New York Security User Group

05/07/10 Symantec Meeting Minutes
 
Attendees: Jason Fenner, Michael Kordelski, Eric Sternberg, William Brennan, Vijay Haripal, Filberto Lopez, Nancy Jean-Charles, Sunitha Evany, Val Vechnyak, Eleonora Martkovsky, Gary Wilhelm, Paul Rolanti, George Frempong, Ellen Shaffer, Natella Abayev, Richard Tisdale
 
Discussion Items:
 
 
· Training hosted by Michael Kordelski at Saint Barnabas Health Care Systems.
 
· Main presenters were Val Vechnyak, Richard Tisdale and Jason Fenner
 
Topics covered by Val Vechnyak
 
 Challenges and suggested solutions for ESM 6.5.3
 
Challenges:
 

• CPU Intensive
• ESM is allowed to run only during green zones
• DB Convert jobs take time – Latency in data push
• Fwatch – Resource Hog

 Suggested Solutions:
 

• Limit Messages coming from modules
• Jobs to be spreads across the week instead of limiting them to specific days.
• Connect DB Convert to 1 or 2 managers and write a script that runs twice a day  to email output to review errors.
• Fwatch module – Limit CPU Usage
• If DBConvert is on the same SQL server, it takes less time to convert the job and push the data.

 
Topics covered by Richard Tisdale
 
Symantec Vontu Data Loss Prevention
 
Challenges:
 
Affordability
Scalability
User Ability
AD Integration
Workflow Intelligence
Enforcement policy intelligence
Product support
Open Wi-Fi
Bi-Med Vendors support
Incident Response SLA
 
 
DLP Business impact
Users and vendor education
Data Classification
Data Storage
 
 
Several vendors / solutions considered to solve these challenges
POC
Bake-Off
Analyst reports
Reference calls
 

• Security products that were implemented at Meridian health
• Vontu Network Monitor
• Vontu Network Prevent
• Vontu Network Discover
• Vontu Network Endpoint
• Vontu Network Enforce
• Vontu Email Prevent
• Vontu Email encryption

 
Symantec helped with the implementation of these products.
 
Benefits:

• Management dashboard
• Recommend types of training
• Personal data
• Standard email – Extended email
• No Non-secure transmission of data

 
Implementation challenges:
 

• Relay off of Meridian’s network boxes
• Network implementations
• Multi Network IP filtering
• SMTP Host Relay
• Training – There was a lot of knowledge transfer

 
Significant achievement after these products were implemeted is Users and Vendor education which was the most challenging of all
 
Tips / Tricks/Best practices – When making changes and / or testing , remove users from email notification. Test policies
 
No big lessons. Meridian happy to have implemented Symantec products
 
Trigger data matching has been a big help
 
Main challenge at Meridian is to put together a Security oversight group
 
 
Topics covered by Jason Fenner:
 
Features of CCS 10
 
Evidence gathering through the web portal
Thick client Wintel
Send questionnaire and can import
 
New CISOS can be given quizzes and questionnaires for awareness perspective –
 
Attestation to questionnaires and supporting documentation can be sent through the push and pull features for external documents
 
Integration
 
Altiris – Work flow product Enhance the way data is moved around
 
New in CCS 10
 

• CCS Vulnerability Manager
• Web-based dynamic dashboards
• Integration with data loss prevention(DLP)
• 3^rd party evidence automation
• CCS Vulnerability Manager
• Commoditized market – Push from customers and management
• PCI – Need to have vulnerability manager product in place
• Partnering with OVM
• Prevents threats to critical assets and information
• Explain about vulnerability – Identify in web applications, databases and network devices
• Unique vulnerability chain mechanism
• Risk scoring algorithm
• High performance
• More than 54,000 checks across 14,000+ vulnerabilities
• High performance agent-less scanning
• Support Multiple technologies
• Vulnerability detection for AJAX and Web 2.0 applications
• Database servers – Breached information
• Vulnerability content for most popular databases
• Web-based Dynamic dashboard
• Get right information to the right people
• Integarte technical , procedural, data controls with evidence from external systems
• Concept of panels – Metrics
• Dashboard – KPI that end user needs to see
• Easy sharing of information
• Web Delivery
• Print and export dashboard
• Enhanced analytics
• Drill down into panel data
• Multiple panels in single view
• Trending – Drill down on particular policies / controls
• Also, there are filters which are customizable and flexible
• Variable panel sizing – Different sizes of different dashboards
• Maximize a panel
• User defined panels are visualizations of KPIs
• Layout filters persisted
• Integration with DLP
• Gain visibility to most valuable assets and hold them to a higher standard
• Create asset groups by tagging data with the most sensitive and valuable information
• Prioritize assets
• External evidence system
• Create own controls and map evidence to data and controls and store in one central repository
• Gain a better understanding of what the exact risk on the system.
• Public and private panels and dashboards
• Compliance analysis – policies
• Controls passed / failed for policies
• Drill down possible
• Each check has risk rating
• Description of policy – Mapped frameworks
• Failed checks
• Failed 3^rd party controls
• Extended evidence sources
• ESM 10 and CCS 10 being released at the same time
• Symantec will have shorter , quicker releases to accommodate more features
• Upgrade of CCS 9 – CCS 10 is in place. Clients don’t need to rip and replace the entire setup if they already have CCS 9 installed
• Enhanced 3^rd party evidence in CCS 10

 
All other features are the same, Only bug fixes- No enhancements from CCS 9
 
 

• Plans for next meeting:

 
             Dates - Friday, November 5,
 
             Time - 10:00 am – 1:30 pm
 
             Location - TBD
 
     

• Topics suggested for next presentations:

 
              TBD
 
 
ACTION ITEMS:
 

• New users - please follow the instructions below to register 
• Register or log-in to Symantec Connect www.symantec.com/connect/user/login
• Click on "Groups"
• Click on "New York Security Management & Compliance"
• Click on "Request Membership"
• Your User Group webmaster will review & approve your membership request
• To trade in your points for gifts and rewards, check out the catalog at:
  symantec.com/connect/rewards
• To see how you can earn more points, visit:
  symantec.com/connect/points