Refense Security Risk Briefing July 2009

Security Risk Briefing

July 2009Proprietary & ConfidentialNot for distribution

© 2009 Refense All Rights Reserved Confidential

Security Risk Management

Routers Switches Wireless

Vulnerabilities – Policy Compliance

Mission Critical Infrastructure

• Superior performance = > Visibility, Speed & Accuracy

• Agent less, Proprietary algorithms - Non Intrusive Impact

• Comprehensive Security Checks & Policy ManagementKey

Ben

efi

ts

Firewalls

• Audit, Analysis, Prioritize and Mitigate


•Subscription Based•Rapid Deployment•Remotely Managed•No Up-Front Capital•Annual Contracts

Refense VMS

Enterprise ScalableAppliances

Refense On-Demand

Fully ManagedService

Product & Service

•Turn-Key Appliance•Software License•Fault Tolerant •Service Provider Scalable•AES 256 Encryption•24x7 Support


Limited capability

Limited capability

Compliance

Competitive Landscape

DevicesDesktops - Servers - Routers – Switches – Firewalls - WAPs

Secu

rity

Ori

en

tati

on

Network Management PlatformsHP Openview, IBM Tivoli, BMC

Configuration ToolsEMC Voyence, Alterpoint, nCircle, HP NCM, etc

VulnerabilityScanners

Qualys, FoundstoneeEye Retina

Vulnerability & Compliance Management for Mission Critical

Infrastructure


About RefenseFounded in 2003 & HQ in Raleigh, NC

Network Security Risk Management Solutions

Notable Customers:

Partnering with Industry Leaders:


Evolution of Network Security

Networks are increasing in size and complexity Value of network devices as method of attack is increasing & evolving Hackers are now actively targeting Cisco IOS (IOS rootkit, DNS poisoning, BGP hijacking, Phenoelit’s 0-day exploit)

Wireless networks still offer easy attack vectors Breaches as a result of compromised network devices are starting to become publicly known Hijacking a network is a very appealing target for large hacking groups or for foreign governments or terrorist organizations Most attacks are financially motivated


Identify Operating System/Network Vulnerabilities &

Non-Compliance to security policies

Agent less & non-intrusive, Lightning fast and accurate

Largest number of Intelligent Security Checks

Service Provider Scalability (10,000 plus devices)

Secondary Effects & Mitigation Intelligence

Predefined security policies & Regulatory Requirements

Wireless Rogue Finder Option

Scheduled Scans - Strong in-depth reporting

Instant ROI & low operational administration

Refense = Security from the inside out

Vulnerability | Compliance Management


Connect to remote devices via SSH or Telnet

Gather data using Show commands

Execute checks against collected data

Execute additional commands as required

Internal analysis of data by VMS

Generation of report

Storage of report data only for trending and comparative analysis


Refense Differentiators

Refense automates manual audits of Cisco IOS. Example: A PSIRT notice states – perform a Show Version to determine if you are running an affected IOS version, then perform a Show Processes | Include SIP or a Show IP Sockets dependent on your version of IOS to determine if your device is processing SIP packets, then check for the presence of a workaround using a Control Plane Policy.Now repeat across your entire network – the result could be many man hours of labor to find the devices that are vulnerable.

Refense VMS automates this process with a zero error rate!

Refense automates manual audits of Cisco IOS. Example: A PSIRT notice states – perform a Show Version to determine if you are running an affected IOS version, then perform a Show Processes | Include SIP or a Show IP Sockets dependent on your version of IOS to determine if your device is processing SIP packets, then check for the presence of a workaround using a Control Plane Policy.Now repeat across your entire network – the result could be many man hours of labor to find the devices that are vulnerable.

Refense VMS automates this process with a zero error rate!

Refense has more security checks than anyone else. When Cisco Systems wanted to solve a problem for the US Department of Defense they turned to Refense. The DoD has the most complex security policies for networks of any organization. They also have one of the largest private networks in the world. Ensuring compliance to DISA STIG’s was unenforceable until Refense came along.

Refense VMS scales to the largest enterprises and has the capability of ensuring compliance against the most complex

security policies!

Refense has more security checks than anyone else. When Cisco Systems wanted to solve a problem for the US Department of Defense they turned to Refense. The DoD has the most complex security policies for networks of any organization. They also have one of the largest private networks in the world. Ensuring compliance to DISA STIG’s was unenforceable until Refense came along.

Refense VMS scales to the largest enterprises and has the capability of ensuring compliance against the most complex

security policies! Refense VMS is a security focused point solution. Unlike others in the market, we don’t focus on servers and desktops, treating network devices as an afterthought. Refense isn’t a configuration management solution trying to be a security solution. We don’t rely on SNMP for configuration information and we don’t scan IP addresses looking for open ports.

Refense VMS is enterprise network security and has been for over 5 years!

Refense VMS is a security focused point solution. Unlike others in the market, we don’t focus on servers and desktops, treating network devices as an afterthought. Refense isn’t a configuration management solution trying to be a security solution. We don’t rely on SNMP for configuration information and we don’t scan IP addresses looking for open ports.

Refense VMS is enterprise network security and has been for over 5 years!


Risk Management Reporting


Secondary Effects & Mitigation


6-9 month ROIReduce Costs by >65%-90%

Eliminate Risks & Achieve Compliance

Zero False Positives

Superior Vulnerability & Compliance Management

Automated & Lightning Fast

In-depth analysis Accurate & Independent

Actionable Intelligence

Audit & Mgmt Reporting

Non-intrusive

7

8

1

2

3

4

5

6

Automated Risk Management Automated Risk Management

24x7x365 Visibility24x7x365 Visibility

Document and policy

Asset identificationand evaluation

Threat and vulnerably

identification

Control identification

Determine likelihood of threat

Control recommendation

Determine risk

Determine impact on confidentiality,

Integrity and availability


Refense vs Configuration Management Tools

Refense is security oriented – Refense has been built from the ground up to do one thing, ensure the security of enterprise networks. Network configuration management tools are not architected to dig deep into networks to discover security weaknesses.Refense replicates manual audits – Refense follows the same process and has the intelligence of a manual human auditor, Refense isn’t limited to regular expression string matching. Network configuration management tools have not been designed to audit the security of networks, they collect configuration information and process it based on regular expression rules.Refense can identify threats other tools cannot – These include: Network devices with fraudulent or compromised operating systems.Vendor published vulnerabilities that cannot be identified by regular expression string matching.Vulnerabilities where insufficient or incorrect mitigation actions have been implemented.Complex analysis requiring data from external sources such as those detailed in US Federal Government standards like DISA STIG’s.REFENSE provides greater visibility to potential vulnerabilities and identifies

vulnerabilities other tools overlook or cannot see. REFENSE does this with greater accuracy than any other solution and our ability to conduct network analysis without impact to the network or device allows network protection to be continuous or "always-on" resulting in shorter time to protection from potential threats.


Refense vs Vulnerability Management Tools

Inside vs outside orientation – Refense audits network devices from the inside. This enables greater accuracy and functionality over traditional vulnerability scanners. Vulnerability management tools scan IP blocks and rarely allow authenticated analysis of device configurations. These types of IP/port scans cause high load on the device, are network intensive, slow and inaccurate.Refense focuses on network devices – Refense is focused on WAN and LAN network devices, it was built for that purpose and doesn’t try to use vulnerability identification methods designed for desktops and servers. Vulnerability management tools don’t have the same focus, most are better suited to scanning Windows and Linux than Cisco and Juniper OS.Refense vulnerability checks are smart – Refense ships with over 300 security checks that look for security weaknesses introduced through configuration as well as vulnerabilities caused by OS related flaws. They use advanced logic to verify the security weakness actually exists and understand when workarounds are in place to mitigate the problem. Vulnerability management tools use checks that look at the OS version and then assume your device is vulnerable based on the version of code you are running, not the way your device is configured and network is protected.REFENSE provides greater visibility to potential vulnerabilities and identifies

vulnerabilities other tools overlook or cannot see. REFENSE does this with greater accuracy than any other solution and our ability to conduct network analysis without impact to the network or device allows network protection to be continuous or "always-on" resulting in shorter time to protection from potential threats.


What makes Refense superior ?

Focus – Mitigating Risks in Mission Critical Infrastructure – Routers/Switches/Firewalls/Wireless Access Points

Visibility & Non-Intrusive – Operating System Vulnerabilities & Compliance to Security Policy

Accuracy – Inside Out Architecture eliminates false positives & negatives – reducing time spent on invalid results

Speed – Distributed high speed scanning makes Refense the fastest vulnerability solution available

Compliance w/Security Orientation – Complex Checks, Secondary Effects & Risk Mitigation

Easy to Implement/Maintain – Turn-Key appliance can have you up and running in less than an hour – Low Administration

Documents

Refense Security Risk Briefing July 2009