Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why IT auditing is a must in your security strategy ?

Published byLesley James Modified over 8 years ago

Similar presentations

Presentation on theme: "Why IT auditing is a must in your security strategy ?"— Presentation transcript:

1 Why IT auditing is a must in your security strategy ?

2 Welcome Phone: 1-949-407-5125 x2832 Email: Jeff.Melnick@netwrix.com Jeff Melnick Netwrix engineer

3 Agenda The IT world we live in: the device mesh The future of security: expert predictions Perimeter defense: turning security inside out Notable breaches How IT auditing supplements security strategy Questions and answers

4 The IT World We Live in: The “Device Mesh”

5 Device mesh — is the proliferation of smart, digital, wireless, sensor-based, interconnected devices that people use personally and professionally to access applications, systems and information. Other IT buzz words today: Internet of Things, Cloud Computing, Big Data, Advanced Analytics, Advanced Machine Learning, Bring-Your-Own-Device, Convergence, DevOps, PaaS/SaaS

6 Examples The ones we already got used to:

7 Examples The ones that are growing in popularity: Self-driving cars Connected smart home devices Smart clothing Personal health devices Robots assistants Other sensor-based devices and wearables for work and leisure

8 Devices are widely used for work (BYOD spreads in the business world) but are lacking inherent security at the same time. Mobile applications and systems have multiple vulnerabilities. Few companies are adequately measuring up the demands of new security standards in response to a new ubiquitous computing paradigm. Interconnectivity-related Security Concerns

9 The Concept of Network Perimeter Is Now Blurred

10 Analogy: Cyberwarfare in the Past

11 Analogy: Modern Cyberwarfare

12 Insider threats stats 2016 IBM Cyber Security Intelligence Index … “Of all responsible for security attacks” 60% Insiders 44.5% Malicious Insiders 15.5% Inadvertent Insiders 2016 Vormetric Data Threat Report … “Which IT insiders pose the greatest risks?” 58% Privileged user accounts 45% Executive management accounts

13 Insider threats outrank external attacks already today. Insider threats are becoming more difficult to deal with. A security focus will be set on establishing proper control over user activities inside corporate networks. Insider Threats Handling Will Become a Priority

14 Analogy: Cyberwarfare in the Cloud

15 Cloud Security Survey Knowing who does what, when and where in the cloud provides security guarantees for 71% of enterprises. 69% 65% www.netwrix.com/go/cloudsurvey2015 Security and loss of physical control over data Cloud technology concerns Unauthorized Access Cloud security concerns Hybrid Cloud Infrastructure Cloud deployment

16 Sample Data Breaches That Could Have Been Prevented

17 Data Breaches of 2015

18 Data Breach Case Study The United States Office of Personnel Management Announcement:June 2015 Start:March 2014 or earlier Affected:21,5 million people What leaked:social security numbers, names, dates and places of birth, addresses and other Hacking method:attackers had gained valid user credentials, likely through social engineering. State involvement:linked to Chinese hackers / Chinese government

19 Data Breach Case Study Experian Announcement:September 2015 Start:September 2013 or earlier Affected:15 million people What leaked:names, addresses, birthdates, social security numbers and ID numbers Hacking method:investigation is ongoing (presumably identity theft through phishing.)

20 How Auditing Can Solidify Your IT Security Strategy

21 The Challenge Lack of visibility into insider activity increases the risk of data breaches because IT departments are unable to spot malicious activity before data is compromised.

22 IT Auditing Is the Answer IT auditing delivers visibility into what’s happening in IT environments. Access to sensitive data Abnormal user activity Privilege abuse Changes to critical configurations Data exfiltration

23 What We Do? Netwrix Auditor A visibility and governance platform that enables control over changes, configurations, and access in hybrid cloud IT environments by providing security analytics to detect anomalies in user behavior and investigate threat pattern before a data breach occurs.

24 Netwrix Auditor Applications Netwrix Auditor for Active Directory Netwrix Auditor for Windows File Servers Netwrix Auditor for Windows Server Netwrix Auditor for VMware Netwrix Auditor for Exchange Netwrix Auditor for SQL Server Netwrix Auditor for SharePoint Netwrix Auditor for Office 365 Netwrix Auditor for NetApp Netwrix Auditor for EMC

25 Netwrix Auditor Benefits Relieves IT departments of manual crawling through weeks of log data to get the information about who changed what, when and where and who has access to what. Detect Data Security Threats – On Premises and in the Cloud Pass Compliance Audits with Less Effort and Expense Increase the Productivity of Security and Operations Teams Bridges the visibility gap by delivering security analytics about critical changes, state of configurations and data access in hybrid cloud IT environments and enables investigation of suspicious user behavior. Provides the evidence required to prove that your organization’s IT security program adheres to PCI DSS, HIPAA, HITECH, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 27001 and other standards.

26 #completevisibility IT Administrator Generate and deliver audit and compliance reports faster. Addressing the IT and Business Challenges IT Security Administrator Investigate suspicious user activity before it becomes a breach. IT Manager Take back control over your IT infrastructure and eliminate the stress of your next compliance audit. IT Director, CIO/CISO Prevent data breaches and minimize compliance costs.

27 About Netwrix Corporation Year of foundation: 2006 Headquarters location: Irvine, California Global customer base: over 7000 Recognition: Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, WindowsIT Pro and others Customer support: global 24/5 support with 97% customer satisfaction

28 Netwrix Customers Year of foundation: 2006 Headquarters location: Irvine, California Global customer base: over 7000 Recognition: Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, WindowsIT Pro and others Customer support: global 24/5 support with 97% customer satisfaction GA Financial Healthcare & Pharmaceutical Federal, State, Local, Government Industrial/Technology/Other

29 Industry Awards and Recognition Year of foundation: 2006 Headquarters location: Irvine, California Global customer base: over 7000 Customer support: global 24/5 support with 97% customer satisfaction All awards: www.netwrix.com/awards

30 Jeff Melnick Netwrix engineer Jeff.melnick@netwrix.com 1.949.407.5125 x2832 Thank You! Questions?

Download ppt "Why IT auditing is a must in your security strategy ?"

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Ken Paiboon 214.274.3436 ken@exabeam.com User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon 214.274.3436 ken@exabeam.com.

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Presenter: Nick Cavalancia Auditing Evangelist 3 Ways Auditing Needs to be a Part of Your Security Strategy Brought to You by.

Presenter: Nick Cavalancia Auditing Evangelist 3 Ways Auditing Needs to be a Part of Your Security Strategy Brought to You by.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Similar presentations

Ads by Google