From Reactive To Automated:Reducing Costs Through Mature Security Processes<br />Jörn Dierks<br />ChiefSecurityStrategist ...
Solving Cross-Discipline Problems<br />2<br />Process<br />People<br />Technology<br />Infrastructure & Applications<br />...
Process<br />People<br />Technology<br />Infrastructure & Applications<br />Provisioning<br />HR<br />Cross-Product Integr...
The Role of IT Process Automation –Bridging Silos Between Business and IT<br />Tools<br />Tools<br />Business<br />Configu...
5<br />Security & Compliance<br />Performance & Availability <br />Identity & Access<br />5<br />© 2010 NetIQ Corporation....
Track privileged user activity
Protect the integrity of key systems and files
Monitor access to sensitive information
Simplify compliance reporting</li></ul>IT Process<br />Automation<br /><ul><li>Monitor and manage heterogeneous environmen...
IT Service validation and end-user performance  monitoring
Dynamic provisioning of  large-scale monitoring with exceptions
Functional and hierarchical Incident escalation
Deliver & manage differentiated service levels
User Provisioning Lifecycle Management
Centralize Unix account management through Active Directory
Reduce number of privileged users
Secure delegated administration
Windows and Exchange Migration</li></li></ul><li>Addressing Insider Threat<br />Privileged User Monitoring<br />Addressing...
Upcoming SlideShare
Loading in …5
×

From reactive to automated reducing costs through mature security processes info security europe 2011

1,510 views
1,439 views

Published on

Addressing Human Vulnerabilities that Bedevil IT Security:

All systems are susceptible to the social engineering techniques that lie at the root of some or all the well publicized security incidents. But why can’t the industry do more to design out the human vulnerabilities that continue to bedevil even the best security systems?

It is important to understand that good security is ultimately a people issue and that while updating rules in technology to keep pace with threats is reasonably easy, changing human behaviour – and thus reducing the risks of social engineering – is much more difficult to do and maintain consistently.

Automated intelligence and control is the logical next step for how security management solutions solve problems in more complex, fast moving environments. The urgency to make business exception management and end-user policy management more fit for purpose is driven by how regulators are becoming more proactive and demanding.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,510
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

From reactive to automated reducing costs through mature security processes info security europe 2011

  1. 1. From Reactive To Automated:Reducing Costs Through Mature Security Processes<br />Jörn Dierks<br />ChiefSecurityStrategist EMEA<br />joern.dierks@netiq.com<br />
  2. 2. Solving Cross-Discipline Problems<br />2<br />Process<br />People<br />Technology<br />Infrastructure & Applications<br />Provisioning<br />HR<br />Compliance<br />Helpdesk<br />NetIQ<br />NOC<br />Incident<br />Security<br />Change<br />Business<br />Owners<br />Other Mgmt Vendors<br />Business Processes<br />
  3. 3. Process<br />People<br />Technology<br />Infrastructure & Applications<br />Provisioning<br />HR<br />Cross-Product Integration <br />Compliance<br />Helpdesk<br />NetIQ<br />NOC<br />Incident<br />Security<br />Change<br />Business<br />Owners<br />Other Mgmt Vendors<br />Business Processes<br />Solving Cross-Discipline Problems<br />3<br />
  4. 4. The Role of IT Process Automation –Bridging Silos Between Business and IT<br />Tools<br />Tools<br />Business<br />Configuration & Identity Auditing<br />Service / Help Desk<br />Security Info & Event Management<br />Event Correlation & Analysis<br />IT GRCM<br />SLM<br />IT Process<br />Automation<br />Vulnerability Assessment<br />Systems & App Monitoring <br />Perimeter & Network Security<br />Network Monitoring<br />Content Monitoring / DLP<br />Response Time<br />Monitoring<br />Operations<br />Security<br />Policy<br />Awareness<br />Configuration & Patch Management<br />CMDB<br />AV / Malware Protection<br />Identity Management<br />Responsibilities Shared between Security & Operations<br />Continuity<br />Management<br />Capacity & Availability<br />Management<br />Release<br />Management<br />Incident & Problem <br />Management<br /> Configuration & Change<br />Management<br />
  5. 5. 5<br />Security & Compliance<br />Performance & Availability <br />Identity & Access<br />5<br />© 2010 NetIQ Corporation. All rights reserved.<br />About NetIQ<br /><ul><li>Manage and audit user entitlements
  6. 6. Track privileged user activity
  7. 7. Protect the integrity of key systems and files
  8. 8. Monitor access to sensitive information
  9. 9. Simplify compliance reporting</li></ul>IT Process<br />Automation<br /><ul><li>Monitor and manage heterogeneous environments including custom applications
  10. 10. IT Service validation and end-user performance monitoring
  11. 11. Dynamic provisioning of large-scale monitoring with exceptions
  12. 12. Functional and hierarchical Incident escalation
  13. 13. Deliver & manage differentiated service levels
  14. 14. User Provisioning Lifecycle Management
  15. 15. Centralize Unix account management through Active Directory
  16. 16. Reduce number of privileged users
  17. 17. Secure delegated administration
  18. 18. Windows and Exchange Migration</li></li></ul><li>Addressing Insider Threat<br />Privileged User Monitoring<br />Addressing Compliance Requirements<br />Business Exception Management<br />End-User Policy Management andAwareness<br />Use-Cases In This Presentation<br />
  19. 19. Security Breachesinvolving Sensitive Business Data<br />
  20. 20. Another Challenge toConsider…<br />Source: “Data Loss RisksDuring Downsizing“, Ponemon Institute LLC, 23 Feb 2009<br />
  21. 21. Policies, procedures and standards<br />Clear guidelines<br />Policies as a key for your organization<br />Standardize assets<br />Identity & access control<br />Data Classification<br />Access control<br />Manage islands of identity<br />(Privileged) User monitoring<br />Audits<br />Not a one-time effort<br />Regular audits<br />Thorough audits<br />Regulations<br />Difficult to do manually<br />Reporting needed<br />Three Important Subjects<br />9<br />Photo by: Giorgio Monteforti: http://www.flickr.com/photos/11139043@N00/1439804758/<br />
  22. 22. Mapping Subjects To Technology<br />B<br />A<br />C<br />Workflow & Process Automation<br />Identity & AccessManagement<br />IT Infrastructure<br /><ul><li> Windows Systems
  23. 23. Unix & Linux Systems
  24. 24. Mac OS Systems
  25. 25. Security & Network Devices
  26. 26. Applications
  27. 27. Users
  28. 28. Groups
  29. 29. etc.</li></ul>Active Directory<br />Policy Management& User Awareness<br />Configuration &Compliance Management<br />Privileged User <br />Monitoring, SIEM<br />
  30. 30. Security Process Automation<br />FORRESTER®<br /> Required  Optional<br />* Determined using the Aegis ROI calculator developed by Forrester Consulting based on a representative customer with 1,000 servers.<br />
  31. 31. Use Case #1<br />Insider ThreatIncident Automation withPrivileged User Monitoring<br />
  32. 32. Automated IncidentManagement Workflow<br />13<br />DataWarehouse<br />CMDB<br />Change Management<br />Incident Management Console<br />Workflow / Process<br />Event<br />Administrator<br />Automated event detection & response:<br /><ul><li>Reduces time to response
  33. 33. Improves Auditability
  34. 34. Provides better consistency
  35. 35. Lowers impact on administrators</li></ul>Remediation<br />
  36. 36. Use Case #2<br />Business Exception Management Automation in Compliance Management<br />
  37. 37. 8<br />Workflow / Process<br />1. Policy Templates assess compliance<br /><ul><li>NetIQ Secure Configuration Manager detects non-compliant systems</li></ul>3<br />SystemOwner<br />2.Secure Configuration Manager tells Aegis about the Compliance problem<br /><ul><li>Aegis starts Non-Compliance Workflow</li></ul>9<br />4<br />3. Aegis emails the system owner<br /><ul><li>Informs about the problems found</li></ul>Approval & ExceptionManagement Process<br />System Owner analyzes the issues<br /><ul><li>Then he tells Aegis that he wants to create an exception for one of the issues</li></ul>7<br />5<br />2<br />10<br />5. Aegis informs the Security Officer about the exception creation request<br /><ul><li>Ensures that no exceptions get created without approval</li></ul>6<br />Compliance & Configuration Management<br />SecurityOfficer<br />6.Security Officer approves exception request<br /><ul><li>He can do that either by email or through the Aegis web console</li></ul>Results:<br /><ul><li>No exceptions get created without prior approval
  38. 38. Security Processes are followed through
  39. 39. Compliance Issues are tracked consistently
  40. 40. There’s always a consistent result of a workflow</li></ul>7.Aegis creates the exception in NetIQ Secure Configuration Manager and approves the exception<br /><ul><li>All details about the approvals process are added into the notes section of the exception</li></ul>10<br />1<br />8. Administrator is notified about the exception approval and creation<br /><ul><li>Also, he’s asked if he wants to re-run the policy template</li></ul>Manual Workload<br />Automated Workload<br />9.The System Owner confirms…<br />10. Aegis tells Secure Configuration Manager to re-run the Policy Templates<br />Business System<br />
  41. 41. Where do I start? – Process Automation Lifecycle<br />
  42. 42. Policies, proceduresandstandards<br />Clear guidelines<br />Policiesas a keyforyourorganization<br />Standardizeassets<br />AchievePolicy Compliance<br />Configuration & Compliance Management<br />AutomatedException & Approval Management<br />Monitor Privileged User Activity<br />SIEM & Access Monitoring<br />AutomatedIncident Management, Escalation & Alerting<br />Summary – Remember… 1… 2… 3…!<br />B<br />A<br />C<br />Workflow & Process Automation<br />Identity & AccessManagement<br />IT Infrastructure<br /><ul><li> Windows Systems
  43. 43. Unix & Linux Systems
  44. 44. Mac OS Systems
  45. 45. Security & Network Devices
  46. 46. Applications
  47. 47. Users
  48. 48. Groups
  49. 49. etc.</li></ul>Active Directory<br />Policy Management& User Awareness<br />Configuration &Compliance Management<br />Privileged User <br />Monitoring, SIEM<br />

×