Enterasys NetSight® Automated Security Manager
Security Incident Automated Response Management
NetSight® Automated Security Manager (ASM) is the industry’s first management application to make the critical connection between network infrastructure and security incidents. ASM intelligently interacts with Enterasys Dragon IDS/IPS and third-party network security appliances to automate responses to security incidents. Legacy solutions may inform you that a security problem exists, ASM enables you to automatically respond and remediate the threat at machine speed – to ensure the confidentiality, integrity and availability of your information.
Most network security appliances can identify an attack by source IP address, MAC address or other such packet header information – but very few can find the physical location of the attacker. This is a major impediment to rapid response because it limits IT / Security Operations to blocking the attack, rather than isolating and remediating the attacker. Automated Security Manager, part of Enterasys’ NetSight centralized visibility and control network management suite, has been developed specifically to address this challenge.
ASM uniquely identifies the source of an attack by switch location, port number and user name – and enables a broad range of defensive actions including quarantining the user, disabling the switch port or rate limiting the traffic flow. ASM is multi-vendor interoperable, integrating with Enterasys Dragon® and third party intrusion detection/prevention systems, as well as Enterasys and third party switching, routing and wireless devices.
NetSight Automated Security Manager greatly enhances the effectiveness of security resources by automating the isolation and response to network borne attacks. The attack source may be blocked or quarantined without disrupting other users of business critical systems. Automated Security Manager provides a dynamic threat containment solution with a broad range of configurable response options.
Automated Security Manager enhances the capabilities of Enterasys NetSight Policy Manager and leading edge Intrusion Detection/Prevention (IDS/IPS) systems to provide sophisticated identification and management of threats and vulnerabilities. In operation the IDS/IPS system detects a security event and notifies ASM of the threat category and the source IP / MAC addresses via an SNMPv3 trap (inform) with AuthPriv enabled. ASM’s search functionality determines the source location (e.g. switch and port information). ASM then determines what actions should be taken based on predefined security policy. Finally ASM notifies the IDS/IPS system of the actions taken via an SNMPv3 trap.