The
iPolicy Security Manager (ISM) from
iPolicy Networks is a highly scalable security
management system that provides centralized
administration, configuration, monitoring
and reporting.
 The iPolicy Security Manager (ISM)
delivers world-class administration,
configuration, monitoring and reporting
services for enterprises and service
providers through a highly intuitive
and very easy-to-use interface. The
ISM is highly scalable, allowing
concurrent management of multiple
defense mechanisms such as firewall,
IDS/IPS and URL filtering for a large
number of iPolicy Intrusion Prevention
Firewall systems. Its ease of use
and collapsible multi-tiered architecture
make it ideal not only for mid-size
enterprises that require low overhead,
plug-and-play deployments but also
scales for large enterprises and
service providers who need to deploy
a large number of Intrusion Prevention
Firewalls.
The ISM supports
a distributed deployment architecture
to manage a large number of
iPolicy Intrusion Prevention Firewalls
(IPF) that may be installed in different
geographical
locations or across different departments
within an enterprise network. The ISM
consists of four main components*:
- The Global Security Administrator (GSA) is
the central component of the ISM
and provides rule aggregation across
multiple firewall defense mechanisms.
It also provides network and
security application co-management
across multiple security administrators.
GSA enables centralized,
correlated, and consistent security
enforcement across global distributed
networks.
- The Local Security Supervisor (LSS)
controls multiple iPolicy Intrusion
Prevention Firewall
systems for security deployment
and management. In a distributed
ISM deployment, a single GSA
can manage multiple LSS systems
over secure SSL links.
- The Security Data Logger (SDL)
is a dedicated, highly optimized
logging solution from iPolicy
that has the ability to securely
collect logs from multiple Intrusion
Prevention Firewalls (IPF) at high
rates. The SDL can be deployed
in a distributed mode with close
proximity to the IPFs and can be
used to view logs from the GSI
or forward logs via syslog. The
ISM provides a unified view of
the distributed logging across
all SDLs on the network.
- The Graphical Security Interface (GSI) is
a Java-based application which provides
an intuitive easy to use, unified
security management interface for
configuration, monitoring and reporting.
The GSI enables multiple administrators
to manage global or Security Domain-level
security policies in accordance
with their administrative privileges.
Additionally, iPolicy provides a
feature-rich, intuitive interface – the
Advanced GSI –which supports
advanced features such as virtualization
and co-management that are usually
required in large complex networks.
Administrators can choose to use
the GSI or the Advanced GSI based
on their configuration requirements.
(Note: *All
ISM components (including
GSA, LSS and SDL/Syslog) can coexist
and be collapsed on one system for
small deployments or can be distributed
across multiple systems for
managing a large number of Intrusion
Prevention Firewalls)
| Features |
Benefits |
| Centralized
Management |
Easy and
effective centralized management with distributed
control reducing operational complexity
and expenditure |
| Security
Policy based Management |
Enforce
security policy across
all IPFs and maintain a consistent
security posture across the organization |
| Security
Domain based Management |
Improves
operational efficiency
and reduces total
cost of ownership via network-wide
virtualization |
| Hierarchical
Administration |
Facilitates
interworking and coexistence of multiple
administrators with different responsibilities |
| Configuration
Wizard |
A 6-step
wizard simplifies deployment |
| Interactive
Network Topology Map |
A
network layout visual
for a quick view
of configuration and for point-of-reference |
|
Centralized
Policy Management
The centralized policy management
enables administrators to create
policies and rules to be applied to multiple
iPolicy Intrusion Prevention Firewalls automatically.
The GSI provides the ability to create
global security policies which can be enforced
across all Intrusion Prevention Firewalls
thereby enabling a consistent security posture
across the organization. This results in a
high level of security and reduced cost of
management and maintenance. Additionally,
it reduces the response time to attacks and
threats as a single change to the security
policy is reflected across the network on
all IPFs.
Integrated Wizard for Rapid Deployment
The GSI includes a six-step
wizard with integrated help
which enables rapid deployment
of the Intrusion Prevention
Firewall. The wizard quickly
walks a user through configuring
the network topology and
the defense mechanisms like
firewall, IDS, IPS, and
URL filtering to bring a
system up and running quickly and
efficiently.
 Interactive Network Topology Map
The GSI has a dynamic, interactive network
topology map which provides a visual
on how the Intrusion Prevention Firewall
is deployed. The map can also be used
as a configuration tool to
make changes in the network
topology changes that are
then
reflected into the configuration.
Virtualization through Security Domain
based Management
iPolicy Security Manager supports virtualization
in the form of Security Domains.
Security Domains provide
the ability to manage an
organization by grouping
multiple instances of Intrusion
Prevention Firewalls by geographic
locations or business functions.
For example, an administrator
can group all IPFs in different remote
Sales Offices into a single
Security Domain and manage its policies
as a single entity. This reduces
the overall effort to create
and manage policies and monitor
logs of each IPF, significantly
reducing administrative overhead.
Security Domain
based virtualization can
also be used to segment enterprise
networks into isolated segments
with their own virtual instance
of firewall, IDS/IPS, URL
filtering, etc. This can
be a useful tool to create
different zones within the
network to contain worm and
virus propagation within
a zone, reducing network
downtime required for post-incident
cleanup. Traffic traversing across
segments can have an added
layer of security.
Multi-Tiered Hierarchical
Management with Access
Rights
The iPolicy Security Manager provides
a unique feature with hierarchical
co-management based access
rights so multiple administrators
can coexist and perform their
functions based on their
privileges. A root administrator
can create multiple administrators
at the root level with different
granular access rights in configuration,
monitoring, reporting, etc. Additionally,
administrators can be created at
the Security Domain level to have
restricted access to manage policies
and logs corresponding to the Intrusion
Prevention Firewalls that they manage.
Global and Local Security Policy Overview
Security Policy based management
of security rules allows quick customization
of service offerings and enables
easy security provisioning. This
enables an enterprise, for example,
to enforce global security policies
consistently across the organization
while providing the flexibility to
make localized changes to each environment.
The overview helps with rapid rollout
of security service for service provider
like environments or with changes
to existing security policies across
a globally distributed enterprise
environment, reducing the response
time to threats and attacks.
Automated Response, Monitoring and Alert Management
The ISM also provides real-time monitoring
and the ability to configure automated
response options including logging,
alerting, and intrusion prevention
actions such as session termination
which can block and thwart attacks
in real time. The ISM also allows
administrators to trigger custom
scripts. Extensive notification and
reporting capabilities include posting
on the event console, syslog, SNMP,
email and HTML or PDF reports.
Real-Time Alerts and Statistics
The ISM provides real-time
notification of security alarms
and events. The ISM is capable of
handling and filtering large
volumes of alert and event data.
Notifications can be displayed on
screen in the GSI, dispatched
via email or SNMP traps, and forwarded
to a syslog server. The system also
provides extensive real-time statistics
support in tabular and graphic formats
which can be viewed through the
GSI.
ISM on DVD or Turn-Key
iPolicy Security Manager
software is available packaged
on a DVD. The ISM on DVD
includes all the required
components of ISM (GSA,
LSS, SDL, GSI) and database
software. The minimum recommended
system requirements for
ISM on DVD are:
- Intel Pentium 2 GHz,
- 1 GB of RAM,
- 40 GB hard disk (12-16 GB free space),
- DVD-ROM drive, and
- Microsoft Windows® XP Professional
with Service Pack 2, or
- Microsoft Windows Server 2003 Standard
Edition.
iPolicy Security Manager is also
available pre-packaged as
an appliance, the ISM
Express, which is a turn-key rack-mountable
server with all ISM management
software factory-installed.
Click
here to learn more about iPolicy's Intrusion
Prevention Firewall.
|
