TDi DEFENSE FOUNDATION TDi Defense Foundation The Defense Foundation from TDi Technologies® is an integrated platform that helps secure the organization from the Insider Threat (and outsiders who breach perimeter defenses). The Defense Foundation starts with the component layer of IT infrastructure in or- der to secure IT infrastructure at its very foundation by establishing connection and control over privi- leged component interfaces that are used to configure, repair, and maintain the systems layer of the ar- chitecture regardless of the operation mode of the component. This means that even while systems and components are “off the corporate network” the security model is still in place. Business Challenges The Defense Foundation helps organi- zations: 1. Protect their infrastructure from the Insider Threat 2. Secure privileged interfaces 3. Create a forensic record of what did, and did not, happen Key Features Key features are: 1. Secures, controls and logs privileged interfaces 2. Provides role-based, authenticated security to privileged interfaces 3. Supports event and threat condition detection and creates matter-of-record forensic logs (legal, audit, regulatory) 4. Provides remote, secure access anywhere an internet connection exists. Technology Differentiators Key technology differentiators are: 1. Creates persistent connections , detecting events as they actually occur (milliseconds) 2. Retains monitoring and control in all operating modes . 3. Employs advanced pattern-matching for early warning and Threat remediation. 4. Brokers one-click-by-event opening of component consoles for fast response 5. Creates forensic logs of all events that occur and actions that are taken.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
TDi DEFENSE FOUNDATION
TDi Defense Foundation The Defense Foundation from TDi Technologies® is an integrated platform that
helps secure the organization from the Insider Threat (and outsiders who breach
perimeter defenses).
The Defense Foundation starts with the component layer of IT infrastructure in or-
der to secure IT infrastructure at its very foundation by establishing connection and control over privi-
leged component interfaces that are used to configure, repair, and maintain the systems layer of the ar-
chitecture regardless of the operation mode of the component. This means that even while systems and
components are “off the corporate network” the security model is still in place.
Business Challenges
The Defense Foundation helps organi-
zations:
1. Protect their infrastructure
from the Insider Threat
2. Secure privileged interfaces
3. Create a forensic record of
what did, and did not, happen
Key Features
Key features are:
1. Secures, controls and logs
privileged interfaces
2. Provides role-based, authenticated security to privileged interfaces
3. Supports event and threat condition detection and creates matter-of-record forensic logs
(legal, audit, regulatory)
4. Provides remote, secure access anywhere an internet connection exists.
Technology Differentiators
Key technology differentiators are:
1. Creates persistent connections, detecting events as they actually occur (milliseconds)
2. Retains monitoring and control in all operating modes.
3. Employs advanced pattern-matching for early warning and Threat remediation.
4. Brokers one-click-by-event opening of component consoles for fast response
5. Creates forensic logs of all events that occur and actions that are taken.
TDi DEFENSE FOUNDATION
Foundation Management Server The Foundation Management Server provides information flow processing, business rule
execution, pattern-matching execution,
role-based security, and log file genera-
tion for all modules. The Foundation
Management Server handles all input
and output for the foundation, serving
this data up to Foundation modules as
needed.
The Foundation Management Server is a
rigorously optimized processing engine
specifically designed to handle extremely
high volume I/O traffic. This gives TDi
Foundation Management products the ability to “sense and respond” to events in real-time
measured in milliseconds.
Foundation Protocol Manager The Foundation Protocol Manager establishes and maintains connections to information
flows that are generated by hardware, software and other intelligent devices. The Founda-
tion Protocol Manager serves as the bridge between the many different types of communi-
cation channels that exist in the I.T. Infrastructure and the Foundation Management Server.
The Protocol Manager supports connections to hardware and software interfaces over a
variety of digital communication proto-
cols including:
SNMP
SSH
SSL
Syslog
Telnet
IPMI
WMI-CIM
and even custom serial interfaces.
The flexibility of the Foundation Protocol Manager enables it to connect streams of informa-
tion from virtually any point in the IT architecture to the Foundation Management Server.
For bidirectional interfaces, the Foundation Protocol Manager connects outbound informa-
tion flows to interfaces to perform remediation, maintenance and repair actions based on
automated business rules and user-entered actions.
TDi DEFENSE FOUNDATION
Defense Module The Defense Module helps protect organizations from the Insider Threat with respect
to:
Gaining access to, altering or destroying sensitive data
Inappropriate actions that can compromise the privacy of private records
Insertion of malicious code
Disruption of critical services from improper configuration of components or sys-
tems
Features and Functions
The Defense Module includes the following features and functions:
1. Configure and deploy the role-based
security model
2. Monitor privileged interface events
along with other infrastructure events
3. Log definition of events and actions
to be recorded
4. Creation and assignment of business
rules against events and event pat-
terns.
5. Creation and assignment of auto-
mated notifications against events
and event patterns
6. Generation of reports and dashboard elements for inclusion in the Graphical User
Interface (ConsoleWorks).
Virtualization Module
In addition to the Defense Module, the Virtualization Module can be used to extend the
defense strategy to virtualization technologies. The Virtualization Module creates this
extension to the Defense Foundation by including virtualization technologies in the De-
fense strategy with support for hypervisors and Virtual Machines (XEN, VMware).