IBM Tivoli Risk Manager
Product Version: 4.2
Certified for use with: Check
Point NG and Check Point 2000
Product Description: IBM Tivoli Risk Manager is a solution that enables organizations
to centrally manage attacks, threats and exposures. This solution
correlates security information from across the network and
eliminates false-positives to help administrators quickly
identify real security threats and respond with adaptive security
measures. |
|
|
| |
| Company Description: Tivoli
software from IBM enables an IT organization
to reduce the total cost of ownership and improve service levels
of the IT infrastructure. Tivoli systems management software
helps traditional enterprises and e-businesses worldwide manage
security, storage, performance and availability, and configuration
and operations. Backed by world-class IBM services, support
and research, Tivoli software is one of four key IBM Software
Group brands -- DB2, Lotus, Tivoli and WebSphere. |
| |
 |
|
| Key
Features and Benefits |
|
Features
- A scalable event management infrastructure to manage large
quantities of events from a wide variety of security devices
and applications across the network
- Centralized advanced event correlation and management
of security threats, attacks and exposures across the entire
organization
- Hierarchical data reduction and correlation, so only significant
incidents are reported up for further analysis
- The ability to analyze alerts in real time
- Out-of-the-box solution to manage intrusions across the
DMZ (networks, hosts and applications)
- Persistent storage of alerts and intrusions in a relational
database
- Real time alert mechanisms that can be sent in a variety
of ways, such as email, pager, and help desk tickets
- A variety of predefined reaction tasks to quickly resolve
urgent security issues, such as denial of service attacks,
viruses, or unauthorized accesses
- Support for advanced auditing and reporting tools
- Decision support for firewall, virus management, intrusion
detection, and risk assessment
- Delta reporting to identify status changes over time in
the overall security infrastructure, which helps pinpoint
when certain elements, such as firewalls, are more vulnerable
- Support for open standards and industry-standard technologies
Benefits
- Allows users to cost-effectively process and manage a
large number of security incidents
- Speeds response time to threats and helps avoid loss of
revenue due to downtime
- Delivers a high ROI by leveraging existing security infrastructure
and increasing productivity by reducing network downtime
and the labor required to manage security data
- Ability to generate reports and provide analysis for areas
such as incident and vulnerability management, and decision
support
- Identify security exposures and vulnerabilities, allowing
them to be corrected before a security breach occurs
|
| OPSEC
Integration |
| The Risk Manager
adapter for Check Point FireWall-1 uses the Open Platform for
Secure Enterprise Connectivity (OPSEC) Log Export API (LEA)
to receive firewall events. The Risk Manager adapter parses, normalizes, and filters
the raw events into Risk Manager events, then sends the data
into the Risk Manager server for correlation and analysis. The
Risk Manager control center centrally manages enterprise vulnerabilities
and enables businesses to detect and assess attacks, threats,
and exposures. Risk Manager correlates security information
and risk alerts from firewalls, routers, networks, host and
application-based intrusion detection systems, desktops, and
vulnerability scanning tools. By aggregating data across all
checkpoints and using highly advanced correlation techniques,
Risk Manager can determine with a high degree of confidence
which events are real and which are not. Risk Manager can also
identify attack patterns and classify attacks into situations
that make them easily recognizable. Not only does this save
the user time and money, but also allows the user to take corrective
action much more quickly, thereby restoring security faster
and minimizing damage. |
