Compliance<br />
Quest Compliance Suite<br />for Exchange<br />for File Access<br />for SharePoint *<br /><ul><li>Visibility to an expected...
Visibility to an expected operational policy (user provisioning process)
Visibility of end user access (permissions)
Forensic analysis to determine who, what, when and how the deviation occurred from the assess phase
Notify of any changes to the expected state
Preventative controls to address the deviation from ever occurring in the first place
Address issue immediately
Document that the deviation is an exception and therefore authorized</li></li></ul><li>Quest ActiveRoles Server<br />Pract...
Introducing ActiveRoles Server<br />Practical Provisioning, Management, and Security for Active Directory, AD LDS and Beyo...
Key Features<br />Provisioning<br />End-to-End User and Group Lifecycle Management<br />Automatic User and Group Provision...
ActiveRoles Server<br />Provisioning<br />
Identity Lifecycle Management<br /><ul><li>Access to Applications Granted
Accounts in Connected Systems Created
E-mail notifications</li></ul>New User is Provisioned (Hire)<br /><ul><li>User Account Creation
Mailbox and Home Folders Creation
Group and Distribution List Memberships</li></ul>Identity Administration<br /><ul><li>Information updates
Group and Distribution List Membership Changes
Self-service</li></ul>Deprovision (Retire)<br /><ul><li>Employment Status Changes
Disable Accounts
Disable Access to Resources
Assign Entitlements to others</li></ul>Reprovisioning (Promotion)<br /><ul><li>Promotions or Transfers
Project Assignments
Information updates</li></li></ul><li>Automated User andGroup Provisioning<br />Create User<br />
ActiveRoles Server<br />Management<br />
Efficient Group Management<br />Efficiency<br />Extensive Group Management functionality saves Time, makes administrators ...
Web Based Day-to-Day Adminand Help Desk Web Consoles<br />Simplifies day-to-day tasks and reduces administrative costs<br ...
Empower UsersThrough Self-Service<br /><ul><li>Off-load personal information management with Self-Service </li></ul>Decrea...
ARS Mgmt Shell for AD<br /><ul><li>What is PowerShell?</li></ul>New command line interface from Microsoft<br />More “Unix”...
Controlled Administrationwith Roles and Rules<br />Provides administrative layer between users and Active Directory, for s...
Roles Based Delegation<br />Sr. Administrator<br />Exchange Admins<br />OU Admins / Help Desk<br />Application / Data Owne...
Prevent Un-wanted Changewith Approval Workflow<br />Management<br />Solution<br />Remediation -<br />Deprovision<br />Grou...
Upcoming SlideShare
Loading in...5
×

Compliance

804

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
804
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Compliance

  1. 1. Compliance<br />
  2. 2. Quest Compliance Suite<br />for Exchange<br />for File Access<br />for SharePoint *<br /><ul><li>Visibility to an expected configuration state (server hardening document)
  3. 3. Visibility to an expected operational policy (user provisioning process)
  4. 4. Visibility of end user access (permissions)
  5. 5. Forensic analysis to determine who, what, when and how the deviation occurred from the assess phase
  6. 6. Notify of any changes to the expected state
  7. 7. Preventative controls to address the deviation from ever occurring in the first place
  8. 8. Address issue immediately
  9. 9. Document that the deviation is an exception and therefore authorized</li></li></ul><li>Quest ActiveRoles Server<br />Practical Provisioning, Management, and Security for Active Directory, AD LDS and Beyond<br />
  10. 10. Introducing ActiveRoles Server<br />Practical Provisioning, Management, and Security for Active Directory, AD LDS and Beyond<br />ActiveRoles Server offers a practical approach to automated Active Directoryuser provisioning and administration, for maximum security and efficiency <br />
  11. 11. Key Features<br />Provisioning<br />End-to-End User and Group Lifecycle Management<br />Automatic User and Group Provisioning and Deprovisioning<br />Management<br />Unified Active Directory and Active Directory Lightweight Directory Services (AD LDS – formerly ADAM) Management<br />Automated group management<br />Interfaces for Day-to-Day administrators, Help Desk, and end user self-service<br />ADSI and PowerShell support for extensibility <br />Security<br />Controlled Administration through Roles and Rules for a true least privilege model <br />Approval Workflow for Change Control<br />Centralized Auditing & Reporting<br />Add-on Applications<br />Quickly and easily connect to existing HR/ERP system or ILM 2007 (MIIS) to provision and synchronize Active Directory<br />Simplified Exchange Resource Forest Management – from a single console<br />Protection for critical DNS Services<br />Compliant & Secure Access Management through Group Membership Self-Service<br />
  12. 12. ActiveRoles Server<br />Provisioning<br />
  13. 13. Identity Lifecycle Management<br /><ul><li>Access to Applications Granted
  14. 14. Accounts in Connected Systems Created
  15. 15. E-mail notifications</li></ul>New User is Provisioned (Hire)<br /><ul><li>User Account Creation
  16. 16. Mailbox and Home Folders Creation
  17. 17. Group and Distribution List Memberships</li></ul>Identity Administration<br /><ul><li>Information updates
  18. 18. Group and Distribution List Membership Changes
  19. 19. Self-service</li></ul>Deprovision (Retire)<br /><ul><li>Employment Status Changes
  20. 20. Disable Accounts
  21. 21. Disable Access to Resources
  22. 22. Assign Entitlements to others</li></ul>Reprovisioning (Promotion)<br /><ul><li>Promotions or Transfers
  23. 23. Project Assignments
  24. 24. Information updates</li></li></ul><li>Automated User andGroup Provisioning<br />Create User<br />
  25. 25. ActiveRoles Server<br />Management<br />
  26. 26. Efficient Group Management<br />Efficiency<br />Extensive Group Management functionality saves Time, makes administrators more efficient, reduces errors and accuracy ensured by application of consistent policies<br />Improves Administrator efficiency while reducing mistakes and security concerns.<br />Exclude criteria provides separation of duties capability<br />Group Membership Rules<br />Automatically add users to groups based on a common set of policy rules.<br />Dynamic Groups and Group Families<br />Automatically add or remove users to groups according to a set of query based criteria - Bulk creation and population of groups <br />
  27. 27. Web Based Day-to-Day Adminand Help Desk Web Consoles<br />Simplifies day-to-day tasks and reduces administrative costs<br />Provides alternate console for managing Active Directory<br />Configurable with Point-and-click simplicity to meet customer needs<br />Complete management of user, group, computer, and Microsoft Exchange<br />Built with the latest ASP.NET technology<br />
  28. 28. Empower UsersThrough Self-Service<br /><ul><li>Off-load personal information management with Self-Service </li></ul>Decreases help desk calls and IT time <br />Exchange GAL more accurate (info updated more easily/often)<br />Allow employees to determine what personal info is published <br /><ul><li>Users can modifying their own personal data through a easy to use Self-Service web interface, allowing IT to oversee but not perform these time consuming tasks</li></li></ul><li>Extensibility<br />ADSI Scripting<br />Provides support for an Active Directory Service Interfaces (ADSI) that is subject to Rule, Roles and Reporting<br />SDK included<br />
  29. 29. ARS Mgmt Shell for AD<br /><ul><li>What is PowerShell?</li></ul>New command line interface from Microsoft<br />More “Unix” like usage<br />The foundation of Exchange 2007<br /><ul><li>Why is PowerShell Important for ActiveRoles?</li></ul>Provides a command line for ActiveRoles Server<br />Simplifies bulk operations<br />Commands work with or without ActiveRoles Server, but maximum benefit only comes with ActiveRoles ownership<br />ActiveRoles (at Microsoft’s request) is the first and only product to provide PowerShell commands for Active Directory<br />Commands are subject to Rules, Roles and Approvals<br />Microsoft<br />PowerShell<br />
  30. 30. Controlled Administrationwith Roles and Rules<br />Provides administrative layer between users and Active Directory, for strict enforcement of operating policies and to eliminate unregulated access - Enforces “Least Privilege” Model<br />Allows for centralized auditing and reporting of directory-related changes<br />Simplifies the process of delegating rights by abstracting the required delegation into roles (or templates) that can be quickly deployed and easily maintained <br />Controls the administrative rights that individual accounts and groups get in Active Directory through role-based delegation<br />Provides full reporting and import/export capabilities<br />Provides multi-forest support<br />
  31. 31. Roles Based Delegation<br />Sr. Administrator<br />Exchange Admins<br />OU Admins / Help Desk<br />Application / Data Owners<br />End user Self-Service<br />Day-to-Day Admin<br />Active Directory<br />Full Control<br />Computers<br />Domain Controllers<br />AD Architect<br />Mailbox Admin<br />Create Mailbox,<br />Move Mailbox<br />APAC<br />EMEA<br />North America<br />Service Desk<br />New York<br />Create Users/Groups Create Groups<br />Reset Passwords, Unlock Accounts<br />Mexico City<br />Self-Service<br />AD LDS<br />Update personal Information<br />Request Changes<br />ADAM Objects<br />App/Data Owners<br />DNS Servers<br />Change Group Membership<br />DNS Records<br />Job Function<br />Roles <br />Access <br />
  32. 32. Prevent Un-wanted Changewith Approval Workflow<br />Management<br />Solution<br />Remediation -<br />Deprovision<br />Groups<br />Applicationor<br />Data Owner<br />ApprovalWorkflow<br />+ -<br />Manage GroupMembership<br />Or Review<br />Owner<br />Attestation<br />Review<br />Assistants<br />IT Oversight<br />VerificationReports<br />IT Administrator<br />Provides segregation of duties and tracking of request and responses to help with security and compliance<br />
  33. 33. Centralized Reportingand Change History<br />Operations Tracking<br />On-line Administrator Activity Tracking<br />Compliance Checking<br />
  34. 34. QuestIntrust<br />SIEM & <br />AD , File and Exchange Protection<br />
  35. 35. What if you could…<br />Obtain real-time, detailed tracking of all changes to Active Directory (AD) and Group Policy settings?<br />Take corrective actions for undesired changes in AD and ADAM, eliminating downtime and security breaches caused by accidental deletions or modifications?<br />Be notified in real-time when critical events and changes are detected in AD, ensuring your awareness of possible security violations and destructive changes?<br />Ensure adherence to compliance regulations and internal policies by tracking all activity in your Active Directory environment?<br />Protect Active Directory by preventing changes to the most critical Active Directory objects, down to the attribute level including Group Policy Object settings?<br />
  36. 36. InTrustArchitecture Overview<br />InTrust<br />Server<br />Reports<br />Real-Time<br />Store<br />SQL Server SRS<br />Quest Knowledge Portal<br />InTrust Repository<br /><ul><li>Compressed, long-term storage
  37. 37. Correlated Reporting
  38. 38. Real-time Monitoring (Alerts)
  39. 39. Automated log collection
  40. 40. Ensures Log Integrity</li></li></ul><li>Sample InTrustReportAudit Collection Services<br />
  41. 41. Configure File Access Auditfrom a Central Location<br />23<br /><ul><li> Agents and reports can be deployed and configured from a single location
  42. 42. Admins can manage all agent activity from a single console</li></li></ul><li>Configure File Access Auditfrom a Central Location<br />24<br />With the Lockdown feature you have the option to allow access to all users or specific accounts only<br />
  43. 43. Sample reports with drill-down functionality which enablesyou to find exactly what you are looking for<br />All file access activity performed by that user<br />All recently deleted files and by user<br />
  44. 44. More sample reports…<br />Drill down information from file highlighted in red showing all modification to that file and by whom<br />
  45. 45. QuestReporter<br />Baseline,<br />Compliance and Configuratiion<br />
  46. 46. What if you could…<br />Audit administrative rights on your domains, workstations and servers?<br />Ensure that privileges that are granted are in conformance with your formal security policies?<br />Provide configuration reports quickly with the most current information?<br />Have the capability to take action on violations to security policies?<br />Know what changes have taken place to objects in the directory?<br />Satisfy the needs of different data consumers in your organization?<br />
  47. 47. Here’s how it works<br />
  48. 48. User Properties Report<br />
  49. 49. NTFS Security Report<br />
  50. 50. Quest Compliance Suite<br />for Exchange<br />for File Access<br />for SharePoint *<br /><ul><li>Visibility to an expected configuration state (server hardening document)
  51. 51. Visibility to an expected operational policy (user provisioning process)
  52. 52. Visibility of end user access (permissions)
  53. 53. Forensic analysis to determine who, what, when and how the deviation occurred from the assess phase
  54. 54. Notify of any changes to the expected state
  55. 55. Preventative controls to address the deviation from ever occurring in the first place
  56. 56. Address issue immediately
  57. 57. Document that the deviation is an exception and therefore authorized</li>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×