© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Deployment Investigation

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the use of Application Deployment Investigation Describe how to configure group settings for analysis Describe how to configure product associations Describe how to configure unknown applications Describe how to configure data management

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Application Deployment Investigation Advantages: Identify the applications running on hosts and determine their usage patterns. Identify the installed applications that mostly remain unused. Identify the applications that are accessing critical network resources. Use the collected data to generate and deploy effective policies for unprotected applications.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Group Settings Group 1 Application Deployment InvestigationDisabled Application Deployment InvestigationEnabled on the Host Group 2 Application Deployment InvestigationDisabled Group 3 Application Deployment InvestigationEnabled

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Group Settings

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Product Associations Application Class Microsoft Office Applications excel.exe powerpnt.exe winword.exe outlook.exe Association Microsoft Office 2000 Standard ( ) Product

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Product Associations

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Product Associations (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Creating a Product Association

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Unknown Applications Norton Antivirus 2000 Professional Edition Antivirus application 3 Antivirus Applications Antivirus application 1 Antivirus application 2 Antivirus application 3 Product Application Class Unknown Application

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Unknown Applications

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Unknown Applications (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Data Management Desktops Group Web Servers Group Mail Servers Group Process Data Network Data Antivirus Data Archive and Purge Application Deployment Data

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Data Management

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Application Deployment Investigation enables you to analyze and collect data regarding various network resource parameters. By default, Application Deployment Investigation is disabled for all Windows groups. You need to enable it. Application Deployment Investigation occurs on a host even if the process is enabled on only one of the groups the host belongs to. You must associate software products with the comprising applications to include those products as part of the report criteria. The applications that are not associated with any software product feature in the list of unknown applications. Data Management enables you to organize the large amount of data collected during Application Deployment Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v