Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identifying Security Opportunities NetIQ Security Solution

Published byNorma Parsons Modified over 9 years ago

Similar presentations

Presentation on theme: "Identifying Security Opportunities NetIQ Security Solution"— Presentation transcript:

1 Identifying Security Opportunities NetIQ Security Solution

2 NetIQ® Identity and Security Solutions
Identity Management Access Management Security Management Access Manager SecureLogin Cloud Security Service Privileged User Manager Sentinel™ / Sentinel Log Manager Change Guardian™ Secure Configuration Manager Identity Manager Family Access Governance Suite eDirectory™ Directory and Resource Administrator™ Group Policy Administrator Migration Suite Governance and Compliance

3 NetIQ Security & Compliance Monitoring
Security & Compliance Management State Monitoring Event Monitoring Change Monitoring

4 Event Monitoring What to listen for
Centrally collect and report on log data Log Management Correlation, Real-time analysis Detect and alert on threats We know of risky activity but do not have visibility Demonstrate we are collecting and reviewing our logs Audit finding concerning the items above Recent breach or downtime Regulatory drivers for any of the above PCI, SOX, HIPAA, NERC, ISO27001, etc

5 Event Monitoring What to ask
How are you monitoring audit events today? Are you finding the information you need? Are there requirements to provide or extend security monitoring? How are you staffing your security monitoring? (i.e. outsource, internal) Who is responsible for monitoring? Do you only need to aggregate logs or are there additional requirements? What regulation/control is the audit finding against? Do you have visibility into and are you able to communicate your security posture?

6 Change Monitoring What to listen for
Lack of visibility into changes that can increase risk of data loss or downtime File Integrity Monitoring Monitoring Active Directory activity Monitoring Group Policy/ GPO changes Not sure what my privileged administrators are doing Audit findings concerning any of the above Regulatory drivers for any of the above PCI, SOX, HIPAA, NERC, ISO27001, etc

7 Change Monitoring What to ask
Do you have actionable information on changes that can increase risk of data loss or downtime? What regulation/control is the audit finding against? How do you monitoring activity / change events today? How are you addressing File Integrity Monitoring? Monitoring of critical system or sensitive data files How are you auditing changes to critical servers? How are you auditing Active Directory changes? How are you monitoring changes to Group Policies? How do you track access to sensitive accounts and mailboxes? (i.e. Administrators reading from executives to board members)

8 State Monitoring What to listen for
Automate/reduce cost of compliance reporting CIS Benchmark / Configuration policies Configuration drift Do not want to be surprised in future audits Get well program – track compliance progress US OMB Continuous Monitoring Streamline assessment of server build standards User account reporting Independent assessment of patch status Regulatory drivers for any of the above PCI, SOX, HIPAA, NERC, ISO27001, etc

9 State Monitoring What to ask
How often do you have to prove / demonstrate critical assets are compliant with configuration controls? Who is responsible for defining what to audit/report? How do you assess your servers against configuration drift? How do you address configuration audit requests? What regulation/control is the audit finding against? How do you track your compliance status? What is your compliance management process? When systems are out of compliance how do you address the issue?

10 Bringing It Together What’s in the solution?
Wedge into account with point solution Change Guardian to complement incumbent SIEM Event and Change Monitoring needs often aligned Sentinel + Change Guardian May require different/additional stakeholders (i.e. AD team, Exchange team) Differentiate / Change playing field with full solution Vendor consolidation & Differentiation Change focus of an opportunity / bring in additional stakeholders State Monitoring driven by related security best practices and compliance requirements State Monitoring may be owned by audit rather than security team

11 NetIQ Security & Compliance Solution
NetIQ Sentinel™ Industry-leading security information and event management (SIEM) solution which gives you ability to capture, correlate, analyze, and respond to events throughout the organization from one centralized security console NetIQ Change Guardian™ Focused, policy based monitoring solution which provides visibility into changes / activity that increase the risk of data breach or downtime. Provides detailed information of changes: who, what, when from where. NetIQ Secure Configuration Manager™ Award-winning security configuration assessment and compliance monitoring tool that reduce the cost of assessing compliance to best practice security configurations and responding to audit requests.

12 Experience from the trenches
Andy Phelan

13 Business Drivers Opportunities with previous solution provider
Provide expanded services to customers Reduce cost and complexity of IT Competitive market pressure Accommodate lean IT staff Resolve system deficiencies Disaster recovery – Emergency

14 SUPERVALU Implementation
Total Deal Size - $1.5M Directory & Resource Administrator (DRA) Provide administrative access to Active Directory based on role and DR for deletion of objects Group Policy Administrator (GPA) Manage GPO lifecycle, reporting, deployment and DR Change Guardian For AD & GP Monitor and alert for unauthorized changes to Active Directory and Group Policy Aegis Automated provisioning of elevated access via custom workflows Automated rollback of unauthorized changes to AD and GPO NetIQ Professional Services

15 An Integrated Approach
Leveraging and integrating all solutions Aegis for automation of processes Greater holistic view across enterprise More granular perspective on users Coordination of processes

16 Experience from the trenches
Steve Hicks

17 Change Guardian for AD Reference Story Toyota
Situation: Darrell Wright - Windows Server Specialist (SDS) Critical Business Issue: SOX Compliance Security Reason(s): Toyota has lots of contractors who administer Active Directory. They need a way to monitor who is created/modifying accounts and in the event of an unauthorized change, understand what they before and after values were. Toyota found that its current tools did not enable it to adequately audit changes to Active Directory and did not allow for proactive management of internal security policy. Capability(s): (when, who, what) Toyota would like something in place that will monitor AD for them to give them some information regarding who is accessing info, who is changing what, and when they are making the change. Proactively tracks, audit, report and alert on vital configuration changes – in real time and without the overhead of native auditing. Inform when a new user was created or deleted & provide a monthly report of the users created/deleted Point out / alert about security changes across the network. Monitor unauthorized changes in Active Directory Looking for a solution that would audit all actions performed by users and administrators in Active Directory and alert appropriate personnel in real time to unusual or suspect behavior so they can take appropriate action quickly. We provided… This deal is still in process but with Change Guardian for AD, we are providing Toyota with a way to: Identify managed and unmanaged changes in AD by alerting in real time on unmanaged Active Directory changes, enhancing control over policy compliance. Detect high-profile changes across well-known privileged group and produce detailed reports and alerts on changes across AD Centrally record and audit Active Directory changes and help Toyota monitor their environment with out-of-the-box reporting Easily identify where modifications occur outside of Toyota’s normal process Result: This deal has expanded beyond just AD Change Auditing to AD Policy enforcement via DRA. $300K opportunity Key Words: User activity monitoring Change auditing AD Auditing SOX Privileged User Monitoring Insider attack

18 Change Guardian for AD Reference Story Dollar General
Situation: Thomas Ratz - Director, IT Security and Compliance Critical Business Issue: Struggling to pass PCI-DSS Audit Securing point of sale retail systems Reason(s): Dollar General said configuration change management is crucial for monitoring the integrity of their critical files as per PCI security requirements Needed a solution to replace lots of manual checks and balances Section 11 requires file monitoring that looks for changes on any of the systems that touch cardholder data Capability(s): (when, who, what) Details on who created, accessed, moved, edited or deleted a file or directory, along with pre- and post-change information The ability to identify where file or directory access permissions were modified Windows Registry....wants to know information about who made changes, as well as pre- and post-change values We provided… Powerful, real-time change monitoring A solutions that eliminated the need for native object-level auditing, which drastically reduced server utilization A solution that centrally records and audits changes and delivers comprehensive change reporting A solution that tightly integrates with their corporate SIEM solution….Security Manager Result: 170 servers covered for $90,000 Key Words: PCI Change auditing FIM Change management

19 Land and Expand – speak with your customers about security and compliance monitoring

20

Download ppt "Identifying Security Opportunities NetIQ Security Solution"

Similar presentations

Tivoli Software from IBM Storage Resource Management Webcast

Tivoli Software from IBM Storage Resource Management Webcast
Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.
BalaBit Shell Control Box

BalaBit Shell Control Box
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Enterprise Reporter 2.0 Customer Presentation. Market Landscape.

Enterprise Reporter 2.0 Customer Presentation. Market Landscape.
Vice President of Facilities

Vice President of Facilities
HP Quality Center Overview.

HP Quality Center Overview.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Migration Manager for Active Directory & File Servers

Migration Manager for Active Directory & File Servers
Security Controls – What Works

Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.

Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.

Similar presentations

Ads by Google