kejaksaan agung request for proposal · effectively bridging vulnerability and patch management...

Kejaksaan Agung

Vulnerability Management Kejaksaan Agung Request For Proposal

Vulnerability Management Confidential and Proprietary Information of Kejaksaan Agung

2

Re: {RFP TITLE} On behalf of BeyondTrust®, it is my pleasure to provide you with a response to your Request for Proposal due {RFP DUE DATE}. (BeyondTrust’s submission is provided electronically as requested) Our account team thoroughly reviewed your requirements in preparation of the enclosed response. I also called upon several key groups at BeyondTrust to provide the most complete and accurate representation of our ability to support your requirements. Over the course of our 25+ years as the leader in Vulnerability Management and Privileged Account Management, some of the largest organizations in the world have called upon BeyondTrust to provide innovative solutions and services to ensure project success. The references provided within will substantiate our high level of customer support and commitment. We appreciate the opportunity to compete for your business, and your interest has merited exposure throughout the BeyondTrust organization. I am prepared to commit our most experienced and most highly regarded technical resources to ensure your project’s success. We acknowledge and accept the terms and considerations of the request, and we look forward to validating our solution and earning your business in the very near future. Sincerely, Fedriko Ekha Technical Sales Representatif Indonesia BeyondTrust 08176391099/081386092698 [email protected] www.beyondtrust.com

RFP Response

http://www.beyondtrust.com/


3

Table of Contents

Executive Summary ...................................................................................................... 5

Today’s Market Realities ......................................................................................................... 5

Common Challenges in Enterprise Vulnerability Management ............................................... 5

What Makes Our Solutions Different ..................................................................................... 6

Context-Aware Security Intelligence ............................................................................................... 6

Integrated Threat Intelligence ......................................................................................................... 7

World-Renowned Security Research ............................................................................................... 7

Zero-Gap Visibility .......................................................................................................................... 7

Reporting and Analytics .................................................................................................................. 7

BeyondInsight Competitive Differentiators ................................................................................... 10

BeyondTrust Corporate Overview ................................................................................ 12

Our Mission ........................................................................................................................... 12

Industry Pioneers and Still Leading the Way ......................................................................... 12

Technology & Community Leadership .................................................................................. 13

Financial Overview ................................................................................................................ 14

BeyondTrust Customers ........................................................................................................ 15

BeyondTrust Partners ........................................................................................................... 17

Professional Services............................................................................................................. 17

Third-Party Integration ......................................................................................................... 17

Proposed Solution Overview........................................................................................ 18

Available BeyondTrust Solutions Outside the Scope of this Proposal ................................... 18

Proposed Solution Details ..................................................................................................... 19

BeyondInsight ............................................................................................................................... 19

...................................................................................................................................................... 20

Retina Network Security Scanner .................................................................................................. 20

Retina Protection Agent ................................................................................................................ 21

BeyondSaaS Cloud-Based Perimeter Scanning ............................................................................. 21

Retina Patch Management Module ............................................................................................... 23

Retina Configuration Compliance Module ..................................................................................... 24

Retina Regulatory Reporting Packs ............................................................................................... 25

PowerBroker Endpoint Protection Platform .................................................................................. 26


4

Retina Web Security Scanner ........................................................................................................ 26

Response to the Technical Requirements for Vulnerability Management ........................ 28

Must Have Requirements ..................................................................................................... 28

Desired Requirements .......................................................................................................... 28

Appendix A: Pricing Proposal ....................................................................................... 29

Appendix B: Technical and Business Requirements ....................................................... 30

Appendix C: Deployment Architecture ......................................................................... 31

Appendix D: Third-Party Integration ............................................................................ 33

Appendix E: Technical Support Overview ..................................................................... 35

Overview ............................................................................................................................... 35

Technical Support Commitment ........................................................................................... 35

Support Programs at a Glance .............................................................................................. 35

Training and Consulting Services .......................................................................................... 37

Our Commitment to You ............................................................................................. 38

Additional Content – Use if Relevant / Needed for Specific Responses ............................ 39

Delivering Value to Kejaksaan Agung RI ............................................................................... 39

BeyondTrust Vulnerability Management Focus Areas ......................................................... 40

Vulnerability Management ............................................................................................................ 40

Management Visibility .................................................................................................................. 40

Proactive Threat Analytics ............................................................................................................ 40

Virtualization ................................................................................................................................. 40

Mobility ......................................................................................................................................... 41

Patch Deployment and Verification ............................................................................................... 41

Regulatory Compliance ................................................................................................................. 41

Configuration Benchmarking ........................................................................................................ 42

Endpoint Protection ...................................................................................................................... 42


5

Executive Summary

Today’s Market Realities

With the recent spate of high-profile data breaches, security-conscious organizations realize that their financial viability and business continuity depend on effective IT security risk management. Given the potential fallout of a breach, many organizations rely on vulnerability and compliance management initiatives to keep their critical information secure, protect sensitive systems, and demonstrate compliance with regulatory requirements. These efforts are further complicated by burgeoning new security exposures introduced by a proliferation of applications, employee-owned devices, mobile computing, social networks, and other expanding attack surfaces. Critical compliance regulations, such as PCI, HIPAA and Sarbanes-Oxley, also mandate specific security controls pertaining to vulnerability management. However, aligning internal security processes with regulations and providing meaningful reports to management and auditors are notoriously time-consuming and costly exercises. Unfortunately, there’s no way around the harsh reality that non-compliance results in penalties, lost business, and other indirect costs.

Common Challenges in Enterprise Vulnerability Management

Organizations frequently select BeyondTrust solutions to address the following types of challenges:

Gaining visibility into risk across large, heterogeneous IT environments comprised of network, web, virtual, cloud and mobile assets

Making sense of multiple risk data inputs from decentralized, standalone security tools

Discerning the unique implications of security exposures on business operations

Demonstrating compliance with multiple regulatory mandates

Building and customizing reports for management, auditors, and other stakeholders

Ascertaining the risk potential of zero-day threats and client-side exploits

Confirming that security controls are in-place and operating effectively

Researching remediation options and gauging their potential impact and related costs

Effectively bridging vulnerability and patch management processes

Accounting for “exception” systems, as well as changing network and configuration profiles

Assessing remote office infrastructure and complex network architecture

Managing local, global and delegated administrative processes

We address security challenges across a broad range of assets and technology in unique environments via an integrated suite of solutions covering:

Vulnerability Assessment and Management

Attack, Malware, and Advanced Persistent Threat Protection

Privileged Account Management

Regulatory Compliance

Configuration Compliance

Patch Management

What Makes Our Solutions Different

Context-Aware Security Intelligence

We recognize that you are short on time and long on to-dos. Our goal is therefore to provide you with context-aware security intelligence regarding the potential impact of IT threats on your specific environment. BeyondTrust is uniquely able to help you make informed decisions regarding the two pre-eminent IT security and compliance needs: 1) What to fix first, and 2) What to fix next. We do this by delivering the security information that is relevant to your unique business, enabling quickly identify exposures, clearly understand their associated risks, and efficiently determine the best course of action for risk reduction. We are different from other vendors who simply present a laundry list of things that need to be fixed, with little or no priority or added value.


7

Integrated Threat Intelligence

BeyondTrust provides a complete understanding of the modern threat landscape, backed intelligence from our research and audit teams. Our solutions incorporate relevant security data – such as available exploits, currently circulating malware and attacks, compliance requirements, mitigations, etc. – to help you make better, more informed security decisions. These decisions could include remediation, privilege management, or a combination of both. No other vendor is able to integrate this important understanding into its products.

World-Renowned Security Research

BeyondTrust’s security research team, led by CTO Marc Maiffret, constantly and relentlessly researches new and emerging threats and incorporates their findings into our products. This understanding not only drives more effective protection methods, but also is used to help our customers filter “real” from “potential” threats.

Zero-Gap Visibility

BeyondTrust is the only security solution provider to provide vulnerability, privilege and data visibility across all physical, virtual, cloud and mobile assets, in addition to traditional desktops and servers. This is incredibly important – with new technologies come new risks that must be understood, assessed, prioritized and managed. BeyondTrust has the foresight to develop solutions that enable you to address new security challenges as part of your existing security strategy.

Reporting and Analytics

Maintaining information security requires the involvement of several people across the organization, from security and IT operations professionals to end users and executives – each of whom consumes and understands data in different ways. Therefore, the relevancy and usefulness of vulnerability management data to different audiences can ultimately mean the difference between remaining secure and suffering a breach.


8

BeyondTrust’s results-driven reporting and analytics capabilities bring risk into focus enterprise-wide. Using an intuitive dashboard interface, you simply indicate the type of information you need, such as an SLA report or a HIPAA compliance report, and define the business context of your assets. BeyondInsight then delivers customized, relevant and actionable data in a wide variety of report formats. This allows you to deliver the right information, in the proper context, to the people responsible for measuring and mitigating risk in your organization. Our reporting and analytics capabilities enable your team to:

Determine what to fix first, what to fix next – and why

Prioritize the people, processes, and technology needed to address exposures

Predict the return on remediation efforts prior to committing resources

Measure the efficacy of vulnerability management processes over time

Share results and data in terms and formats relevant to specific audiences

BeyondInsight Executive Trend Dashboard


9

Introducing The BeyondInsight IT Risk Management Platform

BeyondTrust offers an integrated product and solution portfolio designed to reduce your organization’s attack surface and mitigate its breach damage potential. This portfolio is centered on the BeyondInsight IT Risk Management Platform, a centralized management, analytics and reporting console. BeyondInsight works with our Retina and PowerBroker point solutions to address the two most significant contributors to modern attack surfaces: vulnerabilities and uncontrolled privileges. BeyondInsight can enable your organization to make sense of its “big security data” (the limitless supply of security metadata, such as information on operating systems, patches, configurations, services, privileges, attacks, potential attacks, etc.) – and turn that data into an advantage. With BeyondInsight, you can distinguish actual threats from potential threats in real time.


10

BeyondInsight Competitive Differentiators

BeyondInsight helps you understand vulnerability and risk information in the context of your business through the following differentiators:

Zero-Gap Discovery: BeyondInsight is the only solution that provides 100% discovery of vulnerabilities across local, remote, physical, virtual, mobile, and private-cloud systems to ensure all weaknesses are identified. No other vulnerability management vendor provides active and agent-based options to ensure both managed and unmanaged systems are identified and assessed for vulnerabilities.

Built-In Remediation: BeyondInsight is the only solution that provides built-in remediation with integrated patch management and seamless integration with all major patching solutions.

Contextual Risk Prioritization: BeyondInsight is the only solution that provides risk information with associated exploit, attack, and malware data, plus flexible risk scoring based on business, assets, and risk appetite so the biggest security risks can be found and fixed first.

Active Decision Management: BeyondInsight is the only solution that correlates attack and malware data to assets, allowing you to make decisions based on active conditions affecting a host.

Security Intelligence Engine: BeyondInsight is the only solution that provides an advanced security intelligence engine with actionable security insight, analytics and trending.

Ongoing Security Research: BeyondTrust’s research and development team is at the forefront of the constantly evolving threat landscape, staying aligned with the latest security threats to feed our solutions with real-world, contextual risk data.

Advanced Threat Intelligence: BeyondInsight is the only solution that includes mapping of vulnerabilities to known exploits available in Metasploit, Core Impact, ExploitDB and others to better prioritize risks. This is in addition to severity data based on asset scoring, BeyondTrust malware and exploit research, exploit databases, exploitability indices, CVSS (base, temporal and environmental metrics), and other contextual inputs.

Vulnerability Assessment for Mobile Devices: BeyondInsight is the only solution that provides central management of organization-wide mobile device security from a single console. Android, Blackberry Enterprise Server, and MS Exchange ActiveSync connectors are available.

Advanced Regulatory Reporting: BeyondInsight is the only solution that provides advanced regulatory reporting with the most comprehensive mappings of vulnerability and configuration audits to mandates including PCI, HIPAA, SOX, GLBA, NIST, FERC/NERC, MASS 201, ISO, COBiT, and ITIL.

Advanced Configuration Compliance: BeyondInsight is the only solution that automates configuration compliance with easy management via its network vulnerability assessment scanner.

Broadest Support for Industry and Government Security Standards: You won’t find another solution offering more security standards, auditing, and reporting capabilities. We were among the first companies to offer auditing for STIG, FDCC, and others. BeyondTrust has been very involved in the security content automation protocol (SCAP), an umbrella to several standards under which BeyondTrust is certified. Even when certification wasn’t available, in cases such as XCCDF, BeyondTrust was the first company to support scanning and automation of XCCDF.


11

Smart Groups: Dynamically populate asset groups based on any discovered attribute of a target including installed software and running process. Use predefined groups for common roles such as web servers and operating systems.

Smart Rules: Create business-intelligent rules on discovered asset traits such as operating system, open ports, and services running.

Smart Alerting: Set comprehensive alerts on any discovered findings on assets including vulnerabilities, rogue devices, and many other host changes.

Smart Targeting: Target assessment scans based on any discovered asset criteria such as installed software or any other enumerated characteristic.

Integrated Workflow and Ticketing: Whether your organization is standardized on a Help Desk ticketing solution, or you require one for security events, BeyondTrust can satisfy your business requirements. BeyondInsight offers extensive third-party integration with tools like BMC Remedy and Security Information Managers (please reference Appendix D), as well as its own onboard ticketing system. BeyondInsight can automatically open, assign and track tickets via a full-featured process backed by reporting, alerting and automatic closure capabilities.

Role Based Security: BeyondInsight is the only solution that provides dynamic, role-based security across all central management, asset visibility, ticketing, alerting, and reporting functions.


12

BeyondTrust Corporate Overview

Our Mission

With over 25 years of experience in IT security and operations, BeyondTrust is a recognized leader in vulnerability and compliance management. Our solutions enable organizations to reduce IT security risks, improve security and policy compliance, and enhance operational efficiencies. Thousands of private-sector and government organizations, including organizations such as HP Security Services, Marriott, Geico and the entire U.S. Department of Defense, rely on BeyondTrust solutions to reduce security risks and demonstrate compliance. BeyondTrust is committed to leading the vulnerability management market with award-winning products and insightful, consistent thought-leadership. We exceed expectations in the quality and depth of our solutions and deliver exceptional customer support and ROI. BeyondTrust is uniquely positioned to lead this constantly evolving market, and our reputation as "The Vulnerability Experts" further drives that potential. We intend to leverage our leadership position in the vulnerability management space along with our world-renowned research team to expand beyond traditional assessment into mobility, virtualization and cloud deployments that are currently significantly under-serviced. Moving forward, BeyondTrust will enhance our product offering to provide zero-gap assessments and efficient manageability of related security and compliance tasks. Our best-of-breed solutions allow customers to manage enterprise risk from a single web-based console and centralized reporting warehouse so they can reduce IT security exposures and more efficiently and effectively manage vulnerabilities.

Industry Pioneers and Still Leading the Way

Having developed Retina, one of the first vulnerability scanners on the market, BeyondTrust continues to expand its foundation to deliver end-to-end vulnerability and compliance management. The company has always been driven by a team of passionate security experts, led by IT security visionary, CTO Marc Maiffret, who serve as thought leaders to the community in ways such as:

Testifying before the US Congress on multiple occasions on matters of national cyber security and critical infrastructure protection.

Contributing to the IT Security community with free tools and resources

Continually improving BeyondTrust solutions to prevent the exploit of newly discovered vulnerabilities


13

Technology & Community Leadership

BeyondTrust has a tradition of supporting the IT security community with free and useful tools and services including:

Vulnerability Experts Forum (VEF): Free monthly web events held every Wednesday after Patch Tuesday to provide inside advice and analysis from BeyondTrust’s renowned research team.

Retina Community: Free version of BeyondTrust’s acclaimed Retina Network Security Scanner and BeyondInsight Management Console for powerful vulnerability assessment and management up to 128 IPs.

Zeroday Tracker: Free service providing timely information on the latest Zero Day vulnerabilities and how to combat them.

Security In Context Blog: BeyondTrust company blog featuring pertinent IT security-related topics.

http://www.beyondtrust.com/Resources/VulnerabilityExpertForum/

http://go.beyondtrust.com/community

http://blog.beyondtrust.com/zd_threat?status=zeroday

http://blog.beyondtrust.com/


14

Financial Overview

BeyondTrust is a profitable, privately held company headquartered in Phoenix, Arizona. Further information is available upon consummation of a transaction between Kejaksaaan Agung RIand BeyondTrust.


15

BeyondTrust Customers

Thousands of mid-to-large-sized private sector and government organizations, including the largest vulnerability management installations in the world, rely on BeyondTrust to reduce IT security risk and simplify regulatory compliance. Example BeyondTrust customers include:

Tech/Computer/

Software/Electronics

Consulting/Services Manufacturing Education Banking/Financial

Services

Energy/Utilities


16

Health/Bio Tech/

Pharma

Government Retail/Distribution/

Consumer

Insurance Construction/

Engineering/Mining

Telecom/

Communications


17

BeyondTrust Partners

Together with our partners, we deliver best-of-breed products and services to help organizations maintain the highest standard of security and compliance while reducing costs. BeyondTrust partners with leading reseller, managed service provider, and technology partners. Learn more about BeyondTrust Partners:

BeyondTrust Resellers and Distributors: Resell BeyondTrust unified vulnerability management solutions.

BeyondTrust Technology Partners: Integrate complementary solutions with BeyondTrust products to add value for our joint customers.

BeyondTrust Managed Service Providers (MSPs): Offer BeyondTrust solutions as part of their managed security services offerings.

Professional Services

BeyondTrust offers post-sale Professional Services to ensure successful installation and configuration of all BeyondTrust products, and to maximize your return on investment. The highly trained Professional Services group can assist with network setup, solution architecture and design while providing the highest quality of customized training. Engagements range from phone and web consultations to multi-day onsite consultations to execute the most complex deployments. BeyondTrust’s world-class Technical Support team is dedicated to providing our customers with responsive, high-quality assistance to ensure our solutions run smoothly and effectively. Our philosophy is simple: We are customer advocates committed to supplying the best possible service and swift resolution for technical issues related to our products.

Third-Party Integration

BeyondTrust offers extensive third-party integration with the PowerBroker Privilege Identity Management Solution. These integrations allow critical data to be shared with the most popular help desk solutions, security information managers, and network management solutions. In addition, BeyondTrust has a comprehensive Third-Party Integration Guide for developing custom integrations for bespoke applications, custom reporting, and new solutions from other commercial vendors. For more details, please reference Appendix D in this document.

http://www.beyondtrust.com/Partners/ResellersDistributor

http://www.beyondtrust.com/Partners/TechnologyPartners

http://www.beyondtrust.com/Partners/MSPPartners/


18

Proposed Solution Overview To solve the challenges outlined above, BeyondTrust recommends the Retina Vulnerability Management Suite, which provides unified vulnerability and compliance management to reduce IT risks, close security gaps, and deliver context-aware security intelligence. Below is a brief overview of the Retina Vulnerability Management Suite, followed by additional details for each component. The Retina Vulnerability Management Suite includes the following standard components:

BeyondInsight IT Risk Management Platform: enterprise management, analytics and reporting

Retina Network Security Scanner: the fastest, most mature vulnerability scan engine available; assesses network, web, mobile, cloud and virtual environments

Retina Protection Agent: lightweight agent for local vulnerability assessment, zero-day monitoring, and intrusion prevention

Please note: The above components are collectively marketed as Retina CS Enterprise Vulnerability Management. The delivered solution is branded “BeyondInsight.” The following optional Retina Vulnerability Management modules plug seamlessly into the BeyondInsight platform for centralized management, analytics and reporting:

BeyondSaaS: cloud-based vulnerability scanning service for externally facing network assets and web applications

Retina Patch Management Module: seamless, agentless patching for Microsoft and third-party applications

Retina Configuration Compliance Module: SCAP-certified security policy management module that monitors compliance with over 60 industry benchmarks

Retina Regulatory Reporting Packs: compliance management module that maps vulnerability and configuration audits to specific mandates

PowerBroker Endpoint Protection Platform: all-in-one firewall, virus and spyware protection, vulnerability assessment, intrusion prevention, buffer overflow protection, registry and execution protection, and optional web application firewall (an upgrade from Retina Protection Agent)

BeyondTrust also offers Retina Web Security Scanner, a dynamic application security testing (DAST) solution. Retina Web Security Scanner is currently a standalone product and will be integrated into BeyondInsight in a future release.

Available BeyondTrust Solutions Outside the Scope of this Proposal

The Retina Vulnerability Management Suite is complemented by BeyondTrust’s family of PowerBroker Privileged Account Management (PAM) solutions. BeyondInsight-enabled PowerBroker solutions include:

PowerBroker for UNIX and Linux Servers: manage privileged and shared accounts for UNIX, Linux and Mac servers

http://www.beyondtrust.com/Products/RetinaCSThreatManagementConsole


http://www.beyondtrust.com/Products/PowerBrokerUnixLinux


19

PowerBroker for Windows Desktops and Servers: control Windows admin privileges and manage least privilege deployments

PowerBroker Password Safe: manage privileged passwords, rotate passwords, and audit all password activity

BeyondTrust also offers the following PAM solutions that currently operate outside of the BeyondInsight environment:

PowerBroker Identity Services (AD Bridge): extend Active Directory authentication and Group Policy configuration management to UNIX, Linux and Mac systems

PowerBroker Auditor solutions: reveal the “who, what, when and where” behind changes to Active Directory, Exchange, SQL, & Windows File system; rollback AD changes; conduct entitlement reporting

Proposed Solution Details

BeyondInsight

BeyondInsight is the security industry's only unified vulnerability, privilege, and compliance management solution that integrates security risk discovery, prioritization, remediation, and reporting across the entire IT infrastructure – including traditional assets like servers and desktops and rapidly evolving technologies like virtual, mobile and cloud assets. A web-based management console, BeyondInsight is used to centrally manage many of BeyondTrust’s point solutions, acting as a central policy manager, as well as the primary analytics and reporting interface for our solutions. This diagram depicts our platform solution structure:

BeyondInsight is the centralized management and reporting console.

PowerBroker and Retina are our primary product families.*

Each family is further broken out into four main capability sets.

The outer ring represents BeyondInsight capabilities that benefit the individual Retina and PowerBroker products running within the platform environment.

*This proposal is for the Retina Solution Suite. PowerBroker Privileged Account Management

http://www.beyondtrust.com/Products/PowerBrokerforWindows

http://www.beyondtrust.com/Products/PowerBrokerPasswordSafe/

http://www.beyondtrust.com/Products/PowerBrokerIdentityServicesADBridge

http://www.beyondtrust.com/Home/AllProducts/#section-auditing


20

solutions can easily be added to your license at any time.

The BeyondInsight Dashboard

>> Learn more about BeyondInsight

Retina Network Security Scanner

With over 10,000 deployments since 1998, Retina Network Security Scanner is the most sophisticated vulnerability assessment solution on the market. Retina Network Security Scanner enables you to efficiently identify IT exposures and prioritize remediation. It also serves as the core scan engine for Retina CS Enterprise Vulnerability Management, which combines Retina Network with the BeyondInsight centralized management, analytics and reporting console. This enterprise-class solution offers Zero-Gap assessment coverage across the following environments: Network Systems

Assess network devices, operating systems, applications, ports and services against a constantly updated vulnerability database

Identify and manage user privileges (via BeyondTrust PowerBroker solutions)

Accurately identify vulnerabilities with a false positive rate below 1%

Perform Class C network scans in under 15 minutes on average

Get PCI DSS 2.0 scanning and reporting capabilities out of the box

Receive updates within 48 hours of new critical vulnerabilities

Web Applications

Conduct automated vulnerability assessment and web crawling with no scripting required

http://www.beyondtrust.com/Products/BeyondInsight


21

Detect OWASP Top Ten vulnerabilities including SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, OS Command Injection, and more

Fully integrated into the Retina assessment engine with no additional licensing needed

Private and Public Clouds

Determine which instances are running, when they move, and how they behave when they interact with your environment – even when powered off

Track virtual machines by instance ID, rather than host name or IP, to properly determine state of the virtual machine.

Amazon AWS, IBM SmartCloud, GoGrid, Rackspace, and VMware vCenter connectors are available

Mobile Devices

Identify mobile devices connecting to your network and mail system

Conduct agent-based and agentless vulnerability assessments

Ensure devices are in compliance with PCI, HIPAA and other regulations

Android, Blackberry Enterprise Server, and MS Exchange ActiveSync connectors are available

Virtual Environments

Assess VMware ThinApp applications for vulnerabilities

Power-on and reconfigure VMware offline images for assessment

Data Discovery

Identify personally identifiable information (PII) on assets

Classify the results by data discovered, asset name, and type of data

Verify data security for regulatory compliance initiatives

>> Learn more about Retina Network Scanner with BeyondInsight (aka Retina CS Enterprise Vulnerability Management)

Retina Protection Agent

The Retina Protection Agent (RPA) closes the security gap created by systems that can't be reached with remote vulnerability assessments alone by providing a lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention. Get complete risk discovery even for systems that are offline or disconnected from the network or 'exception' systems that can’t be changed due to external regulations. And, with RPA, you get an additional layer of protection with continuous zero-day vulnerability monitoring and intrusion prevention. >> Learn more about Retina Protection Agent

BeyondSaaS Cloud-Based Perimeter Scanning

BeyondSaaS is a cloud-based, external vulnerability assessment solution that gives you an attacker’s-eye view of your IT perimeter. The solution conducts fast, affordable security assessments of your



http://www.beyondtrust.com/Products/RetinaProtectionAgent/


22

public-facing network infrastructure and web applications, while delivering straightforward and accurate reports. As a result, you’re able to quickly identify perimeter vulnerabilities, clearly understand their potential impact, and decisively act to mitigate threats. BeyondSaaS data can be imported into the BeyondInsight console for centralized analytics and reporting alongside internal vulnerability scan results. BeyondSaaS Network Vulnerability Scanning Capabilities

Assess network devices, operating systems, applications, ports and services against a vast, constantly updated vulnerability database

Measure PCI DSS compliance, and gauge perimeter security versus best practices

Accurately identify vulnerabilities with a <1% false positive rate

Perform Class C network scans in under 15 minutes on average

Profile target operating systems via Nmap and proprietary OS fingerprinting

Scan custom machine configurations, ports and applications

BeyondSaaS Web Application Vulnerability Scanning Capabilities

Conduct automated vulnerability assessment and web crawling with no scripting required

Detect vulnerabilities including SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, OS Command Injection and more

Assess password strength via automated dictionary attacks

The BeyondSaaS Dashboard


23

>> Learn more about BeyondSaaS

Retina Patch Management Module

The Retina Patch Management Module closes the loop on vulnerabilities and provides seamless, agentless patching from the BeyondInsight console. It also provides business intelligence and reporting on patch processes.

Retina extends WSUS beyond Microsoft applications to provide an integrated patching solution for Windows and third-party applications including Adobe and Mozilla (Firefox), and more.

Built on the Microsoft WSUS engine that many organizations already use, Retina reduces effort and expense with built-in, automated patch management.

Support for Air Gapped Networks Retina CS includes support for disconnected or “Air-gapped” WSUS environments, common in many government deployments.

To better prioritize remediation efforts, Retina provides an integrated, automated solution for approving and tracking patch deployments.

Target devices and view missing and available patches. For critical assets, use "Patch Now" to reduce the attack surface without waiting for the next scheduled patch update.

Out-of-the-box reporting gives you options such as patch availability reports, targets requiring patch, patch deployment results, and more.

Integrated data warehouse and business intelligence provide executive and operational views into patch processes.

Integrate information from Regulatory Reporting and Configuration Compliance Modules to prioritize patch management based on risk profile

Retina Patch Management Module: Patch Details

http://www.beyondtrust.com/Products/BeyondSaaS


24

>> Learn more about the Retina Patch Management Module

Retina Configuration Compliance Module

This SCAP-certified security policy management module monitors compliance with over 60 industry benchmarks, including Microsoft, NIST, USBCG, and DISA STIGs, as well as with internally developed organizational benchmarks.

Built-in templates for Windows operating systems and applications from FDCC, NIST, STIGS, USGCB, and Microsoft.

Out-of-the-box configuration auditing, reporting, and alerting for common industry guidelines and best practices to keep your network running, available, and accessible.

Single console approach ensures a more stable and secure infrastructure, proactively reducing the risks of security breaches and lowering costs by enabling enterprise-wide management.

Configuration assessment for critical security settings that include audit settings, security settings, user rights, logging configuration, etc.

Streamlined reporting for government and corporate standards with built-in vulnerability reporting and integration with BeyondInsight for delta dashboards and drilldowns.

Simple wizard for benchmark compliance leveraging a robust library of industry benchmarks encapsulating industry knowledge and experience.

OVAL 5.6 SCAP-certified scan engine and interpreter.

Retina Configuration Compliance Module: Benchmark Compliance Profiles

http://www.beyondtrust.com/Products/PatchManagement


25

>> Learn more about the Retina Configuration Compliance Module

Retina Regulatory Reporting Packs

Automate reporting for corporate policies, government regulations, and industry standards, mapping vulnerability and configuration audits to mandates including PCI, HIPAA, SOX, GLBA, NIST, FERC/NERC, MASS 201, ISO, COBiT, and ITIL.

Automated compliance reporting for corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO. Take advantage of a full list of compliance reports that map vulnerability and configuration audits to mandates including PCI, HIPAA, SOX, GLBA, NIST, FERC/NERC, MASS 201, ISO, COBiT, ITIL, and HITRUST.

Report mappings from Retina scan data to control objectives and specific computer controls as outlined within each mandate. Eliminate costly manual processes of extracting raw data into security and compliance reports.

Advanced reporting that allows you to centrally monitor compliance standing on an ongoing basis. Get a comprehensive view of all managed systems on the network to identify, assess, and manage IT risks associated with regulation control objectives.

Continually updated reports, closely monitored by the BeyondTrust Research Team, keep your organization up-to-date with changes to regulatory controls and newly discovered vulnerabilities.

Daily compliance dashboards and drilldowns provide repeatable, actionable response to compliance violations and make it much easier to demonstrate ongoing compliance.

Retina Regulatory Reporting: HITRUST Compliance by Month Report

http://www.beyondtrust.com/Products/ConfigurationCompliance


26

>> Learn more about Retina Regulatory Reporting Packs

PowerBroker Endpoint Protection Platform

The PowerBroker Endpoint Protection Platform combines system and application firewalls, intrusion prevention, anti-malware and virus, with a local vulnerability assessment capability. Designed and maintained by the world-renowned BeyondTrust Security Research Team, PowerBroker Endpoint Protection protects from entire classes of attack – avoiding the need for constant rule or signature updating. This "no-touch" security for your critical endpoints helps drive down the cost of managing those systems.

PowerBroker Endpoint Protection Platform Dashboard

>> Learn more about The PowerBroker Endpoint Protection Platform

Retina Web Security Scanner

Retina Web Security Scanner is a dynamic application security testing (DAST) solution designed for modern mobile and web applications built on new technologies such as REST, AJAX, JSON and GWT. With Retina Web Security Scanner, you get comprehensive application coverage and sophisticated

http://www.beyondtrust.com/Products/RegulatoryCompliancePack

http://www.beyondtrust.com/Products/RegulatoryCompliancePack

http://www.beyondtrust.com/Products/PowerBrokerEndpointProtection


27

attack capabilities, backed by the lowest false positive and false negative rates in the industry. Retina Web Security Scanner assesses web application security against the following attack types: Server and General HTTP AJAX auditing Detection of client-side technologies Directory indexing and enumeration HTTP response splitting Canonicalization attacks

Cookie security Custom fuzzing Path manipulation - traversal Brute force authentication attacks

Data Injection and Manipulation Attacks SQL injection: traditional and blind Persistent cross-site scripting (XSS) Reflected and DOM-based XSS OS command injection

Cross-site request forgery (CSRF) Remote file inclusion (RFI) Parameter redirection

Sessions and Authentication Session strength Authentication attacks Insufficient authentication Path truncation WebDAV auditing

Web services auditing File enumeration Information disclosure Directory and path traversal Brute force authentication attacks

Please note that Retina Web Security Scanner currently operates as a separate implementation from BeyondInsight. Integration is planned for a future release.


28

Retina Web Security Scanner: Executive Summary Report

>> Learn more about Retina Web Security Scanner Response to the Technical Requirements for Vulnerability Management

Must Have Requirements

Desired Requirements

http://www.beyondtrust.com/Products/RetinaWebSecurityScanner


29

Appendix A: Pricing Proposal See attached Excel spreadsheet.


30

Appendix B: Technical and Business Requirements


31

Appendix C: Deployment Architecture

Notes:

BeyondInsight uses MS SQL with separate databases to perform vulnerability management and data warehouse functions.

Mobile connectors for Android, Blackberry Enterprise Server, and Microsoft ActiveSync connect to BeyondInsight

The Retina Network Security Scanner (RNSS) performs vulnerability assessment across all TCP/IP addressable devices, virtual machines, and cloud-based installations

The solution can scale to virtually any size architecture based on the proper selection of hardware and placement of components, from scan engines to BeyondInsight and MS SQL databases

RNSS

Analytics & ReportingBeyondInsight

SQL

vCenter AWSRackspaceGoGridIBM SmartCloud

Cloud

Mobile UsersHardened ServersWorkstationsKiosks

MS SQLOracleMySQL

Operating SystemsApplicationsConfiguration

Web Applications

BESActiveSyncAndroid

PBWPBUL

Retina Network Security Scanner (RNSS) Retina Protection Agent (RPA), PowerBroker EPP

BeyondInsight DB

Analytics & Reporting DB


32

Sample Distributed Deployment of BeyondInsight Notes: Scalability can be achieved by placing Retina Network Security Scanners in different networks

based on firewalls, geography, wide-area network connections, and other network-limiting conditions

Job scheduling is managed via Central Policy Results are transmitted encrypted in the form of Events to the AppBus , web services, or Events

Server After processing, the data is available in the BeyondInsight Management Console The components for BeyondInsight are all-inclusive in a BeyondTrust appliance but can be installed

separately on multiple hosts or virtual machines for scalability and load distribution

Retina Network Security Scanner (RNSS) Retina Protection Agent (RPA), PowerBroker EPP

Event Data Replication

BeyondInsight

BeyondInsight (UK) BeyondInsight (Japan) BeyondInsight (US)


33

Appendix D: Third-Party Integration The table below lists current integrations for BeyondTrust’s Vulnerability Management Solutions. BeyondTrust and the partner support these integrations. Additional integrations can be implemented using a “codeless” solution and are documented in the Third-Party Integration Guide. Please consult with BeyondTrust sales and field engineering for additional support and references. Partner Description Retina BeyondInsight Method

Agiliance Governance, Risk, and Compliance √ Database

ArcSight ArcSight ESM SmartConnector √ √ Database

BMC Remedy Helpdesk √ email

CA Unicenter and Spectrum √ √ SNMP

Cisco MARS and NAC Game Server √ Database

Control Case Retina Cloud & Governance, Risk, and Compliance

√ Command Line, API, Database

Core Security Core Impact, Penetration Testing √ DSN, Audits.XML

Dell Managed Services Integration √ OEM, API, Flat File

eIQNetworks Security Information Manager √ √ Database

Intellitactics Security Information Manager √ √ SNMP

ForeScout Network Access Control √ Command Line

Log Rhythm Security Information Manager √ Database

MetaSploit Penetration Testing √ √ Flat File, API, UI

Microsoft Windows System Update Servers, Active Directory

√ API, UI

N-able Remote Manager √ OEM, API

net Forensics Security Information Manager √ SNMP

NitroSecurity Security Information Manager √ √ SNMP

Norman AntiVirus Integration API

NT Objectives Web Application Scanning Partner √ √ OEM

Prism Microsystems

Security Information Manager √ √ SNMP

Q1 Labs Q1 Radar, Simple Log Information Manager

√ SNMP

RedSeal Redseal Security Risk Manager √ √ Database

RSA RSA Envision √ √ SNMP

RSA Archer eGRC √ Database

Skybox Skybox View Suite √ √ DSN

SourceFire Intrusion Prevention Systems √ Database

Solutionary Managed Security Service Provider √ Flat File

Symantec Security Information Manager √ SNMP


34

Legend:

API – Integrates into the solution’s API for direct control and communications

Audits.XML – Directly consumes the solution’s audit database

Command Line – Manages scan jobs and reports from the command line

DSN – Requires the solution to use an ODBC DSN for data storage

email – Results are email-driven

Flat File – Flat files such as a CSV of XML are used to process vulnerability results

Database – Direct connectivity to the management database for asset and scan results

OEM – An OEM relationship exists with this vendor

SNMP – Simple Network Management Protocol (v1 to v3) Traps provide integration details and results. BeyondTrust provides a MiB for these integrations.

UI – User Interface integration allows direct cross-product functionality


35

Appendix E: Technical Support Overview

Overview

BeyondTrust’s world-class Technical Support team is dedicated to providing our customers with responsive, high-quality assistance to ensure our solutions run smoothly and effectively. Our philosophy is simple -- we are customer advocates committed to supplying the best possible service and swift resolution for technical issues related to our products. Our support services include troubleshooting, workaround assistance and implementation best practices advice along with access to our extensive on-line knowledge base. BeyondTrust support engineers have full accountability for the resolution of an assigned case, acting as the customer's single point of contact and coordinating the efforts of the product engineering teams and, where relevant, partners and third-party vendors.

Technical Support Commitment

The BeyondTrust Technical Support Team provides timely, personal and resolution-oriented assistance to our highly valued customers. Technical Support tickets are handled by our trained technical support staff and escalated to either Engineering for defect resolution or to Product Management for consideration in a future release. In addition to personalized customer contact, the team provides support assistance for BeyondTrust Sales staff and Field Engineers. To maintain our level of expertise, Technical Support assists Quality Assurance in product testing prior to release as well as provides a conduit for customer feedback to Development, Quality Assurance and Product Management.

Support Programs at a Glance

Flexibility is the cornerstone of BeyondTrust’s portfolio of customer support services. We provide different support programs so that every customer can access the combination of services to meet their specific business needs. Depending on the type of program selected, our support team availability ranges from normal business hours to 24 by 7 with incoming inquiries answered directly by the support team and either handled or escalated appropriately. We focus on addressing the needs of production environments and prioritize resources accordingly. Customers may open support tickets on-line via our customer portal. All support programs include software maintenance in the form of product updates and new releases.


36

Basic Support

Standard Support

Platinum Support

On-line General Knowledge Base Access

Documentation Download Access

Software Download Access

Automatic Maintenance Updates

Automatic New Product Releases

On-line Submission of Incident

Incident Support†

Electronic Ticket Tracking

8x5 E-Mail Support†

Initial response within 8 hours

Initial response within 4 hours

Initial response within 1 hour

8x5 Phone Support†

Initial response within 30 minutes

Personalized Welcome Letter

Direct Phone Access with Unique Company Code

24x7 Phone Support

Initial response within 30 minutes

Tier 3 resolution outside of business hours

Next day On Site Hardware Warranty Services††

† Business hours currently defined as 6am to 3pm Pacific Standard Time. †† Valid for up to three years from date of hardware shipment.


37

Training and Consulting Services

BeyondTrust and its authorized channel partners offer online product training, online training programs, and product deployment services to help you get the most from your security investment. Staffed by some of the best security consultants, systems engineers, and software developers in the world, BeyondTrust provides an extensive range of training and consulting services to help you maximize the potential of BeyondTrust products within your enterprise.

Product Training: BeyondTrust provides comprehensive training courses covering installation, configuration, and recommended usage of our products. In order to help you learn in the time and place that is most convenient for you we offer instructor-led training courses.

Instructor-led Training: Our instructor-led courses can be brought on-site to your location and can be customized to meet specific training needs.

Product Implementation and Deployment Services: BeyondTrust and its team of authorized resellers and consultants offer assistance with all stages of product deployment, including proper network design, product configuration, and enterprise-wide integration.

Vulnerability Management Process and Best Practices: Our consultants and partners are experts in vulnerability management best practices, helping organizations mitigate their vulnerability risk.


38

Our Commitment to You BeyondTrust is driven by customer success. Every department in the company knows that your success is our number-one goal. BeyondTrust customers consistently benefit financially and operationally from using our solutions and working with us to achieve their security and compliance goals. With BeyondTrust, you’ll get a best-of-breed solution that delivers several unique advantages:

Unified vulnerability and compliance management that dramatically reduces IT security risks and their potential costs

A centralized security management, analytics and reporting platform that provides advanced intelligence for gaining unmatched visibility into risk and compliance standing

100% discovery across local, remote, physical, virtual, mobile, and private-cloud systems to ensure comprehensive identification of vulnerabilities across all assets

Contextual data regarding the unique impact of exploits, attacks and malware in your environment to better prioritize risks

Vulnerability assessment for mobile devices and virtualized machines and applications for complete, Zero-Gap coverage

BeyondTrust is fully committed to {COMPANY NAME} and will bring to bear our best minds, tools and practices to ensure the success of this critical undertaking. BeyondTrust will leverage and share our field experiences from commercial customers, such as NBCUniversal, ESPN, GEICO, and Redbox, and U.S. Federal Government customers, such as U.S. Department of Defense, U.S. Department of Labor, U.S. Department of Transportation, NASA, and others.

Contact

BeyondTrust North America Tel: 800.234.9072 or 818.575.4000 [email protected]

Connect

Twitter: @beyondtrust Facebook.com/beyondtrust Linkedin.com/company/beyondtrust Learn more at http://www.beyondtrust.com

BeyondTrust EMEA Tel: + 44 (0) 8704 586224 [email protected]

mailto:[email protected]

https://twitter.com/BeyondTrust

https://www.facebook.com/BeyondTrust

http://www.linkedin.com/company/beyondtrust

http://www.beyondtrust.com/

mailto:[email protected]


39

Additional Content – Use if Relevant / Needed for Specific Responses

Delivering Value to Kejaksaan Agung RI

The ultimate value to Kejaksaaan Agung RI is reduced risk and streamlined vulnerability management through simplified deployment, ease of use, and prioritization of security and compliance risks. Plus, with compliance pressures and high-profile security breaches in the news, executive management needs access to vulnerability and compliance management reporting. Retina provides out-of-the-box reporting that translates complex data into key business statistics. With BeyondTrust you’ll get significant value that aligns with your outlined project objectives. And, given the strength and experience of the BeyondTrust Research Team, who continually improve the Retina Solution Suite, your team can rest assured that BeyondTrust’s solution will evolve to provide future protection against rapidly evolving security threats. Key benefits include:

Reduce organizational risk associated with network security breaches, data loss, intellectual property theft, and regulatory compliance issues

Pinpoint weaknesses and risk through complete 100% end-to-end network visibility, with support for all network devices, cloud deployments, virtual assets and mobility

Improve productivity with automated, exposure-based remediation prioritization to mitigate cyber risk

Maximize existing security investments with predictive threat modeling and metrics for in-depth assurance and situational awareness

Cut compliance costs with automated continuous audit and control monitoring of the entire network device infrastructure

Reduce Total Cost of Ownership (TCO) through automation, improved decision management, and operational efficiencies

Increase Return on Investment (ROI) over manual and disjointed discovery, remediation, and reporting activities

Tighten internal controls and drive security and compliance objectives

Provide deep insight into overall security and threat posture with detailed and executive level reporting

Protect investments in applications and assets

Measure and improve remediation activities


40

BeyondTrust Vulnerability Management Focus Areas

Vulnerability Management

Efficient and cost-effective vulnerability and compliance management is now critical to the long-term financial success of an organization. Companies continue to struggle to recover (financially and in public opinion) after a serious breach or compliance failure. The advantage of BeyondTrust is reduced risk and streamlined vulnerability management through simplified deployment, ease of use, and prioritization of security and compliance risks. Plus, with compliance pressures and high-profile security breaches in the news, executive management needs access to vulnerability and compliance management reporting. The Retina Vulnerability Management Suite provides out-of-the-box reporting that translates complex data into key business statistics. The Retina Vulnerability Management Suite also offers risk-scoring dashboards and reporting that support unique business requirements and make it easier for security technicians to fix the most critical weaknesses first. The solution also enables Zero-Gap coverage, providing an optional local scanning agent that scans roaming laptops and provides insight into assets typically not accessible to remote scanners – such as those located in the DMZ.

Management Visibility

Retina is the only solution that provides an integrated security intelligence engine for actionable security analytics and trending. With executive dashboards, trending and drilldown reports for managers, security officers, auditors, and operations teams, you get comprehensive visibility over the entire IT environment to better manage security and compliance. Run your business more efficiently with a comprehensive view of all systems on the network to find and fix IT security risks associated with regulation control objectives.

Proactive Threat Analytics

Retina with BeyondInsight provides organizations with an in-depth enterprise view so compliance teams can steer operational teams towards remediation efforts that will yield the highest rate of risk reduction during a normal remediation cycle. Operations teams can determine an acceptable number of vulnerabilities they can remediate during a cycle and the BeyondInsight Threat Analyzer can then recommend which vulnerabilities will yield the highest asset risk reduction.

Virtualization

Virtualized solutions continue to be deployed to reduce cost and gain strategic flexibility. However, virtualization can create significant security blind spots that must be managed to keep the enterprise protected. The proposed Retina solution can scan hypervisors (VMware, Microsoft, and XEN based), virtualized machines and virtualized applications. It is also important to ensure appropriate configurations are being managed in order to mitigate risks and attacks in both physical and virtual assets. To automate this process, BeyondTrust is the first vulnerability vendor to support ESX configuration assessment within its unified scan engine. The proposed Retina solution uses a built-in


41

OVAL certified SCAP engine to support industry or custom benchmarks for virtual servers, providing ongoing configuration assessment and analysis. Virtualization has its benefits, but it also creates critical security gaps and leaves many organizations exposed. This gap is created through the deployment of virtualized applications. To close this gap and provide 100% visibility of vulnerabilities, BeyondTrust has added the ability to scan applications virtualized with VMware’s ThinApp technology. The ThinApp scanning capability is now available in both Retina and BeyondInsight . BeyondTrust is also planning support for offline image and Microsoft App-V scanning in the near future.

Mobility

With over 80% of employees using personal smartphones for work-related purposes, there’s no question that mobile devices and smartphones are invading the workplace - along with the many security risks they bring along. Every day these devices access your network unchecked by standard vulnerability management processes, even as malware on phones and tablets continues to increase at rapid rates. Leaving mobile security out of your integrated security strategy opens your organization to security breaches, data loss, intellectual property theft, and regulatory compliance issues. BeyondTrust is the first and only vendor to integrate mobile device assessment and vulnerability management for complete visibility and context on all vulnerabilities – including those from mobile devices. Manage and assess mobile devices with the same vulnerability management processes you have for other critical assets.

Patch Deployment and Verification

Third-party client side exploits continue to be a favored attack vector especially in widely deployed tools like Adobe Reader and Internet browsers. Recent studies show that third-party programs are responsible for 69% of the vulnerabilities on a typical endpoint. The Retina Patch Management Module provides built-in application patching for Microsoft and non-Microsoft applications by extending the Microsoft WSUS engine many organizations already use today. Prioritize and deploy patches with integrated, automated, and agent-less patching. Quickly fix weaknesses using instant or scheduled patching, and see the big picture with end-to-end reporting on the entire patch management cycle.

Regulatory Compliance

Critical compliance regulations, such as PCI, HIPAA and Sarbanes-Oxley, also mandate specific security controls pertaining to vulnerability management. However, aligning internal security processes with regulations and providing meaningful reports to management and auditors are notoriously time-consuming and costly exercises. Unfortunately, there’s no way around the harsh reality that non-compliance results in penalties, lost business, and other indirect costs. The Retina Vulnerability Management Suite delivers a full list of compliance reports that map vulnerability and configuration audits to mandates including PCI, HIPAA, SOX, GLBA, NIST, FERC/NERC, MASS 201, ISO, COBiT, and ITIL. With Retina, BeyondTrust customers dramatically simplify enterprise compliance through centralized monitoring and reporting.


42

Configuration Benchmarking

While many organizations focus on implementing strong controls over systems and applications, they often fail to formalize, automate, or optimize the business processes that keep their environment secure. Ensuring that systems are configured according to policy is critical to reducing risk, improving security, and demonstrating compliance. This is often a challenge due to constantly changing networks and systems, combined with time-consuming monitoring and reporting requirements. The Retina Vulnerability Management Suite simplifies how you audit and report on common industry configuration guidelines and best practices. With built-in templates for Windows operating systems and applications from FDCC, NIST, Microsoft, and more, you’ll find it easier than ever to prioritize and manage risk, audit configurations against internal policies or external best practices, and centralize reporting for monitoring and regulatory purposes.

Endpoint Protection

Zero-day endpoint protection has never been more critical. Attacks against business networks occur every day, all in an attempt to gain unrestricted access to these systems. Regardless of an attacker’s intention, the exploit process, whether for intrusions or scams, follows a common script. PowerBroker EPP integrates multi-layered endpoint protection in a single, lightweight client to protect against known exploits, zero-day attacks, and all other attack vectors. PB EPP provides a complete endpoint protection platform with full-featured integrated threat management capabilities. Our award-winning endpoint protection solutions are available as standalone products or as a key component for our context-aware security solutions.

kejaksaan agung request for proposal · effectively bridging vulnerability and patch management...

Documents