Implementing and Proving Compliance Tactics
with Novell Compliance Management Platform
                           ®



Ide...
Agenda

                •   Novell Compliance Management Platform
                                    ®




              ...
Compliance Management Platform
    Industry Leading Modular Product Offerings

           Tightly integrated compliance an...
Novell Compliance Management Platform
                         ®




                                          •   User Pr...
Novell Identity Tracking Solution
                            ®




    •   The goal of this Solution Pack is to help you ...
Real-time, Identity-Enriched
    Security Information

                                          • Who caused this securit...
Suggested Environment




7   © Novell, Inc. All rights reserved.
Installing the Identity Tracking Solution
Steps to Install the Identity Tracking Solution

    •   Download the latest release of Identity Tracking
        Solution...
Data Acquisition - Collector




10   © Novell, Inc. All rights reserved.
Event Samples

          •   Directory
               –   Login
               –   Logout
               –   Password Chan...
Correlation Rules

     •   Identity Tracking provides correlation rules:
          –   Affected By Exploits
          –  ...
Reports
Dashboard Reporting

                                           Providing an overview of
                                 ...
From Dashboard to Detail

     Detailed information
     regarding individual
     activity




15   © Novell, Inc. All ri...
Provisioning Versus Utilization

                                           Are users actually using
                     ...
Understanding User Activity

                                           What is the usage
                                ...
Password Policy Compliance

     And do their
     passwords conform
     to policy?
          –   How effective are
     ...
Demonstration
Use Cases

              1. User Provisioned
              2. Workflow Process
              3. Access Granted
           ...
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, propriet...
Implementing and Proving Compliance Tactics with Novell Compliance Management Platform Identity Tracking Solution
Upcoming SlideShare
Loading in...5
×

Implementing and Proving Compliance Tactics with Novell Compliance Management Platform Identity Tracking Solution

935

Published on

This session will outline how to implement the out-of-the-box controls and reports included in the identity tracking solution pack that ships with Novell Compliance Management Platform. Additionally, you will be guided through examples to expand beyond what is included with the basic configuration of Compliance Management Platform. Before attending, you should have a general understanding of the architecture and deployment of Novell Identity Manager, Novell Access Manager and Novell Sentinel.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
935
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
71
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Implementing and Proving Compliance Tactics with Novell Compliance Management Platform Identity Tracking Solution

  1. 1. Implementing and Proving Compliance Tactics with Novell Compliance Management Platform ® Identity Tracking Solution Adam Loughran Arlene Mordeno Principal, Compliance Management Technology Specialist, Novell Inc./aloughra@novell.com Novell Inc./amordeno@novell.com Stuart Proffitt TSS Principal - Identity Novell Inc./sproffitt@novell.com
  2. 2. Agenda • Novell Compliance Management Platform ® • Novell Identity Tracking Solution • Suggested Environment • Installation • Data Acquisition • Event Samples • Correlation Rules • Reports 2 © Novell, Inc. All rights reserved.
  3. 3. Compliance Management Platform Industry Leading Modular Product Offerings Tightly integrated compliance and governance solutions Novell® Access Manager Novell ® Identity Manager Solutions Novell Sentinel ® ™ 3 © Novell, Inc. All rights reserved.
  4. 4. Novell Compliance Management Platform ® • User Provisioning • User Password Self Service • Manage User Access to Web Applications • SSL VPN to Private Cloud • Identity Federation • Web Single Sign-on • Real-time Monitoring • Security Remediation 4 © Novell, Inc. All rights reserved.
  5. 5. Novell Identity Tracking Solution ® • The goal of this Solution Pack is to help you to manage security problems, providing accurate information about User Management from Novell Sentinel . ® ™ • A Sentinel Solution Pack includes some pre-formatted Reports, Correlation Rules, Collectors, Dynamic Lists, Workflows and Roles that were designed with regulatory requirements in mind. • This Solution Pack is shipped separately and works for Sentinel RD and Sentinel 6.1. 5 © Novell, Inc. All rights reserved.
  6. 6. Real-time, Identity-Enriched Security Information • Who caused this security event? • What else have they been doing recently? • What other accounts do they have throughout the enterprise? 6 © Novell, Inc. All rights reserved.
  7. 7. Suggested Environment 7 © Novell, Inc. All rights reserved.
  8. 8. Installing the Identity Tracking Solution
  9. 9. Steps to Install the Identity Tracking Solution • Download the latest release of Identity Tracking Solution (ITS) from the Sentinel Content Web site http://support.novell.com/products/sentinel/secure/sentinel61.html • Using Sentinel Solution Manager, import the ITS package • Launch Deploy Screen • Install and Configure resources following ITS documentation • Collect Events and Test 9 © Novell, Inc. All rights reserved.
  10. 10. Data Acquisition - Collector 10 © Novell, Inc. All rights reserved.
  11. 11. Event Samples • Directory – Login – Logout – Password Changed • Access Manager – Login – Logout – URL Accessed • Identity Manager – Identity Provisioned – Identity Deprovisioned 11 © Novell, Inc. All rights reserved.
  12. 12. Correlation Rules • Identity Tracking provides correlation rules: – Affected By Exploits – Detect Exploited Assets – Detect Impersonators – Identify Terminated Employees – Monitor ITS Control Management – Remove Reactivated Employees – Rogue Administration – Unauthorized Access By Terminated Employees 12 © Novell, Inc. All rights reserved.
  13. 13. Reports
  14. 14. Dashboard Reporting Providing an overview of identity and security concerns throughout the enterprise – The top threats and possible vulnerabilities at a glance – Aggregation of the most important security events enriched with Identity Information 14 © Novell, Inc. All rights reserved.
  15. 15. From Dashboard to Detail Detailed information regarding individual activity 15 © Novell, Inc. All rights reserved.
  16. 16. Provisioning Versus Utilization Are users actually using provisioned resources? – Identity Management systems can easily tell you what resources users are provisioned to—can they tell you when is the last time used? – Combining identity information with security events provides an additional level of inspection and validation – Provides insight regarding effectiveness of provisioning as well as role definitions 16 © Novell, Inc. All rights reserved.
  17. 17. Understanding User Activity What is the usage history of provisioned resources? – Security information enriched with identity data can provide insight regarding how users are utilizing provisioned resources – Provides additional data regarding usage trends, anomalies, and comparisons to average utilization 17 © Novell, Inc. All rights reserved.
  18. 18. Password Policy Compliance And do their passwords conform to policy? – How effective are enterprise password policies? – How effective is password self service and/or enterprise single sign-on? 18 © Novell, Inc. All rights reserved.
  19. 19. Demonstration
  20. 20. Use Cases 1. User Provisioned 2. Workflow Process 3. Access Granted 4. User Access 5. Separation-of-Duty (SoD) violation 6. Employee Termination 7. Rogue Administration 8. Attestation 20 © Novell, Inc. All rights reserved.
  21. 21. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×