 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>SheriffCSMDeployments>SheriffCSMDeploymentTypes (08 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSM™
For more details, see the Sheriff CSM data sheet.
Previous Next Sheriff CSM™
Sheriff CSM Deployment Types
This section introduces the various Sheriff CSM components and explains the different deployment types.Sheriff CSM Components
All Sheriff CSM products include these three core components available as hardware or virtual machines. Sheriff CSM All-in-One combines the Server and Sensor (Deputy) components onto a single system.Sheriff CSM Sensor
The Sheriff CSM Sensor is deployed throughout the network to collect logs and monitor network traffic. It provides the five essential Sheriff CSM security capabilities – Behavioral Monitoring, SIEM, Intrusion Detection, Asset Discovery, and Vulnerability Assessment – for complete visibility. There must be at least one Sheriff CSM Sensor. Depending on your corporate requirements, more may be desirable. This is particularly true if you have distributed branches on subnets subordinate to the network at your headquarters.Sheriff CSM Server
Aggregates and correlates information that the Deputies gather. Provides single-pane-of-glass management, reporting, and administration. There is usually just one Sheriff CSM Server.Sheriff CSM Deployment Types
You deploy Sheriff CSM in one of two ways, simple or complex.Simple Deployment
Deploys all Sheriff CSM components — Sensor, Server, and Logger — in a single machine called Sheriff CSM All-in-One. This deployment model has most applicability for smaller environments, for testing, and for demonstrations.Complex/Distributed Deployment
This model deploys each Sheriff CSM component — Sensor, Server, and Logger — as an individual virtual or hardware machine to create a distributed topology. This deployment model comes in two versions that increase scalability and performance by provisioning dedicated systems for each component.Sheriff CSM Standard
Consists of the following- Sheriff CSM Standard Server
- Sheriff CSM Standard Sensor
Sheriff CSM Enterprise
Consists of the following
- Sheriff CSM Enterprise Server — includes the Enterprise Server and Enterprise Database
- Sheriff CSM Enterprise Sensor
Note: The Sheriff CSM Enterprise solution is not available as a virtual machine.
| Sheriff CSM All-in-One | Sheriff CSM Standard | Sheriff CSM Enterprise | |
|---|---|---|---|
| User Type | Small organizations | Mid-size organizations | Large organizations |
| Environment | Single-tier deployment | Multi-tier deployments and distributed environment | Multi-tier deployments and distributed environment |
| Virtual Appliance | x | x | |
| Hardware Appliance | x | x | x |
Sheriff CSM Deployment Examples
This topic provides topology examples for the threeSheriff CSM deployment options
- Simple deployment with Sheriff CSM All-in-One
- Extended simple deployment with a combination of All-in-One and one or more Remote Deputies
- Complex deployment for larger corporations with multiple branches
In this example, a Sheriff CSM All-in-One virtual or hardware appliance is deployed behind the corporate firewall.
Simple deployment example: Sheriff CSM All-in-One
The Sheriff CSM Sensor component on the Sheriff CSM All-in-One collects logs from the following networks:
- Office network
- Wireless network
- DMZ
- Firewalls
Simple deployment example: Sheriff CSM All-in-One
This model differs from the Simple Deployment example in that it uses a Sheriff CSM Remote Sensor for monitoring at a remote office that operates on a subnet. Sheriff CSM All-in-One is deployed on the main network.
Sheriff CSM Remote Sensor collects logs and monitors traffic specific to the subnet. It then sends these data to Sheriff CSM All-in-One on the main network for correlation and risk assessment.
Extended simple deployment example: Sheriff CSM All-in-One and a remote deputy
Extended simple deployment example: Sheriff CSM All-in-One and a remote deputy
In this deployment example, each office subnet has a remote deputy deployed to collect logs and monitor traffic.
On the main network at headquarters, a single Sheriff CSM Server and at least one Sensor install as individual appliances to increase scalability and performance.
All Sheriff CSM Deputies connect to one Sheriff CSM Server where correlation and risk assessment occurs.
The Sheriff CSM Server forwards the events and alarms to the Sheriff CSM Logger for long-term storage.
Complex deployment example: individual Sheriff CSM components
Complex deployment example: individual Sheriff CSM components
Edit | Attach | Print version | History: r37 < r36 < r35 < r34 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r37 - 08 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.