200 likes | 352 Views
Identifying Security Opportunities NetIQ Security Solution. NetIQ ® Identity and Security Solutions. Identity Management. Access Management. Security Management. Access Manager SecureLogin Cloud Security Service Privileged User Manager. Sentinel ™ / Sentinel Log Manager
E N D
NetIQ® Identity and Security Solutions Identity Management Access Management Security Management • Access Manager • SecureLogin • Cloud Security Service • Privileged User Manager • Sentinel™ / Sentinel Log Manager • Change Guardian™ • Secure Configuration Manager • Identity Manager Family • Access Governance Suite • eDirectory™ • Directory and Resource Administrator™ • Group Policy Administrator • Migration Suite Governance and Compliance
NetIQ Security & Compliance Monitoring State Monitoring Event Monitoring Security & Compliance Management ChangeMonitoring
Event MonitoringWhat to listen for • Centrally collect and report on log data • Log Management • Correlation, Real-time analysis • Detect and alert on threats • We know of risky activity but do not have visibility • Demonstrate we are collecting and reviewing our logs • Audit finding concerning the items above • Recent breach or downtime • Regulatory drivers for any of the above • PCI, SOX, HIPAA, NERC, ISO27001, etc
Event MonitoringWhat to ask • How are you monitoring audit events today? • Are you finding the information you need? • Are there requirements to provide or extend security monitoring? • How are you staffing your security monitoring? (i.e. outsource, internal) Who is responsible for monitoring? • Do you only need to aggregate logs or are there additional requirements? • What regulation/control is the audit finding against? • Do you have visibility into and are you able to communicate your security posture?
Change MonitoringWhat to listen for • Lack of visibility into changes that can increase risk of data loss or downtime • File Integrity Monitoring • Monitoring Active Directory activity • Monitoring Group Policy/ GPO changes • Not sure what my privileged administrators are doing • Audit findings concerning any of the above • Regulatory drivers for any of the above • PCI, SOX, HIPAA, NERC, ISO27001, etc
Change MonitoringWhat to ask • Do you have actionable information on changes that can increase risk of data loss or downtime? • What regulation/control is the audit finding against? • How do you monitoring activity / change events today? • How are you addressing File Integrity Monitoring? • Monitoring of critical system or sensitive data files • How are you auditing changes to critical servers? • How are you auditing Active Directory changes? • How are you monitoring changes to Group Policies? • How do you track access to sensitive accounts and mailboxes? (i.e. Administrators reading email from executives to board members)
State MonitoringWhat to listen for • Automate/reduce cost of compliance reporting • CIS Benchmark / Configuration policies • Configuration drift • Do not want to be surprised in future audits • Get well program – track compliance progress • US OMB Continuous Monitoring • Streamline assessment of server build standards • User account reporting • Independent assessment of patch status • Regulatory drivers for any of the above • PCI, SOX, HIPAA, NERC, ISO27001, etc
State MonitoringWhat to ask • How often do you have to prove / demonstrate critical assets are compliant with configuration controls? • Who is responsible for defining what to audit/report? • How do you assess your servers against configuration drift? • How do you address configuration audit requests? • What regulation/control is the audit finding against? • How do you track your compliance status? • What is your compliance management process? • When systems are out of compliance how do you address the issue?
Bringing It TogetherWhat’s in the solution? • Wedge into account with point solution • Change Guardian to complement incumbent SIEM • Event and Change Monitoring needs often aligned • Sentinel + Change Guardian • May require different/additional stakeholders (i.e. AD team, Exchange team) • Differentiate / Change playing field with full solution • Vendor consolidation & Differentiation • Change focus of an opportunity / bring in additional stakeholders • State Monitoring driven by related security best practices and compliance requirements • State Monitoring may be owned by audit rather than security team
Experience from the trenches Andy Phelan
Business Drivers • Opportunities with previous solution provider • Provide expanded services to customers • Reduce cost and complexity of IT • Competitive market pressure • Accommodate lean IT staff • Resolve system deficiencies • Disaster recovery – Emergency
SUPERVALU Implementation • Total Deal Size - $1.5M • Directory & Resource Administrator (DRA) • Provide administrative access to Active Directory based on role and DR for deletion of objects • Group Policy Administrator (GPA) • Manage GPO lifecycle, reporting, deployment and DR • Change Guardian For AD & GP • Monitor and alert for unauthorized changes to Active Directory and Group Policy • Aegis • Automated provisioning of elevated access via custom workflows • Automated rollback of unauthorized changes to AD and GPO • NetIQ Professional Services
An Integrated Approach • Leveraging and integrating all solutions • Aegis for automation of processes • Greater holistic view across enterprise • More granular perspective on users • Coordination of processes
Experience from the trenches Steve Hicks
Land and Expand – speak with your customers about security and compliance monitoring