1 / 20

Identifying Security Opportunities NetIQ Security Solution

Identifying Security Opportunities NetIQ Security Solution. NetIQ ® Identity and Security Solutions. Identity Management. Access Management. Security Management. Access Manager SecureLogin Cloud Security Service Privileged User Manager. Sentinel ™ / Sentinel Log Manager

dixie
Télécharger la présentation

Identifying Security Opportunities NetIQ Security Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identifying Security OpportunitiesNetIQ Security Solution

  2. NetIQ® Identity and Security Solutions Identity Management Access Management Security Management • Access Manager • SecureLogin • Cloud Security Service • Privileged User Manager • Sentinel™ / Sentinel Log Manager • Change Guardian™ • Secure Configuration Manager • Identity Manager Family • Access Governance Suite • eDirectory™ • Directory and Resource Administrator™ • Group Policy Administrator • Migration Suite Governance and Compliance

  3. NetIQ Security & Compliance Monitoring State Monitoring Event Monitoring Security & Compliance Management ChangeMonitoring

  4. Event MonitoringWhat to listen for • Centrally collect and report on log data • Log Management • Correlation, Real-time analysis • Detect and alert on threats • We know of risky activity but do not have visibility • Demonstrate we are collecting and reviewing our logs • Audit finding concerning the items above • Recent breach or downtime • Regulatory drivers for any of the above • PCI, SOX, HIPAA, NERC, ISO27001, etc

  5. Event MonitoringWhat to ask • How are you monitoring audit events today? • Are you finding the information you need? • Are there requirements to provide or extend security monitoring? • How are you staffing your security monitoring? (i.e. outsource, internal) Who is responsible for monitoring? • Do you only need to aggregate logs or are there additional requirements? • What regulation/control is the audit finding against? • Do you have visibility into and are you able to communicate your security posture?

  6. Change MonitoringWhat to listen for • Lack of visibility into changes that can increase risk of data loss or downtime • File Integrity Monitoring • Monitoring Active Directory activity • Monitoring Group Policy/ GPO changes • Not sure what my privileged administrators are doing • Audit findings concerning any of the above • Regulatory drivers for any of the above • PCI, SOX, HIPAA, NERC, ISO27001, etc

  7. Change MonitoringWhat to ask • Do you have actionable information on changes that can increase risk of data loss or downtime? • What regulation/control is the audit finding against? • How do you monitoring activity / change events today? • How are you addressing File Integrity Monitoring? • Monitoring of critical system or sensitive data files • How are you auditing changes to critical servers? • How are you auditing Active Directory changes? • How are you monitoring changes to Group Policies? • How do you track access to sensitive accounts and mailboxes? (i.e. Administrators reading email from executives to board members)

  8. State MonitoringWhat to listen for • Automate/reduce cost of compliance reporting • CIS Benchmark / Configuration policies • Configuration drift • Do not want to be surprised in future audits • Get well program – track compliance progress • US OMB Continuous Monitoring • Streamline assessment of server build standards • User account reporting • Independent assessment of patch status • Regulatory drivers for any of the above • PCI, SOX, HIPAA, NERC, ISO27001, etc

  9. State MonitoringWhat to ask • How often do you have to prove / demonstrate critical assets are compliant with configuration controls? • Who is responsible for defining what to audit/report? • How do you assess your servers against configuration drift? • How do you address configuration audit requests? • What regulation/control is the audit finding against? • How do you track your compliance status? • What is your compliance management process? • When systems are out of compliance how do you address the issue?

  10. Bringing It TogetherWhat’s in the solution? • Wedge into account with point solution • Change Guardian to complement incumbent SIEM • Event and Change Monitoring needs often aligned • Sentinel + Change Guardian • May require different/additional stakeholders (i.e. AD team, Exchange team) • Differentiate / Change playing field with full solution • Vendor consolidation & Differentiation • Change focus of an opportunity / bring in additional stakeholders • State Monitoring driven by related security best practices and compliance requirements • State Monitoring may be owned by audit rather than security team

  11. NetIQ Security & Compliance Solution

  12. Experience from the trenches Andy Phelan

  13. Business Drivers • Opportunities with previous solution provider • Provide expanded services to customers • Reduce cost and complexity of IT • Competitive market pressure • Accommodate lean IT staff • Resolve system deficiencies • Disaster recovery – Emergency

  14. SUPERVALU Implementation • Total Deal Size - $1.5M • Directory & Resource Administrator (DRA) • Provide administrative access to Active Directory based on role and DR for deletion of objects • Group Policy Administrator (GPA) • Manage GPO lifecycle, reporting, deployment and DR • Change Guardian For AD & GP • Monitor and alert for unauthorized changes to Active Directory and Group Policy • Aegis • Automated provisioning of elevated access via custom workflows • Automated rollback of unauthorized changes to AD and GPO • NetIQ Professional Services

  15. An Integrated Approach • Leveraging and integrating all solutions • Aegis for automation of processes • Greater holistic view across enterprise • More granular perspective on users • Coordination of processes

  16. Experience from the trenches Steve Hicks

  17. Change Guardian for AD Reference StoryToyota

  18. Change Guardian for AD Reference StoryDollar General

  19. Land and Expand – speak with your customers about security and compliance monitoring

More Related