RH-based distribution) IBM DB2 8.2 FP10 (Houses all security events and incident data) IBM Directory Server 5.2 FP0002 (LDAP for users, roles, config, etc) IBM HTTP Server 2.0 Apache Tomcat 5.0 Servlet engine JRE 1.5.0_04 * 开放的API接口 SSIM 4.5 is completely open We have built web services around most features Tickets Incidents Assets Archive Auto-Ticketing was created as a sample * 日志管理和审计一体化解决方案 * Intrusion Detection/Prevention Symantec Network Security (SNS) Symantec HIDS Symantec