Presenter:

Nick CavalanciaAuditing Evangelist

3 Ways Auditing Needs to be a Part of Your Security Strategy

Brought to You by

Agenda

GA

Security Breaches and Data Leaks in the News & Reality

Where Does Auditing Fit?

Why is Auditing Necessary?

Goals Auditing Helps With

Can Auditing Complement Threat Defense Mechanisms?

A 10K Foot View of a Simple Security Strategy

IT Systems Critical for Auditing

Netwrix Auditor

Conclusion

Questions & Answers

Security Breaches and Data Leaks in the News

What Typically Hits the Headlines?

General public impacted

Large numbers

High profile companies / state sponsored

attacks

Malware to Steal Specific Data

Target breach, 2013

The Home Depot breach, 2014

Sophisticated Targeted Attacks

JP Morgan Chase breach, 2014

“Stuxnet” worm targeting specific

organizations

Uncovered Vulnerabilities that may be Exploited by Hackers

Heartbleed

Shellshock

Security Breaches and Data Leaks in Reality

PwC “Information Security Breaches” Survey, 2014:

81% of large and 60% of small firms had a security breach

63% of large organizations had staff related incidents

55% of large organizations suffered from outsider attacks

Verizon “Data Breach Investigations” Report, 2014:

88% of insider incidents were due to privilege misuse

22% of organizations detected insider misuse within weeks, 11% within months

Thycotic “Black Hat” Hacker Survey, 2014:

Primary attack targets: Contractors (40%) and IT admins (30%)

99% of hackers believe simple hacking tactics are still effective

Where Does Auditing Fit?

For many, auditing is an afterthought

For many, auditing is merely a “once-a-year” part of an overall security strategy

Just documenting changes is not enough

Checking security state at a single point in time doesn’t provide the visibility

So Why is Auditing Necessary?

IT changes happen…o Undocumentedo Unloggedo Unapproved…

57%Make changeswithoutdocumenting

46%Make changesthat

impactsecurity

52%Make changesthatimpactavailability

62%Have no ability to

auditchanges

42%Make changesacross

multiplesystems

Goals Auditing Helps With

Security Enhancement

Achieving Regulatory Compliance and Passing

Audits

Achieving Operational Efficiency

1. Assess2. Assign3. Audit

A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy

1. Assess2. Assign3. Audit

A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy

1. Assess2. Assign3. Audit

A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy

A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy

1. Assess2. Assign3. Audit

IT Systems Critical for Auditing

Active Directory

SharePoint

SQL Server

VMware

Windows Server

File Servers

Exchange

IT-Auditing

About Netwrix Corporation

Year of foundation: 2006

Headquarters location: Irvine, California

Global customer base: 6000 Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Pro and others

Customer support: global 24/5 support with 97% customer satisfaction

Netwrix Locations

Year of foundation: 2006

Headquarters location: Irvine, California

Global customer base: 6000

Corporate Headquarters:300 Spectrum Center Drive #1100 Irvine, CA 92618888-638-9749www.netwrix.com

About Netwrix Auditor

Netwrix Auditor

enables #completevisibility into both security configuration

and data access within the IT infrastructure

by providing actionable audit data about who changed what, when and where

and who has access to what

Netwrix Auditor Benefits

Eliminates blind spots and makes it easy to identify

changes that violate corporate security policies

thus helping detect suspicious user activity and

prevent breaches.

Provides actionable audit data required to prove that

the organization’s IT compliance program

adheres to PCI DSS, HIPAA, SOX, FISMA/NIST800-53,

COBIT, ISO/IEC 27001 and other audits.

Relieves IT departments of manual crawling through disparate array of event

logs to get the information about who changed what, when and where and who

has access to what.

Strengthens Security Streamlines Compliance Optimizes Operations

Netwrix Auditor Applications Scope

Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; AD change rollback; inactive user tracking and password expiration alerting

Changes to Windows-based file servers, EMC Storage and NetApp Filers; State-in-Time information on configurations.

SharePoint farm configuration changes, security and content changes

Exchange changes and non-owner mailbox access auditing

SQL configuration and database content changes

Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording

VMware vSphere changes

Netwrix Auditor for Active Directory

Netwrix Auditor for Exchange

Netwrix Auditor for File Servers

Netwrix Auditor for SharePoint

Netwrix Auditor for SQL Server

Netwrix Auditor for VMware

Netwrix Auditor for Windows Server

Netwrix Auditor Conceptual Model

Conclusion

Companies make undocumented changes on a daily basis.

Changes coming from outsiders is not mythic either.

Security is never a static thing but is a multi-faceted

process.

Change Auditing should be a part of your holistic security

strategy and an ongoing exercise mirroring the dynamic

nature of your environment.

Presenter:

Nick CavalanciaAuditing Evangelist

Thank you for your attention!

Questions?

Brought to You by