Date post: | 08-Jun-2015 |
Category: |
Technology |
Upload: | asherad |
View: | 628 times |
Download: | 2 times |
Outsourcing SEPM
Tony Asher
Agenda• Goal: Successfully manage endpoint security for
outsourced clients, while minimizing time and resources.
• Requirements / Challenges
• Solutions– 3 Unique ‘features’ we leveraged.
• Issues
Requirements1. Single point of:
• Management• Visibility• Alerts• Reporting• Reporting
2 Neutral from client environments2. Neutral from client environments
3 A t ti ti k t ti3. Automatic ticket generation
Challenges – 1) Independent secure network, allow client communication
Challenges – 1) Independent secure network, allow client communication
Challenges – 2) Updates to enclave without Internet connection
Challenges – 2) Updates to enclave without Internet connection
Challenges – 3) Clients ability 'go-away'
Challenges – 4) Ticket generation
Steps Towards Solutions
Solutions – 1) Replication• Choices: Site Replication vs. GUPs
– GUPs: Can’t manage independent client admins, won’t centrally collect logs, open ports.Domains vs Groups– Domains vs. Groups
Replication Process
Replication Process (cont.)
Replication Process (cont.)
Steps:Steps:1. Verify ‘Additional Site’ in SEPM
2. Edit Properties of Replication
3. Replicate Now
4. Check Log
5. Setup ‘Limited Admin’p
Edit Replication Properties
Issues:1 SEPM S V i1. SEPM = Same Version
2. Shut down replication during upgradepg
3. Remember to turn back on
4 Easily ‘Deleted’4. Easily Deleted
Solutions – 2) Live Update ServerC• Challenge:– Couldn't communicate with Internet.
• Solution: Live Update Server on Tier 3 with– Live Update Server on Tier 3 with Internet connectivity
– Pushes out to 'Distribution share' on a server within the Secureon a server within the Secure Enclave (use for 4th box!).
LUA = Def Pusher
Live Update Server
Live Update Server (cont.)
Live Update Server (cont.)
Live Update Server (cont.)
LUA Issues
1. Postgres.exe 100%
2 T bl h ti d f’ (3 42. Troubleshooting def’s (3-4 spots)
3 Patch’s more difficult3. Patch s more difficult
4. 12/31 disaster
5. No ‘delta’ benefit
Solutions – 3) Ticket Automation• Challenge:
– No ‘flip switch’ options to escalate alerts.L h d t f t h i SEM/SIM l ti– Laughed at for not having SEM/SIM solution.
• Solution: – Syslog serverSyslog server– Remedy server reads Syslog
Steps:
1. Configure ‘External Logging’
2. Point to Syslog server IP/porto t to Sys og se e /po t
3. SLOWLY turn on Log Filters
4 Request tickets be pulled4. Request tickets be pulled
5. Verified ticket generation
6. Solid Security Incident Response Process in place.
External Logging - Config
External Logging Ticket
Other Issues• Firewall Change Requests = > 80% of time
Cli t P k ti h ld ‘ t ’ SEPM• Client Packages sometimes held ‘master’ SEPM in Sylink.xml file. • Opened ticket – Due to TS installation.
• Use CD Package with custom Sylink
Sylink Issue
Sylink Issue
Resources: Exclusion Process
Resources: Exclusion Form