WEB Security Monitoring Proposal

brickborderSecurity

Nov 3, 2013 (4 years and 6 days ago)

97 views




1






WEB
Security
Monitoring Proposal




2

Contents


ECONOMIC PROPOSAL FOR
WEB SECURITY

................................
................................
................................
.....
3

PROPOSED Service DESCRIPTION

................................
................................
................................
......................
4

Complete External Intelligent Vulnerability Monitor

4

DNS Hijacking Monitor

4

To
p
-
Level
-
Domai n (TLD) Monitor

5

Secure Certi ficate (SSL) Monit or

5

Web Site Monitor

5

Defacement Monitor

5

Availability Monitor

6

Email Performance Monitor

6

The Advent of Digital Surveillance

................................
................................
................................
.......................
7

Why Monitoring

................................
................................
................................
................................
....................
8

Business Benefits

................................
................................
................................
................................
................
9

Business Benefits: Risk Reduction

9

Business benefit: Financial performance

9

Business

benefit: Reduced Operati onal Costs

9

Business Benefit: Regulatory Compliance

9

Catbird Networks

................................
................................
................................
................................
................

11

Company Background

11

REFERENCES
................................
................................
................................
................................
.....................

11

Cumberl and Bank

11

Ohio State Bank

12

http://www.catbi rd.com/pdf/casestudi es/case.ohio.bank.pdf

12

Nort h Dall as Bank

12

https://www.catbird.com/pdf/casestudies/case.northdallas.bank.pdf

12

YellowBrix

12





3

ECONOMIC

PROPOSAL FOR
WEB SECURITY

Catbird Networks Inc. Recommendation:

Catbird is proposing a 12 month agreement to provide Web Security for
HITECH

Software Inc.
The
recommended
Web Security
configuration below is based on preliminary estimates.


1.

Catbird’s Web
Security
Base
Package.

This package includes security monitoring for
1

DNS Server
1
,
Availability (ping) for 1 IP
, Top
Level Domain (TLD) for 1 domain, Vulnerability monitoring for
1

IP, 1 Pharming Shield which
incl
udes one each of DNS Hijacking
, Defacement

and Secure Certificate Monitors
.

2.

Additional Monitors.

This proposal includes the following additional
monitors:
4

Web Performance
, 1 Web
Transaction Monitor,

and 5 Web Defacement and one e
-
mail monitor.

3.

Additional Monitors

Options
.

This proposal includes

the
following

options for each monitor:
All Web
Performance &
Transaction
monitors will have Object
-
level detailed web scan and F
requency increases to
4/hour.

Catbird will charge a setup fee, payable up
-
front, for 1.5X the monthly fee.
The table below
pr
ovides a breakdown of the recommend units and associated
monthly
costs.





Notes:


1.

These costs do not include applicable taxes

2.

Prices are based on a
12

mo
nth contract, billed monthly




4

PROPOSED
SERVICE
DESCRIPTION

Protecting your
systems from attack is an ongoing responsibility, not a one
-
time event.
Catb
ird’s
Web Security package
performs
eight
critical
tests to protect your
company’s Internet
presence
:



External v
ulnerability

monitoring
,



Pharming Defense which includes three dis
tinct tests for
DNS
performance and h
ijacking
,

Web Site Defacement, and Secure Certificate (SSL) verification,



Top Level Domain (TLD)

performance and verification,



Web Site p
erformance
,



Availability monitoring
,



E
-
mail performance
.

Catbird’s base package in
cludes one of each
test, defined by Catbird as a M
onitor.
Additional
M
onitors
are sold separately and
can be added

at anytime. Below is a brief description of each

Catbird Monitor
.

Complete External
Intelligent Vulnerability

Monitor

Protecting your syste
ms from attack is an ongoing responsibility, not a one
-
time event. Catbird
’s

External
Intelligent Vulnerability Monitoring™ enables you to automatically monitor t
he vulnerability
of your external
-
facing IP addresses

-

an automatic audit of your
public IP a
ddresses

every two
minutes, 7 days a week, 365
days a year.

External
Intelligent Vulnerability Monitoring starts by
establishing a baseline of open and closed
ports. The monitor then scans each open port
for almost
thirty
thousand
known vulnerabilities.

If a
weakness is detected, we'll send you a detailed report with suggested solutions. Each weakness is
classified based on ratings from CERT and NIST.

Once the customer has established the baseline, Catbird’s agents will
monitor
the ports
24/7/365 to
mak
e sure
the network
remains secure.
If
Catbird
detect
s

changes to
a company’s

Internet
-
faci ng
ports,
appropriate personnel are notified

immediately.
A

targeted vulnerability assessment of
newly
opened
port
s is

then automatically perform
ed

and
the customer i
s
inform
ed

of any known
vulnerability exposures
. Catbird will also scan all open ports daily for new vulnerabilities and notify
the customer immediately should any be noted.

The monitor can be configured to scan
at slower
rates in order to minimize any p
otential impact on the target system performance. The monitor can
also be configured to scan daily on a limited range of ports and weekly on all ports.

Each monitor is sold by IP, and is available as a single IP or in packages of 8.

DNS
Hijacking

Monito
r

Domain Name Servers (DNS) are the first systems contacted when a customer looks for your site,
or sends an email
. They’re

the last place
a company
want
s

to have trouble.




5

Catbird DNS Server Monitor watches all of
the

critical DNS records

s
o that
a given

domain is
always recogni
zed and accessible to customers
. If DNS records are missing or modified without
permission, Catbird agents immediately alert
IT staff
via pager or email.

Companies with multiple servers can take advantage of the DNS Cluster Monito
r, which monitors
all of
the
DNS servers to ensure that customers are successfully routed to
the corporate

site by any
one of the active servers.

Each monitor is sold by DNS domain, the base pack includes three domains. The base
configuration will test fr
om 3 locations, at a frequency of 1/hour. Frequency and location can be
increased for an additional fee.

Top
-
Level
-
Domain (TLD) Monitor

The TLD Monitor from Catbird Networks™ makes sure the TLD record for your Web site is visible
so that customers can fin
d your site. The TLD Monitor verifies that TLD servers are responding with
the correct reference to your domain, and watches for any incorrect updates, unauthorized
changes, or other errors made to your records. If problems are found, a Catbird generates a
nd alert
so you can resolve any problems quickly.

Each monitor is sold by domain; the base pack includes one domain. The base configuration will
test from 3 locations, at a frequency of 1/hour. Frequency and location can be increased for an
additional fe
e.

Secure Certificate (SSL) Monitor

The SSL Monitor verifies the security of your customer’s online transactions by making sure that
the correct SSL ID is used for every transaction. The monitor does this by comparing your SSL
certificate to the one being

used for each online transaction. If there is a mismatch or the
connection is not secured, you will immediately receive an alert and the event will be logged.

Web Site Monitor

Catbird Web Monitor ensures that
the corporate

Web s
ite performs optimally to
give
customers a
positive Web experience. As the most sophisticated solution for monitoring
a

Web site's
performance and availability, W
eb Monitor will alert the IT staff when a site slows down,
errors
are
detected, c
onnectivity is suffering
or the site is

exposed to a
Denial of Service (DoS) attack
.


Catbird Web Monitor
delivers

the most detailed information about
the

Web site so
one

can easily
analyze and troubleshoot any site performance issues. To identify bottlenecks and perform in
-
depth analysis and p
erformance trending, the Web Monitor looks at every element of a page
-

from
text, URLs, graphics, and Java applets, to banner ads, CGI scripts, and third
-
party content.

Each monitor is sold by URL, the base pack includes 1 URL. The base configuration wil
l test from
3 locations, at a frequency of 1/hour. Frequency and location can be increased for an additional
fee.

Defacement Monitor




6

Web site defacement is a problem that's on the rise, but most businesses and hosting firms do not
manage this critical thr
eat. Catbird Defacement Monitor is the most advanced product
available for
protect
ing a company’s

site against hackers who can
:



D
eface Web site's pages with offensi
ve graphics and text



Embed Spyware on web pages to capture valuable customer information.

W
ith the Defacement Monitor,
the IT department

establish
es

"baseline content"
-

approved content
for
the corporate
Web site. The Defacement Monitor
then
compares the baseline content to
the

live
site every 2 minutes, every day
. Catbird’s remote agents
aler
t
appropriate personnel immediately
if
a mismatch occurs so
they

can address the problem before customers notice.

Each monitor is sold by URL, the base pack includes 1 URL. The base configuration will test from
3 locations, at a frequency of 1/hour. Fre
quency and location can be increased for an additional
fee.

Availability Monitor

Catbird’s
Availability
Monitor
utilizes the ping function to
verif
y

that all of a companies
external IPs

are up and running. This not only validates the health of individual h
osts but ultimately the
robustness of the e
ntire network itself including

routes
.

Each monitor is sold by IP, and is available as a single IP

Email Performance Monitor

Email is a critical business communication tool.

I
f
the corporate
email system is
not
p
erforming
optimally, business communications falter.

Catbird Email Monitor watches
the
entire email system, including inbound and outbound mail and
total propagation time. With Email Monitor,
Catbird customers
know
their
POP
and SMTP servers
are being
clo
sely watched
-

and that if any errors occur,
they

can resolve them quickly.




7

THE ADVENT OF DIGITA
L SURVEILLANCE

As society rapidly accelerates into the digital age, a greater proport
ion of our physical assets are
being converted

into digital representation
s stored on computer systems.
While o
ver the last
thousand ye
ars

our societies developed methodologies and process
es to safeguard physical
assets,

in a period of less than a decade, society
has been
challenged to develop equivalent
processes to address th
e

security

risks associated with the digital revolution. The resu
lt was

the
birth of an industry to address the problem of Digital Security through products su
ch as virus
scanners, firewalls

and
spam filters
.



Digital Surveillance is the latest of these
innovations. Digital Surveillance solutions provide fully
automated and continuous services to track, measure, alert and report on
a
company’s security
posture. Most companies and institutions understand and accept the need to invest in their
physical se
curity
,

and
consequently
make
significant investments in
such protections as
alarms,
cameras, security guards,
and
access controls
.
Yet most have only recently begun investing in
Digital Surveillance or Monitoring. The advent of new, and more affordable,
monitoring
technologies is leading to rapid adoption of monitoring to complement existing
, basic

technologies
such as firewalls

and virus scanners.


The last few years have seen
a
rapid introduction of new automated m
onitoring

technologies that

ensures

tha
t

systems
,
websites

and

networks

are
as secure as possible
against

attack

and
operating

at peak performance
.
There are three broad Monitoring areas:




Vulnerability Monitoring of IT Assets such as Servers and Desktops,



S
ecurity and performance
monitoring
of
companies’
Web/E
-
commerce

p
resence,



Monitoring of general
security posture, particularly with respect to internal
intrusion.


The increasingly widespread
adoption
of these new monitoring technologies
represents a growing
awareness of the
dramatic rise i
n Digital Risk.


Rising Digital Risks

Increased threat profile
. Early

hackers were largely students and individuals looking to prove
their technical prowess. Today, society is facing well
-
financed and organized professionals,
determined to
exploit the
new digital paradigm for illicit
financial gain.
A
2004 Security Survey
published by Deloitte and Touche reported a 300
% rise

in the frequency of internal and external

network

attacks. Of the 400 companies surveyed, 49% reported both an internal and exte
rnal
attack, as compared to 13% in 2003. The large profits derived from cyber
-
crime are attracting
traditional organized crime elements from around the world.


S
peed of digital threats
.

As the risks increase, fully
-
automated, continuous,
non
-
invasive secu
rity
and performance monitoring technology

is required to enable IT staff to react

immediately
.
Surveillance systems
in today’s

digital world must respond with

24/7
, automated monitoring,
alerting and reporting to ensure that systems, websites and network
s are always secure against
attack and operating at peak performance
. Deloitte’s customers indicated the following Digital
Risks to their business:




8



Malicious code & viruses
damag
ing

or destroy
ing

systems and data



Vandals
threaten
ing

the

reputation

of thei
r companies through
identity theft
,

hijacking

the
company’s internet presence

and stealing customers’ confidential data



System outages and slow response times
disrupt
ing

online transactions
,



Outsourced
security and hosting partners
that
don’t live up to t
heir availability and
performance promises
.


WHY MONITORING

Monitoring is becoming the solution of choice for IT professionals
both
to ensure that they are fully
aware of any anomalous behavior on their network and to stop the spread of any attack as soon
as
it happens. Specifically, monitoring provides:


Better use of limited resources.

Monitoring allows companies to f
ocus limited
financial and
human
resources on the most critical
digital
resources
. Automated and continuous monitoring
allows a company to

shift human resources from
periodic, time
-
consuming
detection to mitigation.
For example,
scheduled
manual scans that occur
on
a chronological basis with limited automation
can now be fully automated and run continuously. Resources dedicated to manual s
cans can be
re
-
allocated to mitigation. Automated monitoring can perform continuous internal and external
reviews against established baselines to identify any changes.


Shift
from
reactive to proactive management
.

Continuous monitoring translates into a

fundamental shift in a company’s security
pos
ture from reactive to proactive. Monitoring systems
provide i
mmediate detection of errors, vulnerabilities and attacks

before they are able to exploit
systems. Traditional reactive security tools, like virus
scanners, are only useful once
an
infection
occurs. Monitoring, on the other hand, seeks to prevent the infection by reducing
system
vulnerabilities

in the first place
. Monitoring allows a company to e
stablish
a comprehensive,
layered
strategy to manage
new threats
.


Measurement and Compliance.

A comprehensive and c
ontinuous assessment

of your security
status
:
every 2 minutes
,
7X24, 365 days

a year.


Monitoring
allows you to compare security
performance, determine a course of action, and measure progress
. Progress can be tracked
through an
automated reporting and alerting system
, with historical analysis

and archiving of
actions taken and not taken
. Monitoring also allows company’s to show tangible evidence of intent
and actions
taken
to comply with app
ropriate internal or external process and standards

and

regulatory requirements.


Cost Savings
.
Catching potential problems or vulnerabilities before they become widespread
saves IT staff time and money in complicated clean
-
up and remediation efforts.





9

BU
SINESS BENEFITS

B
usiness

B
enefits
: Risk Reduction

Continuous monitoring systematically reduces the risk profile of a company by providing metrics
that can provide a quantitati
ve basis for comparison of the c
ompany’s relative risk through a
defined time per
iod. Risk can be divided into a number of categories:


1.

Risk to
Reputation

and Brand

2.

Liquidity risk

3.

Market risk

4.

Legal risk

5.

Regulatory risk


Monitoring is an essential element in reducing risk. The United States FFIEC Information Security
IT Examination Ha
ndbook, December 2002 states
:

“Financial institutions protect their information
by instituting a security process that identifies risks, forms a strategy to manage risks, implements
the strategy, tests the implementation, and
monitors
the environment to c
ontrol the risks.”

Comprehensive monitoring accomplishes all of these goals.

Business benefit: Financial performance

Financial performance can be adversely affected by security breaches.
The financial industry has
led the way in this area.
Bank examiner
s and auditors have been quick to realize the impact that
digital risk can have on institutions. For example,
the
U
.
S
.

Bank Examiner’s FFIEC Security
Handbook December 2002 states: “
A financial institution’s earnings and capital can be adversely
affected
if information becomes known to unauthorized parties, is altered, or is not available when it
is needed.”

The press has also reported extensively on
how security breaches
can
affect financial
performance
.


For example,
CRN Magazine reported in August 20
04 that “
Corporate losses from
Internet based attacks average $2M

per attack”. MSNBC reported in March 2003 that
ID theft
costs banks $1 b
illion a year.

Business benefit:
Reduced Operational Costs

Security breaches also affect
a
company’s operations

by
re
ducing productivity

and

reliability
,

and
consuming limited human resources to correct problem
s
. For example,
in August 2003
ICSA Labs
reported that the c
ost of remediation
for the
Blaster worm

ranged from

$475
,000
-

$4,228,000 per
company.


Monitoring als
o
provides verification of Service
-
Level
-
Agreements (SLAs) for outsourced services
such as web hosting or e
-
mail. Poorly performing outsourced services
create
disgruntled
employees and customers.

Business Benefit:
Regulatory
Compliance

In
the

United

State
s
,
numerous

laws

and

rules
now
govern
private and public
industries.
Monitoring is

a

key

part

of compliance with
both
Security Standards and

Right
-
to
-
Privacy

Laws
.



10

Compliance is
an ongoing process that is designed to identify, measure, manage, and contro
l risks,
including those due to vulnerabilities.


For US
-
based regulated
industries

such

as
financial institutions


vulnerability management
is no
longer

simply

a best
practices requirement
,
it is
a
regulatory requirement
.
The Gramm
-
Leach
-
Bliley

Act of
1999 (GLBA)
directs the financial industry to safeguard customer information
.
The act
mandate
s
that

federal agencies
develop standards for safeguarding customers
’ personal non
-
public information. These agencies
have since dictated the management
and contro
l of
vulnerability risks as a vital part of
ensuring the confidentiality
and
integrity of customer information
.


While GLBA specifically addresses the regulated requirements for the financial industry, the
Sarbanes Oxley Act of 2002 (SOX) addresses all pub
licly traded companies. Sections 302 and
304 of SOX require companies to establish, maintain, and report internal controls. Section 404
requires annual reporting on the effectiveness of the internal control structure and integrity of
financial information

reporting. Security monitoring, which includes monitoring for vulnerabilities, is
an essential part of these overall information system controls.


In addition to GLBA and SOX,
Security and IT Governance
rules are growing
in the US Banking
industry as refl
ected
by the
US
FFIEC IT Security Handbook,
December 2002 and
FFIEC E
-
banking Handbook,
August 2003
.

Other industries are becoming similarly regulated.


In addition to these, across all industries, there are Recommended Best Practices from NIST,
CERT, SANS
, ISACA and NSCP.





11

CATBIRD NETWORKS

Company Background

Catbird Networks, Inc. is the developer of the industry’s most advanced and comprehensive
network security and performance monitoring technology. Catbird provides financial institutions,
health care
providers and e
-
businesses with unique solutions that help them manage the security
,
integrity
and performance of their networks, Internet
-
based systems and applications,

and
third
-
party technology and content providers. Catbird’s product offering is uniq
ue in its focus both on
security and performance. Catbird’s veteran developers recognized the causal link between the
two: performance degradation is one of the first signs of a security problem.

Catbird Networks provides the industry’s only fully
-
automate
d, continuous and non
-
invasive
network security and performance monitoring technology.
The

fully automated
security monitoring

enables
Catbird

to provide more types of security

protection, performed more frequently and at a
fraction of the cost of
other
al
ternatives.
The

comprehensive solution

provides ongoing vulnerability
protection along with monitoring for
pharming/
hijacking, identity theft, network intrusions,
ecommerce

transactions, defacements, wireless exposure and outsourced partner performance.

Ca
tbird’s swarm of agents

monitor customers’ networks approximately every 2 minutes, 365 days a
year. Detailed notifications and reports help

customers manage their networks, rapidly resolve
problems and limit the potential exposure of confidential informati
on.

Regulated industries, such as
financial institutions and health care providers,
can
use Catbird
to
guarantee compliance with
federal guidelines

and regulatory requirements.

Catbird external monitoring uses intelligent, automated agents placed at major

traffic points
throughout the Internet.
Catbird I
nternal monitoring uses

a
hardened internal agent appliance.
The agents

immediately

and automatically

notify customers about security or performance
problems.
Detailed
report
ing archives

historical data f
or audit verification and statistical
benchmarking. The combined effect is to provide the most complete and informative view of how
customers’ systems and network are functioning.


The patent
-
pending
technology is proven, reliable and accurate. We are in t
he catbird seat


always aware and ready to respond. Established in 2000, Catbird Networks was created by
CenterGate Research, a group formed by networking veterans responsible for developing the
fundamental architecture of today’s Internet. CenterGate env
isioned being able to provide
customers with real
-
time security monitoring for networks, e
-
commerce and applications. The
result: Catbird Networks.

REFERENCES

Hundreds of
companies use Catbird
services to improve their security posture, to comply with
regu
latory requirements and to improve their IT staff productivity. In addition, many companies
also use monitoring to assure the
delivery of high customer satisfaction through web presence
monitoring and to enforce third
-
party performance of Service Level Agreements (SLAs). In addition
to the written cases we previously under NDA
,

below are some additional public
case studies:

Cumb
erland Bank




12

http://www.catbird.com/pdf/casestudies/case.cumberland.pdf

Ohio State
Bank

http://www.catbird.com/pdf/casestudies/case.ohio.bank.pdf

North Dallas Bank

https://www.catbird.com/pdf/casestudies/case.northdallas.bank.pdf

YellowBrix

https://www.catbird.com/pdf/casestudie
s/case.yellowbri x.pdf