northstar product review€¦ · developed by conventus, a security software and professional...

NORTHSTAR PRODUCT REVIEW

January 2017

Prepared by The 2112 Group for Conventus

http://www.the2112group.com

http://www.conventus-sei.com/

The information contained in this publication has been obtained from sources and methodologies of The 2112 Strategy Group, LLC, and is considered to be reliable but not warrantied. This publication may contain the opinions of The 2112 Strategy Group, which are subject to change from time to time. This publication is copyrighted by The 2112 Strategy Group, LLC. Any infraction of the limited terms of reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The 2112 Strategy Group, LLC, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Any questions should be directed to The 2112 Strategy Group at (347) 770-2112 or [email protected].

© 2017 The 2112 Strategy Group, LLC.

FINAL ANALYSIS

SECURITY SITUATION REPORT 2

NORTHSTAR OVERVIEW 3

TECHNICAL FEATURES 5

IMPLEMENTATION & TRAINING 7

COMPETITIVE POSITIONING 8

BENEFITS & SHORTCOMINGS 10

12USE CASES

CONTENTS

15

ABOUT THE 2112 GROUP 16

1Conventus NorthStar Review | January 2017

mailto:info%40the2112group.com?subject=


http://www.conventus.com/

SECURITY SITUATION

SECURITY THREATS ARE PERVASIVE AND PRODIGIOUS.REPORT

The adage of “you can only manage what you can measure” is particularly true in security. Quantifying the number of dark or unknown devices in an IT

environment is extraordinarily difficult. By some estimates, the number of unknown or unmanaged devices is one-third higher than the number of known and managed devices. Complicating the asset management challenge is misplaced devices, such as devices moving to new locations that affect their security posture.

Once assets are known, security management becomes the paramount concern. Businesses are struggling to keep up with both known and unknown vulnerabilities. Only through transparency of the operating environment and infrastructure, in which assets are inventoried and their security status is known, will businesses be more effective in mitigating risk exposure.

You can only manage what you can measure, which is why tools such as Conventus’ NorthStar are of vital importance. A tool that identifies all devices in an IT environment and catalogs their security status, NorthStar provides enterprise security managers and teams with the information they need to understand risk exposure, reduce vulnerabilities, and maintain an effective security posture.

In 2015, security researchers discovered more than 30 million unique new malware samples. And tens of millions of data records and user accounts are compromised annually. No business is immune, as hacks affect enterprises ranging from Yahoo (500 million compromised accounts, 2016) to eBay (145 million) to Anthem (80 million) to the U.S. government (100 million, cumulative in the last several years).

The causes of most security breaches are unpatched vulnerabilities, poor system configurations, and unauthorized access. According to the Verizon 2016 Data Breach Investigations Report,1 90 percent of all Internet-based attacks target known vulnerabilities that date back to 2002. In other words, most attack targets are not surprises.

The challenge facing businesses today isn’t a lack of awareness about security threats and vulnerabilities. Businesses are awash in threat intelligence and remediation guidance as nearly every major security vendor offers a security intelligence service. The problem isn’t a lack of awareness about software patches, as vendors widely publicize patch releases and workarounds (if a patch isn’t available). And the problem isn’t a lack of security technology, as there are plenty of security hardware and software solutions available.

The real challenge is maintaining a current and accurate inventory of assets and risk exposures.

1 Verizon, 2016 Data Breach Investigations Report, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/.

Security software vendors are tracking as many as 85,000 new malware threats emerging daily. Cybercriminals are now using more than 50 different forms of ransomware to target and extort money from unsuspecting individuals and businesses.




http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

NORTHSTAROVERVIEWDeveloped by Conventus, a security software and professional services company, NorthStar is a comprehensive asset discovery and risk management application.Through NorthStar, enterprises can see what devices are in their IT environments, their current security posture and vulnerability exposure, and qualified risk of known threats. A tool for understanding risk exposure and managing mitigations to safeguard against a breach, NorthStar doesn’t detect or prevent security incidents. NorthStar puts asset management and security posture information under a single pane of glass by pulling metadata from security and non-security management systems, aggregating information, and normalizing asset and security data into a readable, actionable format. This formatting is through SOLVE, Conventus’ interactive and flexible visualization tool, which will be discussed in more detail below.

COREFUNCTIONS

NorthStar serves three core functions in securing enterprise infrastructure and connected assets.

Asset InventoryNorthStar identifies all devices connected in the IT environment, including their MAC addresses, operating systems, and physical locations.

Identity TrackingNorthStar consolidates identities and privileges, including operating system roles, database grants, and facility badge privileges.

Exposure TrackingNorthStar collects and aggregates security vulnerability, patching, and configuration data from multiple security management sources, giving administrators the ability to identify vulnerable devices and applications.

Risk CalculationThrough asset discovery and vulnerability management, NorthStar provides administrators with the ability to calculate their risk profile. Through this calculation, administrators can measure the effectiveness of their security policies, change security posture, and prioritize remediation efforts.




HOW NORTHSTARWORKS

NorthStar pulls relevant security and network information from management systems rather than scanning networks or tapping net flows to analyze traffic. Given that all devices connecting in an IT environment will also utilize certain security and management resources, the aggregated data provides NorthStar with ample material for mapping devices and understanding their security posture.

Information is collected from multiple sources, including antivirus management systems, patch management tools, Configuration Management Databases (CMBDs) and Active Directory, and other network agents. NorthStar aggregates and scores asset data to create “superlists” for asset inventory, application, and risks. By mining these multiple sources, NorthStar creates a mosaic visualization of an IT environment’s composition and risk exposure.

The “ground-up” approach to information gathering and analysis enables NorthStar to produce detailed IT environment inventories and vulnerability exposure calculations. With this information, NorthStar users can develop their own risk profiling calculations, prioritize remediation tasks, and track security program effectiveness.

Above all, NorthStar provides in-depth and detailed visibility in one platform. Plenty of asset discovery products, vulnerability scanners, and patch management tools exist, but few can track and visualize all of this security information in one dashboard the way NorthStar does.




The core of NorthStar’s value is its ability to produce reliable and actionable security intelligence through an interactive and configurable dashboard.

FEATURESTECHNICAL

A failure of many security asset and intelligence tools is a lack of information or poor quality of the data they use. NorthStar overcomes security information black holes by sourcing information from multiple sources to produce what Conventus calls “superlists.”

NorthStar aggregates data from multiple sources to ensure that administrators get a complete picture of their asset inventory and security posture. The NorthStar Superlist methodology means the platform is pulling all the available information from multiple management systems. It then creates a data mosaic to fill in the blanks. For instance, if one data source doesn’t have the host’s operating system information, NorthStar will complete that information with data from another source.

A significant benefit NorthStar gives enterprises is assurance of accuracy. Security data isn’t just aggregated, but scored. NorthStar folds in data from different sources and scores the quality of the gathered information. This ensures users are presented the best of the best intelligence in the interactive dashboard.

In the event the same or conflicting data exists from different sources, NorthStar will adjudicate the information and normalize the results. Typically, this means NorthStar will place greater confidence in more recent data than older data. If conflicting data is current, NorthStar will place greater confidence in data matches in multiple sources and discount the dissenting source.

NorthStar displays IT asset inventory and status in a single dashboard. The dynamic information display allows administrators to see their assets by location and status quickly. Administrators can drill down and examine assets by vulnerabilities, locations, users, and other user-defined attributes.




Through superlists, NorthStar creates extensible reports on asset management, security, and blind spots. The aggregated reports show all known and unknown devices in the IT environment, providing administrators with deep visibility into the totality of their infrastructure. Asset management is the first step in understanding security risk exposure.

The user-configurable NorthStar dashboard provides at-a-glance visualization of the totality of network assets and their security posture. From there, NorthStar shows administrators managed and unmanaged (rogue) devices, as well as their configurations, vulnerabilities, and patch status. Through this dashboard, administrators can measure security effectiveness, plan remediation activities, and report on internal policy and governmental regulatory compliance.

NorthStar identifies and associates devices with their location and user privileges. Administrators can flag devices that aren’t in their proper location. And administrators can flag and review devices that have suspicious or unauthorized user privileges. This feature is particularly useful for enforcing and demonstrating compliance with such regulations as the Health Insurance Portability and Accountability Act (HIPAA).

With tracking features, NorthStar administrators can flag suspicious devices – particularly rogue devices – for further watching or exclusion from the IT environment.




A true asset of NorthStar is SOLVE, its underlying security visualization engine. SOLVE, which stands for “Simple OnLine Visualization Engine,” enables NorthStar and its administrators to gather and visualize security data from multiple sources easily. Aggregation and visualization enhance security, eliminating the need to give multiple people access to different security management platforms. SOLVE is role-based, meaning that different administrators can have different views of security data.

SOLVE, available as a stand-alone product, provides a benefit independent of NorthStar in its ability to normalize and visualize complex data. Some Conventus customers are using NorthStar and SOLVE exclusively for data visualization to augment or substitute insufficient or absent reporting dashboards in other security products.

A true benefit of NorthStar is its agentless architecture. All security comes with a performance tax, as inspection of traffic and applications introduces latency, particularly for in-line inspection. NorthStar avoids taxing network performance by aggregating data from management sources. NorthStar can draw information from several asset management, security management, and security monitoring tools, including those from top vendors in the market, as well as home-grown products.

From a feature/function perspective, NorthStar is as simple as it is comprehensive. It provides a complete view of known and unknown network-attached assets, security status, and vulnerabilities. And, most significant, NorthStar provides the foundational information for measuring risk exposure and improving security posture.

The best way to describe NorthStar’s implementation is “evolutionary.”

& TRAININGIMPLEMENTATION

NorthStar is an intuitive application that’s somewhat easily deployed and integrated with an organization’s existing network and security infrastructure. Nevertheless, the process of making NorthStar operational isn’t necessarily immediate. NorthStar will produce actionable results relatively quickly after deployment, in many cases within two weeks. However, the system requires tuning, through which results will become better over a period of months.

Adopting organizations should implement NorthStar with the support of Conventus, which is adeptly able to identify and assess security data sources. Conventus’ expert staff can quickly




POSITIONINGCOMPETITIVENorthStar isn’t unique in the market, in that many products provide security monitoring, vulnerability assessments, security information management, and risk management and exposure reporting. While the technology exists, no one system provides what NorthStar does – a consolidated package of security data aggregation, reporting, and tracking.

Conventus built NorthStar to address a common set of challenges among its security clients – namely, taking inventory of assets, tracking network-connected devices, and determining the security status of those devices when it comes to vulnerabilities and configurations. The best way to illustrate where NorthStar sits among competing and similar products is to define what NorthStar is and isn’t respective to common security technologies.

NorthStar is a security visualization system. It collects, catalogs, and reports IT asset and security data. This information is useful for understanding what devices are in the IT environment, where those devices reside, their configuration status, and what vulnerabilities they have. The reporting

integrate NorthStar into the network fabric. Within days, security data and intelligence start pouring into the application and providing actionable reports.

Conventus provides users with detailed instructional materials. Users report that the accompanying NorthStar documentation provides the right amount of guidance for using and configuring the NorthStar platform for immediate use and custom reporting. However, users also report they rely on Conventus for expert support and customization services.

Operationalizing NorthStar could take several weeks to several months, depending on the goals and the size of the adopting organization. NorthStar is as dynamic as the infrastructures it monitors, so ongoing training and tuning are required. In some respects, NorthStar is never fully complete, as it must constantly adapt to the changing nature of the network and security environment. That’s not a negative, though, as NorthStar is about measuring change.

Adopting organizations are wise to consult with Conventus to understand the initial implementation and training needs, as well as ongoing support and guidance required to reap the full benefit of NorthStar.




is then useful for establishing risk mitigation and vulnerability remediation priorities, as well as measuring security effectiveness and demonstrating regulatory compliance.

The following table provides a comparative look at related security technologies. In many cases, NorthStar may resemble these technologies or share some of their features and functions.

Security Information & Event Management (SIEM)

Configuration Management Database (CMDB)

Vulnerability Scanner

Governance, Risk Management & Compliance (GRC) System

SIEM systems aggregate security alert data from multiple sources, ranging from security sensors to intrusion detection systems to firewalls. SIEM promotes the most important alerts for immediate, near real-time attention. SIEM shows what’s happening now in the IT environment.

CMDB products are centralized repositories of asset information for devices connected to IT environments. The stored information is about not only the devices and their MAC addresses, but also their configurations – including applications and operating systems. They’re heavily reliant on human input and management.

Vulnerability scanners review applications and devices for configuration errors and missing patches that could open an opportunity for data compromise and breaches.

GRC systems provide a mechanism for auditing infrastructure and resources for compliance with government and industry regulations, such as HIPAA and Sarbanes-Oxley (SOX). They’re also an effective tool for risk management and reporting.

SECURITY HOW IT DIFFERS TECHNOLOGY FROM NORTHSTAR

NorthStar aggregates data from different security management consoles, but it’s not an alerting mechanism. NorthStar provides asset and vulnerability management intelligence. This information helps prevent security breaches, but not in real time. NorthStar shows the state of the IT environment.

CMDB products are useful tools, but they’re often incomplete and fall out of date quickly. NorthStar provides near real-time information on the known and unknown devices attached to an IT environment, as well as their configuration and vulnerability status. NorthStar provides more robust and actionable reporting than CMDBs.

NorthStar isn’t a vulnerability scanner. It collects information on devices’ configurations and patch status, providing a snapshot of their current state. NorthStar often augments the results of vulnerability scanners, identifying issues that scanners may have missed.

NorthStar isn’t a GRC system, but it can provide useful information that makes GRC more effective. Through NorthStar, network administrators know what assets are in their IT environment and what needs inclusion in GRC reporting.

WHAT IT DOES




NorthStar is uniquely positioned in the security technology market as a holistic system that provides asset detection and inventory capabilities, configuration and vulnerability status reporting, and intelligence for measuring risk management effectiveness. No other security technology provides the same portfolio of features and functionality as NorthStar.

Effective security still requires a combination of technology components to monitor, manage, and measure threat exposure and risk management effectiveness. Further, administrators need to know the configuration and patch status of devices and the privileges granted to users of those devices. NorthStar is a valuable component of the security management paradigm. Through NorthStar, security administrators gain greater insights into their infrastructure composition and security posture.

Does NorthStar stand alone or replace any of these listed technologies? No.

One of the more vexing challenges in security is visibility.

BENEFITS& SHORTCOMINGS

Securing an organization from unauthorized intrusion or internal misuse requires knowing the composition of the infrastructure. Even with numerous asset tracking technologies and scanners, knowing the true number and location of attached devices is often challenging.

And it’s not enough to know what’s in the IT environment; you need to know the state of devices too. Device state includes the operating system running and loaded applications. Further, administrators need to know the configuration and patch status of devices. Given that malware and hacker attacks target known vulnerabilities, the imperative is ensuring that all systems are current with the latest patches to minimize the potential for security breaches.

Through deep and accurate visualization of attached devices and their configurations, NorthStar provides a clear window into the totality of an organization’s security posture. Through the NorthStar reporting dashboard, security administrators can see known and rogue devices, understand and catalog patch levels and remediation priorities, and measure security effectiveness.




Placing all of this security information under the proverbial single pane of glass means security managers can do the following:

Through greater and more effective visualization, enterprises using NorthStar will gain tremendous value and cost savings by knowing what’s in their IT environment, where security needs improvement, and how to more efficiently assign security resources. Additionally, enterprises will have a more accurate understanding of their security posture for budget and resource planning. All of this adds up to direct and indirect cost savings.

While NorthStar covers 17 of the 20 CIS security information practice areas, it’s not a native risk management platform. NorthStar provides administrators with all the data and information they need to measure and score risk exposure, but it doesn’t provide guidance on how to measure risk or templates for natively understanding risk. For some organizations, this may pose a problem, as understanding and measuring risk exposure is often as vexing as the visibility problem.

NorthStar provides tremendous insights into IT environment composition and security posture, but it doesn’t have a remediation management system. NorthStar lacks the ability to prioritize and assign security tasks to administrators. In theory, NorthStar’s API gives it the ability to integrate with patch management and project management systems. Nevertheless, the ability to prioritize and create work assignments would improve NorthStar’s overall value.

See the totality of their infrastructure and asset inventory

Understand patching levels and vulnerability exposure

Note the location of and access to IT assets, gaining better control over sensitive and mission-critical resources

Identify and prioritize security problems for remediation tasking

Gather information for security reporting and risk management




CASESUSE

NorthStar is a comprehensive asset management and security posture visualization tool. While NorthStar has powerful features that aggregate infrastructure and security data under a single pane of glass, it does have multiple uses. This section will recount three real-world use cases of NorthStar and the value proposition that can extend to other enterprises.

FINANCIAL INSTITUTIONAsset Discovery & Vulnerability Management

A large financial institution was struggling to understand the full extent of its network infrastructure and attached assets, complicating security management. Exacerbating the challenge was the merger with two other banks, which further expanded the size of the total infrastructure. The lack of insights into the extended infrastructure opened the potential for more security vulnerabilities and breaches.

With assistance from Conventus, the financial institution deployed NorthStar enterprise-wide for asset discovery, patch management and vulnerability status, and discovery of privileged access to different devices and resources.

The financial institution not only can identify the number and types of assets in its IT environment but also can track the location of different devices. Through the vulnerability assessments provided by NorthStar, administrators can better track devices and apply security policies to ensure compliance. NorthStar is so effective at generating security status data that the adopting team is sharing the intelligence with other groups for their own risk compliance reporting.

High. In the words of the security manager, “NorthStar helps us sleep better at night.”

The financial institution’s use of NorthStar is emblematic of a full implementation. Its use of NorthStar is providing the deep visibility needed for asset management and security posture to mitigate the potential for unauthorized intrusions and maintain regulatory compliance.

PROBLEM/CHALLENGE

SOLUTION

OUTCOME

VALUE LEVEL

APPLICABILITY




OUTSOURCING FIRMCompliance

A large provider of business process outsourcing (BPO) with a large call center operation needed PCI compliance certification. It was using Symantec DCS, which didn’t provide granular enough visibility or reporting. The BPO provider needed a system that was more efficient at gathering and recording assets and security status than trying to track 50,000 endpoints on a spreadsheet.

NorthStar not only provided asset tracking, but also noted and logged changes in endpoint state. Every time a configuration setting changed, NorthStar would capture and report that status to administrators. Through the data aggregation capabilities, the BPO company could more easily see the status and changes to assets across its large distributed infrastructure.

Through the automated data collection and reporting, the outsourcing firm could attain and maintain PCI compliance, keeping it in good standing with its clients.

High. The BPO provider saved countless hours in tracking assets and manually changing reporting in configurations and security policy compliance.

The outsourcing firm demonstrates how NorthStar is more than just an asset tracking and security policy tracking tool; it’s an instrumental component of governance and regulatory compliance.

PROBLEM/CHALLENGE

SOLUTION

OUTCOME

VALUE LEVEL

APPLICABILITY




INTERNATIONAL PHARMACEUTICAL FIRMBlacklisting

An international pharmaceutical firm was struggling to identify the applications running on its fleet of Windows Server 2003 machines. Administrators needed an efficient and effective means of identifying applications running in the IT environment and associating them with the corresponding servers. If they could do that, administrators could implement blacklists to block unwanted and potentially insecure applications.

NorthStar’s SOLVE module, running in conjunction with Symantec DCS, mapped the server and application infrastructure, providing administrators with continuously updated information for making application blacklisting decisions and policy changes.

The pharmaceutical firm achieved its compliance goals and can show a measurable return on investment as SOLVE provided the information and insights needed to make quicker work of application discovery and security policy enforcement.

High. Security administrators say SOLVE reduced the workload and process from potentially days to hours.

The use of SOLVE as an application and asset discovery tool is simple, yet effective. The pharmaceutical firm’s use case applies to virtually any organization with a sizable infrastructure.

PROBLEM/CHALLENGE

SOLUTION

OUTCOME

VALUE LEVEL APPLICABILITY




Technology is in a constant state of change. Despite advances in mobility, Internet of Things, and cloud computing, the constant need of enterprises is secure networks with high availability and quality of service. Without security, business operations are open to disruption and compromise. Ensuring security requires knowing what devices are attached to a network and their security status.

ANALYSISFINAL

NorthStar solves a problem facing every enterprise: knowing what devices are on a network and their security status. 2112’s review concludes that NorthStar effectively provides enterprises with the network and security visibility they need for proper security administration and risk management. Further, NorthStar generates the data-driven intelligence for enterprises to accurately measure their risk exposure and track mitigation effectiveness.

Understanding of security state is the ultimate value delivered by Conventus’ NorthStar. Through the NorthStar platform, security managers and administrators have a single-look view of the totality of their infrastructure and security posture. With this information, they can make rational decisions that improve their security standing, improve their infrastructure performance, and enable the business to operate more effectively. The final point, operational effectiveness, is the ROI, as that NorthStar benefit translates into cost savings in IT operations and security remediation.

NorthStar isn’t free of flaws; nor is it a comprehensive solution. As noted in the report, NorthStar isn’t a mitigation platform, and it lacks risk measurement tools. While it’s a tremendous mechanism for aggregating and refining existing security data into actionable intelligence, NorthStar’s output is only as good as the information it collects.

All said, NorthStar is a powerful tool for understanding IT environment composition and security posture. Enterprises

adopting NorthStar will find true

value in the insights and intelligence

it provides on risk exposure. And with

more sales and marketing behind

it, NorthStar could become a market leader in security visibility and risk management.




The 2112 Group is a business strategy firm focused on improving the performance of technology companies’ direct and indirect channels through our portfolio of market-leading products and services. We leverage proprietary intelligence with qualitative research, market analysis, tools, and enablement programs. Our industry experts approach each engagement by applying innovative solutions customized to meet the needs of our clients. By looking at the technology market from the viewpoint of vendors, partners, and end users, 2112 is uniquely positioned to develop go-to-market strategies that are beneficial to all parties from both a channel and enterprise perspective.

Contact 2112 at [email protected] or visit our Website at www.the2112group.com.

ABOUTTHE 2112 GROUP





Phone: 347.770.2112E-mail: [email protected] : www.the2112group.com

NORTHSTAR PRODUCT REVIEWJanuary 2017




northstar product review€¦ · developed by conventus, a security software and professional...

Documents