from reactive to automated reducing costs through mature security processes info security europe...

© 2010 NetIQ Corporation. All rights reserved.

From Reactive To Automated:Reducing Costs Through Mature Security Processes

Jörn DierksChief Security Strategist [email protected]


Solving Cross-Discipline Problems

2

Process

Provisioning

Compliance

Incident

Change

Business Processes

People

HR

Helpdesk

NOC

Security

BusinessOwners

Technology

NetIQ

Infrastructure & Applications

Other Mgmt Vendors


Process

Provisioning

Compliance

Incident

Change

Business Processes

People

HR

Helpdesk

NOC

Security

BusinessOwners

Technology

NetIQ

Infrastructure & Applications

Other Mgmt Vendors

Solving Cross-Discipline Problems

3

Cross-Product Integration


The Role of IT Process Automation –Bridging Silos Between Business and IT

Business

Security Operations

Tools

PolicyAwareness

Configuration & Identity Auditing

Vulnerability Assessment

Content Monitoring / DLP

AV / Malware Protection

Security Info & Event Management

Perimeter & Network Security

Tools

Configuration & Patch Management

Service / Help Desk

Event Correlation & Analysis

Response TimeMonitoring

Identity Management

Systems & App Monitoring

Network Monitoring

IT ProcessAutomation

IT GRCM SLM

Responsibilities Shared between Security & Operations

ContinuityManagement

Capacity & AvailabilityManagement

ReleaseManagement

Incident & Problem Management

Configuration & ChangeManagement

CMDB


Security & Compliance

Identity & Access

Performance & Availability

55 © 2010 NetIQ Corporation. All rights reserved.

About NetIQ

• Manage and audit user entitlements• Track privileged user activity• Protect the integrity of key systems and files• Monitor access to sensitive information• Simplify compliance reporting

• Monitor and manage heterogeneous environments including custom applications

• IT Service validation and end-user performance monitoring

• Dynamic provisioning of large-scale monitoring with exceptions

• Functional and hierarchical Incident escalation

• Deliver & manage differentiated service levels

• User Provisioning Lifecycle Management• Centralize Unix account management through

Active Directory• Reduce number of privileged users• Secure delegated administration• Windows and Exchange Migration

IT ProcessAutomation


Addressing Insider Threat− Privileged User Monitoring

Addressing Compliance Requirements− Business Exception Management

End-User Policy Management and Awareness

Use-Cases In This Presentation


Security Breaches involving Sensitive Business Data


Another Challenge to Consider…

Source: “Data Loss Risks During Downsizing“, Ponemon Institute LLC, 23 Feb 2009

© 2010 NetIQ Corporation. All rights reserved.9

1. Policies, procedures and standards− Clear guidelines− Policies as a key for your organization− Standardize assets

2. Identity & access control− Data Classification− Access control− Manage islands of identity− (Privileged) User monitoring

3. Audits− Not a one-time effort

− Regular audits− Thorough audits

− Regulations− Difficult to do manually− Reporting needed

Three Important Subjects

Photo by: Giorgio Monteforti: http://www.flickr.com/photos/11139043@N00/1439804758/


Mapping Subjects To Technology

Active Directory

IT Infrastructure• Windows Systems• Unix & Linux Systems• Mac OS Systems• Security & Network Devices• Applications• Users• Groups• etc.

Workflow & Process Automation

A

B

C

Configuration &Compliance Management

Privileged User Monitoring, SIEM

Identity & AccessManagement

Policy Management& User Awareness


Security and Compliance ManagementTop Examples of Automated Processes

OperationalEfficiency

BusinessAlignment

Time Saved (minutes per execution)

Frequency (executions per month)

Business

Operations

Security

Provision and fulfill end-user access requests to systems and applications 115 280

Ensure business review of access entitlements to critical resources 360 8

Respond to attacks and integrate remediation and analysis 95 56

Respond to configuration changes and ensure protection of critical hosts 120 40

Monitor privileged-user activity and identify suspicious behavior 85 200

Provision user entitlements with Active Directory roles and groups 75 200

Identify and manage exceptions to security configuration policies 70 200

Financial Benefit*:Example Customer Automating All 7 Processes

286%3-Year ROI

9 MonthsPayback Period

Required Optional

FORRESTER®

* Determined using the Aegis ROI calculator developed by Forrester Consulting based on a representative customer with 1,000 servers.

Security Process Automation


Use Case #1

Insider Threat Incident Automation with Privileged User Monitoring

© 2010 NetIQ Corporation. All rights reserved.13

Automated IncidentManagement Workflow

Incident Management Console

AdministratorEvent

Remediation

Workflow / Process

Automated event detection & response:• Reduces time to response• Improves Auditability• Provides better consistency• Lowers impact on administrators

DataWarehouse

CMDB

Change Management


Use Case #2

Business Exception Management Automation in Compliance Management


5. Aegis informs the Security Officer about the exception creation request

• Ensures that no exceptions get created without approval

7. Aegis creates the exception in NetIQ Secure Configuration Manager and approves the exception

• All details about the approvals process are added into the notes section of the exception

3. Aegis emails the system owner• Informs about the problems found

8. Administrator is notified about the exception approval and creation

• Also, he’s asked if he wants to re-run the policy template

2. Secure Configuration Manager tells Aegis about the Compliance problem

• Aegis starts Non-Compliance Workflow

6. Security Officer approves exception request

• He can do that either by email or through the Aegis web console

Compliance & Configuration Management

Workflow / Process

SystemOwner

Business System

10

2

3

4

8

Manual Workload

Automated Workload

Results:

• No exceptions get created without prior approval

• Security Processes are followed through

• Compliance Issues are tracked consistently

• There’s always a consistent result of a workflow

Approval & ExceptionManagement Process

SecurityOfficer

5

6

4. System Owner analyzes the issues• Then he tells Aegis that he wants to create an

exception for one of the issues

9

7

1

9. The System Owner confirms…

10.Aegis tells Secure Configuration Manager to re-run the Policy Templates

1. Policy Templates assess compliance• NetIQ Secure Configuration Manager detects

non-compliant systems

10


2. Process Illustrated

3. ROI Modeled

4. Process Built

1. Process Documented

Where do I start? – Process Automation Lifecycle


1. Policies, procedures and standards− Clear guidelines− Policies as a key for your

organization− Standardize assets

2. Achieve Policy Compliance− Configuration & Compliance

Management− Automated Exception &

Approval Management

3. Monitor Privileged User Activity− SIEM & Access Monitoring− Automated Incident

Management, Escalation & Alerting

Summary – Remember… 1… 2… 3…!

Active Directory

IT Infrastructure• Windows Systems• Unix & Linux Systems• Mac OS Systems• Security & Network Devices• Applications• Users• Groups• etc.

Workflow & Process Automation

A

B

C

Configuration &Compliance Management

Privileged User Monitoring, SIEM

Identity & AccessManagement

Policy Management& User Awareness

NetIQ, an Attachmate business.


Follow NetIQ:

Worldwide Headquarters

1233 West Loop South, Suite 810

Houston, Texas 77027 USA

Worldwide: 713.548.1700

N. America Toll Free: 1.888.323.6768

[email protected]

NetIQ.com