» Foundstone Enterprise 4.0
Detailed Product Presentation
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
Agenda
»
»
»
»
»
»
»
»
»
»
Foundstone Solutions
Truly Enterprise-Class
Asset-based Vulnerability Management
Unmatched Assessment Horsepower
Life-cycle Threat Management
Stream-lined Remediation
Measurement & Benchmarking
Interoperability: Foundstone Link
Total Cost of Ownership
Competitive Comparison
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
2
Foundstone Product Family
» Foundstone Enterprise v4.0
– Enterprise-class, award-winning vulnerability management system
– Options include:
– Remediation Module
– Threat Correlation Module
– Appliance-based
– Feature-rich and the most scalable risk management system available
– Low cost of ownership: automated download and installation
– All updates Foundstone tested & approved
» Foundstone On-Demand Service
– Hosted system engineered to manage and mitigate risk
– Integrated threat intelligence alerts and correlation
– Zero-deployment; no administration or maintenance
» Foundstone Professional TL
– Designed for consultants and auditors
– Enterprise-class functionality and scalability
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
3
The Foundstone Vulnerability Management (VM) Lifecycle
Risk = A x V x T
C C
Risk = A x V x T
C C
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
4
Enterprise-Class
» Web-based, centralized management
» Hierarchical user account system supports even the most
complex organizations
» Flexible role-based access control for scanning & remediation
» Unprecedented performance & reliability: unique scanning architecture
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
5
Enterprise-Class
Features & Benefits
Web-based, centralized management
Automated vulnerability, threat and
knowledgebase updates from Foundstone
Safe and lightweight: built-in scan traffic load
balancing
Graceful handling of latency issues and network
disruptions
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
6
Enterprise-Class
Features & Benefits
Hierarchical model supports even the most
complex organizations
Easy, delegated administration using
Workgroups for offices, regions, etc.
Flexible role-based access control for users
Granular permissions for scans, remediation
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
7
Enterprise-Class
Features & Benefits
Unique parallel architecture allows many scans
to execute at once on a single engine
A single scan is automatically distributed into
multiple subscans for enhanced scan
performance
Scan recovery with no data loss due to batchbased design
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
8
Asset-Based Vulnerability Management
»
»
»
»
Driven by agent-less asset discovery
Classify using detailed, flexible criteria
Scan by business function, geographic region, etc.
Tickets can be automatically assigned to
group asset owners
» Asset criticality can be used to focus
remediation tasks on
the most important
systems
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
9
Asset Classification
Features & Benefits
Driven by agent-less asset discovery
Classify using detailed, flexible criteria
Assign group properties such as asset
owners & criticality values
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
10
Asset-Based Scanning
Features & Benefits
Create scans by asset value or owner
Easily include/exclude hosts based on OS,
name, and other properties
Scan by business function, geographic
region, etc.
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
11
Asset-Based Remediation
Features & Benefits
Tickets can be automatically assigned to
group asset owners
Asset criticality can be used to focus
remediation tasks on the most important
systems
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
12
Assessment Horsepower
» Deep, agent-less assessment across all
layers of infrastructure
» Discovers and analyzes every system on
the network, from database to router
» Uses patent-pending OS identification and
vulnerability analysis techniques
» Based on the customizable Foundstone
Scripting Language (FSL)
» Unprecedented ease of use:
– One-click quick scans
– One-click scan performance / bandwidth
optimization
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
13
Assessment Horsepower
Beyond Traditional Vulnerabilities:
Specialty Assessment Modules
» Windows Module
– Patch & policy testing
– Trojan & spyware detection
» Wireless Module
– Discovery of access points
& clients
– Mapping & vulnerability analysis
» Web Application Module
– “Unknown” vulnerabilities within custom web apps.
– Crawls, inventories & then intelligently analyzes
– Examples: source code disclosure, SQL error handling, weak
usernames and passwords, “hidden” sensitive files and archives
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
14
Life-Cycle Threat Management
» Intelligence alerts on critical breaking threat
events such as worms and exploits
» Faster than a check– shows threat impact
immediately without running another scan
» Risk-ranking of assets prioritizes
threat response so that
the most important hosts
are protected first
» Threat response
benchmarking by
business unit
» Measures response efforts
vs. an established
remediation goal
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
15
Threat Monitoring
Features & Benefits
Intelligence alerts on critical breaking threat
events such as worms and exploits
Automatically updated on a daily basis
Alert correlation rules show how a threat event
will impact your networks
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
16
Threat Analysis
Features & Benefits
Faster than a check– shows threat impact
immediately without running another scan
5-factor correlation displays results by
likelihood of a successful attack
Risk-ranking of assets prioritizes threat
response so that the most important hosts are
protected first
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
17
Threat Scanning
Features & Benefits
Correlation results feed rapid threat scans or
remediation activities
Threat scans easily created for a single or
several vulnerabilities
Threat scans complete quickly, even for large
Class B and A networks
Alerts can be sent directly to staff pagers via
email
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
18
Threat Benchmarking
Features & Benefits
Threat response benchmarking by business
unit (e.g. geographic region, workgroup,
office) or operating system
Progress automatically updated based on
enterprise remediation efforts
Effective comparison model: set up by
administrator, seen by all users to gauge
status versus peers
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
19
Threat Compliance Tracking
Features & Benefits
Measures response efforts versus an
established remediation goal
Progress measured in % of compliance-based on # of vulnerable hosts for one or
many threat events
Graphs easily downloaded or modified for
on-the-fly reporting
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
20
Stream-Lined Remediation Workflow
» VM Pioneers: Introduced integrated remediation workflow in
early 2002
» Vulnerabilities automatically turn into easily managed tickets
» Rules-based automatic ticket assignment using multiple,
flexible criteria
» “Ignore” vulnerability feature allows for
creation of policy exceptions
» Closes tickets for fixed
vulnerabilities with no
manual intervention
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
21
Automatic Ticket Creation
Features & Benefits
VM Pioneers: Introduced integrated
remediation workflow in early 2002
Vulnerabilities automatically turn into easily
managed tickets
Comprehensive control over ticket creation
by scan / vulnerability severity
Establishes accountability: the key to
getting vulnerabilities fixed
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
22
Automatic Ticket Assignment
Features & Benefits
Rules-based automatic ticket assignment
using multiple, flexible criteria
Automated export of tickets to 3rd party
helpdesk systems (e.g. Remedy)
“Ignore” vulnerability feature allows for
creation of policy exceptions
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
23
Automatic Ticket Closure
Features & Benefits
Closes tickets for fixed vulnerabilities with
no manual intervention
One-click verify scans to confirm fixes
Comprehensive searching feature enables
for simple remediation progress analysis
and tasking
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
24
Measure and Benchmark
» FoundScore: intuitive 0-100 security scoring system based on
vulnerabilities and asset criticality
» MyFoundScore: customizable scoring that matches your policy
» Risk Score: immediately visible statement of overall enterprise risk level
– Considers impact of breaking
threat events on assets and
existing vulnerabilities
» Interactive, executive
dashboard for comparing
business units/regions,
platforms and tracking
key statistics
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
25
Interoperability: Foundstone Link
» Open architecture leverages current technology investments
– Seamlessly integrates with existing database, network &
system management solutions
– Open database design works with 3rd party reporting tools
& custom SQL queries
– Web services-based
» API set to allow external applications to leverage the power of
FoundScan engines
– Scan creation, scan management, scan results access
» Authentication API for use with Netegrity Siteminder,
RSA SecurID, LDAP and other technologies
» Support for standards such as CVE, IAVA, & SANS/FBI Top 20
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
26
Total Cost of Ownership
» Focus on interoperability and management results in overall low TCO
– Vulnerabilities, threats and system can be automatically updated
– No appliance patches to test or install
– Does not require additional staff or skill sets
» Comparison of TCO against competing vulnerability management
services results in significant savings over a 5-year period
Year
Foundstone
Competitor
Difference
1st year
$187,747
$140,079
$58,845
2nd year
$240,494
$275,646
($37,698)
3rd year
$293,240
$411,213
($134,241)
4th year
$345,987
$546,780
($230,784)
5th year
$398,734
$682,347
($327,327)
Numbers based on projected pricing for a 10,000 system environment, HW/SW/Services included
Confidential and Proprietary
Copyright ©2004 Foundstone, Inc. All Rights Reserved
27
Competitive Comparison
Capability
FStone
nCircle
Qualys
Tenable
eEye
ISS
Enterprise-Class
Assess. Quality/Depth
Flexible, Open Arch.
Threat Corr. Module
Risk Mgmt. / Metrics
Full, Flexible Reporting
Robust Remed. Module
Full User System /
RBAC
Compliance Reporting
- Full capability
Confidential and Proprietary
- Some capability
(blank) – No capability
Copyright ©2004 Foundstone, Inc. All Rights Reserved
28