Stonewall's Cornerstone Policy Server Software

Technology
Benefits
Features & Specifications
Requirements & Configurations

Technology

Centralized Network Security Policy Management. Cornerstone brings comprehensive security management to multi-vendor networks. The Cornerstone Security Policy Manager provides centralized, consistent, and reliable application of security policies to all managed security devices. Application of policy is done safely and effectively without the need for manual interaction with individual network devices.

Additionally, Cornerstone enables network-wide policy enforcement, not just device-level enforcement, making total security a reality. Without Cornerstone each network security device operates autonomously, leaving holes and vulnerabilities that open your network to sophisticated attacks. With Cornerstone you have a whole new way of managing security policies in your network, ensuring accurate security policy implementation while reducing training, cost, and time-to-market.

Easy to Deploy, Configure and Manage your Security Policies. Today's networks are large, dynamic and complex. Attempting to manage the security policies without a policy manager is time consuming, costly, and ultimately error prone. Additionally, using traditional representations of security policy does not provide the graphical topology view security professionals are demanding. Cornerstone policies are shown as part of a graphical topological view of the network. You no longer have to close your eyes and try to visualize policies using a collection of complex rules. You can also use the same graphical interface to create new policies and rules. As an example you can create complicated full mesh VPN tunnels with just a few mouse clicks.

Cornerstone also makes it easy to set up policy management for your network. With auto-discovery of managed security devices;automated awareness and construction of network topology; and automatic analysis of existing policies, Policy Management and provisioning becomes as easy as point, click,done!

Innovative Technology. The heart of Cornerstone's extensibility is the innovative use of XML. No other policy manager available today fully leverages the dynamic and extensible nature of XML for both inventory and data transformations. Instead they are trapped in a mindset of rigid object-oriented representations of data such as the DMTF (Distributed Management Task Force) and the CIM (Common information Model). The Cornerstone Security Policy Management platform contains an XML database and XSLT data transformation and SAX like tag oriented processing that has revolutionized how multi-vendor policy management is performed. By applying XML in such innovative ways Cornerstone has significantly reduced the complexity of policy management and provides a truly agile core. As a result, adding support for new managed security devices or security applications can be achieved in weeks rather than months.

Current: By providing a measure of policy aging you are alerted to potentially out of date policies that may otherwise get overlooked. Cornerstone alerts you to old policies lurking in the network that may be out of line with Best Practices as part of Cornerstone's Policy Health Monitor.

Correct : Keep an eye on changes, spot unauthorized policy deviations, and provide remediation on the spot with Cornerstone's Real Time Continuous Policy Auditing (rtCPA).

Compliant: Have peace of mind knowing that regulatory concerns are being overseen by Cornerstone, and be able to easily generate compliance reports for auditors. Cornerstone's TotalReport provides the insight into your network's security policies.

Change: Track changes over time with policy versioning. This provides an ability to revert to known good network policies or these snapshots of policy can be used to support forensic activities.

Superior Scale. From just a handful of managed security devices to thousands, Cornerstone is ready. With Stonewall Networks TrueScale technology, the Cornerstone Security Policy Manager is primed to work in any environment. Start small or start large; Cornerstone gives customers affordable options that match their Policy Management needs.

Don't pay for the big box to manage small deployments. Start with a single affordable Policy Management appliance and get the core functionality of Cornerstone in a small package. Then, as your network grows, you can easily expand the Cornerstone platform by employing additional Device Management and Policy servers. And with the High Availability and Redundancy options you can have peace of mind knowing that Cornerstone is always working for you.

From the smallest to very largest networks, let Cornerstone show you what our TrueScale, technology can do to reduce the time and effort needed for effective policy management. Each Cornerstone Security Policy Manager contains three primary components that are independently deployable in the network to maximize scalability:

1. Policy Server: The heart of the Cornerstone Policy Manager. This component has the ability to run independently on its own server and support up to 20 Device Managers. This component can be run in a redundant mode on a secondary server to provide High Availability functionality.

2. Client: A thin client that can reside on any user workstation, allowing users to connect to the system from virtually anywhere.

3. Device Manager : The component that handles all the interaction(s) with the managed security devices in your network.Each Device Manager can support up to 100 managed security devices.

Back to Top

Benefits

The immediate benefit you derive from using Cornerstone is the ability to view and manage all the security policies in your multi-vendor networks from a single console.

» Lower Cost / Higher ROI
» Effective Utilization of Security Resources
» Centralized Security Control
» Uniform Regulation Compliance
» Real-Time New IT Security Procedures

Cornerstone provides a visual representation of the whole network topology, there by allowing you the freedom to concentrate on managing security policies, instead of trying to remember the existing topology and then set up the required security features.

Cornerstone lowers the operational cost of managing security policies across your network. By providing a single point for policy management you will no longer have to train employees on a multitude of systems. With Cornerstone you now have a single transformation of business security policies into network security policies, thereby reducing the chance of error and the cost of finding and fixing those errors.

Addressing security threats is a key Cornerstone benefit. Given the ever-increasing number and variations of network attacks, security administrators have to act quickly to update and deploy security policies. By providing a centralized security console, Cornerstone provides security administrators the ability to change and update the network security policies with a speed and flexibility that was previously not possible.

The Cornerstone platform provides a complete security management solution - by seamlessly integrating Policy Management and Threat Management functions within a single console. The asset and policy information provided by the Policy Management system can be used to reduce the amount of false positives, improve prioritizations, and generate more accurate responses. On the other hand, information on events and attacks can help identify new vulnerabilities and thus enabling the tightening of security policies.
Back to Top

Features & Specifications

The Cornerstone product consists of the following parts:

                                                                                                * Supported  + Unique

 Supported Devices

  Access Control

• Cisco IOS Routers
• Cisco Catalyst switches w/ MSFC cards
• IP-Filter / IP-Chains
• IP-Firewall (BSD and Linux)

  Firewall

• Checkpoint VPN-1 NG
• CipherOptics Security Gateway
• Cisco IOS Firewall
• Cisco Firewall Service Module (FWSM)
• Cisco PIX Firewalls
• Juniper Netscreen Firewalls

  VPN

• Checkpoint VPN-1 NG
• CipherOptics Security Gateway
• Cisco IOS Firewall
• Cisco PIX Firewalls
• Cisco VPN 3000 series concentrators
• Cisco VPN Service Module (VPNSM)
• Juniper Netscreen Firewalls

  Intrusion

• Intrusion Detection Systems (IDS)
• Intrusion Prevention Systems (IPS)

  Behavior Analytics  

• Security Event Managers (SEM)
• Security Incident Managers (SIM)
• Vulnerability Scanners

Back to Top

System Requirements & Appliance Configurations

Cornerstone has been designed with deference to a number of security policy management issues in today's networks. Key concerns to all Security Management Platforms are speed, scale, and performance. With this in mind Cornerstone has been designed with a three-tier implementation that may reside on a single server. Alternatively, each tier may occupy independent servers to take advantage of the Cornerstone TrueScaleTM technology. This allows the majority of network intensive device policy traffic to be distributed to the Cornerstone Device Manager, which is deployed as close to the managed devices as possible. The Cornerstone Policy Manager then brings you the speed and power of a centralized system. While the Cornerstone Management Console may either reside on the Policy Manager or on a remote client providing access to the Policy Manager server to process device or network wide policy changes.

Back to Top