Full/Whole Hard Disk Encryption Buying Guide and Selection Criteria

You are concerned with data security, data is your highest asset.You must protect it against theft. A stolen laptop from one of your top management staff could contain valuable data to industrial espionage.
So you are searching for Full Disk Encryption Solution .You know there a lot of vendors .You decided to compare which FDE solution is the best.I did this before and I know it's hard to tell.
I am not going to sell you a certain FDE product.The most important thing to know that any encryption solution will be vulnerable to cold boot attack and once your PC is unlocked your data is not protected any more.

Here is the selection criteria for full disk encryption solution,Thing to test in a proof of concept for FDE solutions.Good luck choosing the best FDE solution.

 Full hard disk encryption

Technical Specifications:

1.      Compatibility:

solution must be compatible with all OS in corporate environment.

2.      Security Features:

1.      Solution must provide full disk encryption /whole disk encryption with a proofed cryptography.

2.      Solution must provide a full key management lifecycle (key creation, deletion, recovery, use, and storage).

3.      Solution must provide different methods for key recovery (onsite, offsite and disaster recovery)

4.      Solution must provide controlled views of keying material and separation of duties.

5.      Solution must provide different method for authentication (passphrase, tokens…)

6.    Solution must be able to integrate with enterprise DLP solution to force encryption for removable media.

7.      Solution must have a reporting capability and ability to generate custom reports.

8.      Solution must be able to integrate with enterprise directories (MS Active Directory..).

9.      Solution must be able to integrate with different SIEM vendors.

10.  Solution agent must not affect endpoint performance.

11.  Solution must have background encryption processing capability.

12.  Solution must have a built-in mechanism for fault tolerance.

13.  Solution must support and continue encryption process after suspend and hibernation states.

14.  Solution must comply with FIPS 140-2.

Intrusion Prevention System Selection Criteria,Evaluation & Buying Guide

Intrusion prevention System

is critical component on each data-center to have a proactive security and to block advanced persistent attacks.Selecting the right Intrusion Prevention System (IPS) that work best to achieve the defense in depth security architecture is a hard process. You need to evaluate each IPS in the market .I advise you to have a poof of concept to test in depth each IPS to test each feature. It's not a look and feel POC.

Here I will discuss points about the initial features that must be out of the box in each IPS solution.The criteria here is general not like the buying guide that describe a certain product to direct you to buy it.Please if you want to add or discuss some of the points in my selection criteria for IPS ,you're more than welcome.

Intrusion prevention system initial features: 

• IPS must protect business-critical assets such as networks, servers, endpoints and applications from malicious threats.
• IPS must provide a “big picture” context of information about the network and its devices to qualify security information.
•  Provide immediate comprehensive protection for all types of network attacks (known vulnerabilities and attacks, Day Zero, and advanced Denial of Service attacks...).
• IPS detection engine must use multiple technologies, including signature matching and protocol anomaly and behavior anomaly detection.
• IPS throughput at least 10 GBPS.
• IPS must be able to monitor multiple different inline segments.
• IPS must be able to enforce granular policies per segment, Per VLAN, Per IP address/range and Per Port.
• IPS must support VLAN mapping.
• IPS must support Stateful failover.IPS must support both failure scenarios (fail open and fail close).
• IPS must be accurately able to track all network communications, interpret the intent of each individual communication, and then make an instant security decision, based on accurate evidence of an attempted attack perpetration
• 
  
• Works with multi-vendor enterprise edge switching products.
• IPS must have the ability to be configured for specific protection needs so users can choose the configuration that best meets business security demands
• Information provided to analyst when an alert is raised via IPS must be clearly identifying the reason causing the event to be raised. The alert should also identify the source of the alert and the target system and also further information (whois or DNS lookup on an IP address).Alert should also provide links to vulnerability databases.
• IPS vendor must provide a signature database continuously updated with high quality signatures.
• IPS must have the ability to write a custom signature.
• IPS must be able to work with snort open IPS signatures
• IPS must be able to use third party vulnerabilities reference (CVE,  Bugtrag ID...)
• IPS must be able to query common resources of information, such as LDAP and Active Directory.
• IPS must support inspection and reporting for IPv6 networks.
• IPS devices must be easy to install, remain transparent to normal network traffic.
• IPS must process traffic quickly, make security decisions instantly.
• IPS must be able to search for specific events in real time and in historical events.
• IPS must provide an easy way to generate custom reports.
• IPS must have built in reports related to the collected events. 

 Best wishes in choosing the best IPS that suits your needs.

Vulnerability Assessment Products Evaluation & Selection Criteria

Vulnerability Assessment 

is very critical nowadays,each organization care about assessing overall security posture in order to asses risks correctly.

It's not a simple process it is a complete life cycle of vulnerability management.To do a appropriate vulnerability assessment you need the correct solution.During my career I evaluated certain products not all the products existing in market .I came to this short list in order to select the right solution from my point of view.
I would like to share these criteria to select Vulnerability Scanner to mange this for you enterprise you can consider it as a simple buying guide.Please share your comments or additions if you want to add any to these criteria.

Vulnerability Assessment Selection Criteria 

·         Asset Management

§  Discover and identify all assets, hosts, operation systems and open services across the network.

§  Real time asset detection.

§  Continuous asset monitoring.

§  Asset prioritization and classification based on (location, business role, value, compliance…).

·         Vulnerability data

§  Support a variety of platforms, applications, and infrastructure devices.

§  Ability to aggregate data from multiple sources (other vulnerability scanners).

§  Address different vulnerabilities , classify misconfiguration and missing patches.

§  Centralized repository for all assets and vulnerabilities .

§  Ability to use third party vulnerabilities reference (CVE,..)

§  Ability to prioritize vulnerabilities on different factors (CVSS, Exploitability, ease of fixing, popularity, type…)

§  Identify vulnerabilities on regular automated schedule.

§  Vulnerability research team and vulnerability updates (reliability ,frequency).

·         Remediation

§  Prioritize and fix vulnerabilities.

§  System grouping to manage remediation.

§  Include a patch management or integrate with third party.

§  Automated patching which includes patch testing.

§  Tracking and verification of remediation .

·         Other

§  Generate full customizable ,detailed reports.

§  Ability to manage the full life cycle of vulnerability management.

§  Product ease of use, performance.

§  Product support and documentation.

§  Required appliances (ability to run in virtualized environment).

§  Does it require any agents ?

§  Ability to integrate with other systems .

§  Product certifications and independent product testing reports.