from reactive to automated reducing costs through mature security processes info security europe...
TRANSCRIPT
© 2010 NetIQ Corporation. All rights reserved.
From Reactive To Automated:Reducing Costs Through Mature Security Processes
Jörn DierksChief Security Strategist [email protected]
© 2010 NetIQ Corporation. All rights reserved.
Solving Cross-Discipline Problems
2
Process
Provisioning
Compliance
Incident
Change
Business Processes
People
HR
Helpdesk
NOC
Security
BusinessOwners
Technology
NetIQ
Infrastructure & Applications
Other Mgmt Vendors
© 2010 NetIQ Corporation. All rights reserved.
Process
Provisioning
Compliance
Incident
Change
Business Processes
People
HR
Helpdesk
NOC
Security
BusinessOwners
Technology
NetIQ
Infrastructure & Applications
Other Mgmt Vendors
Solving Cross-Discipline Problems
3
Cross-Product Integration
© 2010 NetIQ Corporation. All rights reserved.
The Role of IT Process Automation –Bridging Silos Between Business and IT
Business
Security Operations
Tools
PolicyAwareness
Configuration & Identity Auditing
Vulnerability Assessment
Content Monitoring / DLP
AV / Malware Protection
Security Info & Event Management
Perimeter & Network Security
Tools
Configuration & Patch Management
Service / Help Desk
Event Correlation & Analysis
Response TimeMonitoring
Identity Management
Systems & App Monitoring
Network Monitoring
IT ProcessAutomation
IT GRCM SLM
Responsibilities Shared between Security & Operations
ContinuityManagement
Capacity & AvailabilityManagement
ReleaseManagement
Incident & Problem Management
Configuration & ChangeManagement
CMDB
© 2010 NetIQ Corporation. All rights reserved.
Security & Compliance
Identity & Access
Performance & Availability
55 © 2010 NetIQ Corporation. All rights reserved.
About NetIQ
• Manage and audit user entitlements• Track privileged user activity• Protect the integrity of key systems and files• Monitor access to sensitive information• Simplify compliance reporting
• Monitor and manage heterogeneous environments including custom applications
• IT Service validation and end-user performance monitoring
• Dynamic provisioning of large-scale monitoring with exceptions
• Functional and hierarchical Incident escalation
• Deliver & manage differentiated service levels
• User Provisioning Lifecycle Management• Centralize Unix account management through
Active Directory• Reduce number of privileged users• Secure delegated administration• Windows and Exchange Migration
IT ProcessAutomation
© 2010 NetIQ Corporation. All rights reserved.
Addressing Insider Threat− Privileged User Monitoring
Addressing Compliance Requirements− Business Exception Management
End-User Policy Management and Awareness
Use-Cases In This Presentation
© 2010 NetIQ Corporation. All rights reserved.
Another Challenge to Consider…
Source: “Data Loss Risks During Downsizing“, Ponemon Institute LLC, 23 Feb 2009
© 2010 NetIQ Corporation. All rights reserved.9
1. Policies, procedures and standards− Clear guidelines− Policies as a key for your organization− Standardize assets
2. Identity & access control− Data Classification− Access control− Manage islands of identity− (Privileged) User monitoring
3. Audits− Not a one-time effort
− Regular audits− Thorough audits
− Regulations− Difficult to do manually− Reporting needed
Three Important Subjects
Photo by: Giorgio Monteforti: http://www.flickr.com/photos/11139043@N00/1439804758/
© 2010 NetIQ Corporation. All rights reserved.
Mapping Subjects To Technology
Active Directory
IT Infrastructure• Windows Systems• Unix & Linux Systems• Mac OS Systems• Security & Network Devices• Applications• Users• Groups• etc.
Workflow & Process Automation
A
B
C
Configuration &Compliance Management
Privileged User Monitoring, SIEM
Identity & AccessManagement
Policy Management& User Awareness
© 2010 NetIQ Corporation. All rights reserved.
Security and Compliance ManagementTop Examples of Automated Processes
OperationalEfficiency
BusinessAlignment
Time Saved (minutes per execution)
Frequency (executions per month)
Business
Operations
Security
Provision and fulfill end-user access requests to systems and applications 115 280
Ensure business review of access entitlements to critical resources 360 8
Respond to attacks and integrate remediation and analysis 95 56
Respond to configuration changes and ensure protection of critical hosts 120 40
Monitor privileged-user activity and identify suspicious behavior 85 200
Provision user entitlements with Active Directory roles and groups 75 200
Identify and manage exceptions to security configuration policies 70 200
Financial Benefit*:Example Customer Automating All 7 Processes
286%3-Year ROI
9 MonthsPayback Period
Required Optional
FORRESTER®
* Determined using the Aegis ROI calculator developed by Forrester Consulting based on a representative customer with 1,000 servers.
Security Process Automation
© 2010 NetIQ Corporation. All rights reserved.
Use Case #1
Insider Threat Incident Automation with Privileged User Monitoring
© 2010 NetIQ Corporation. All rights reserved.13
Automated IncidentManagement Workflow
Incident Management Console
AdministratorEvent
Remediation
Workflow / Process
Automated event detection & response:• Reduces time to response• Improves Auditability• Provides better consistency• Lowers impact on administrators
DataWarehouse
CMDB
Change Management
© 2010 NetIQ Corporation. All rights reserved.
Use Case #2
Business Exception Management Automation in Compliance Management
© 2010 NetIQ Corporation. All rights reserved.
5. Aegis informs the Security Officer about the exception creation request
• Ensures that no exceptions get created without approval
7. Aegis creates the exception in NetIQ Secure Configuration Manager and approves the exception
• All details about the approvals process are added into the notes section of the exception
3. Aegis emails the system owner• Informs about the problems found
8. Administrator is notified about the exception approval and creation
• Also, he’s asked if he wants to re-run the policy template
2. Secure Configuration Manager tells Aegis about the Compliance problem
• Aegis starts Non-Compliance Workflow
6. Security Officer approves exception request
• He can do that either by email or through the Aegis web console
Compliance & Configuration Management
Workflow / Process
SystemOwner
Business System
10
2
3
4
8
Manual Workload
Automated Workload
Results:
• No exceptions get created without prior approval
• Security Processes are followed through
• Compliance Issues are tracked consistently
• There’s always a consistent result of a workflow
Approval & ExceptionManagement Process
SecurityOfficer
5
6
4. System Owner analyzes the issues• Then he tells Aegis that he wants to create an
exception for one of the issues
9
7
1
9. The System Owner confirms…
10.Aegis tells Secure Configuration Manager to re-run the Policy Templates
1. Policy Templates assess compliance• NetIQ Secure Configuration Manager detects
non-compliant systems
10
© 2010 NetIQ Corporation. All rights reserved.
2. Process Illustrated
3. ROI Modeled
4. Process Built
1. Process Documented
Where do I start? – Process Automation Lifecycle
© 2010 NetIQ Corporation. All rights reserved.
1. Policies, procedures and standards− Clear guidelines− Policies as a key for your
organization− Standardize assets
2. Achieve Policy Compliance− Configuration & Compliance
Management− Automated Exception &
Approval Management
3. Monitor Privileged User Activity− SIEM & Access Monitoring− Automated Incident
Management, Escalation & Alerting
Summary – Remember… 1… 2… 3…!
Active Directory
IT Infrastructure• Windows Systems• Unix & Linux Systems• Mac OS Systems• Security & Network Devices• Applications• Users• Groups• etc.
Workflow & Process Automation
A
B
C
Configuration &Compliance Management
Privileged User Monitoring, SIEM
Identity & AccessManagement
Policy Management& User Awareness
NetIQ, an Attachmate business.
© 2010 NetIQ Corporation. All rights reserved.
Follow NetIQ:
Worldwide Headquarters
1233 West Loop South, Suite 810
Houston, Texas 77027 USA
Worldwide: 713.548.1700
N. America Toll Free: 1.888.323.6768
NetIQ.com