• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Identity Access Management solution
 

Identity Access Management solution

on

  • 616 views

 

Statistics

Views

Total Views
616
Views on SlideShare
616
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Good Afternoon to all of you. It would be great if we could have these sort of systems and people work for us.
  • Jokes Apart ,To set the tone for the discussion we present to you the normalized agenda The challenges that the evolving Information security landscape has created Solutions to address those challenges
  • In the spirit of the caveat for this event we start with a brief overview of the evolving security landscape.
  • Though the slide is self explanatory we would want to stress on two key points pertinent to this slide : Today Information Security is seen as a business enabler Technology discussions and investments are driven by Business imperatives. The Core Business Imperatives are the same for all organizations : Create Shareholder Value by increasing profitability and cutting costs.
  • We realize that you know your challenges better than anybody else . During the course of this discussion we hope to earn the right to solve some of those challenges. Being one of the last speaker’s in this event I have the luxury of skipping some of those; however we would want to draw your attention to some of those that are pertinent from a Security perspective.
  • For all the Security professionals in the audience if you think this of the effort we put in believe me you are not alone ; we are with you. This is what all of us are grappling with . The burden is not of managing the devices or the subsystems; its more of managing them in the context of the overall business goals. It is a never ending cycle of patching, Upgrades, New Versions, and every time you think you have that rock up high, another thing comes out, pushing you back to the bottom. The tale of Sisyphus…. Great way to give away a t-shirt or pen… Find out who knows who Sisyphus was. He was, in Greek mythology, someone who fooled death, and made fun of the Gods. In return, they punished him by giving him a “never ending, thankless task” of pushing a rock up a hill, only to have it slide down.
  • To bring the previous slide down to a more operational level we depict on this slide a sample enterprise network. Though the magnitude of the complexity may vary the underlying complexity is driven by business imperatives. For example couple of years ago allowing an internal LoB application would have been a taboo ; today this is an acceptable practice ; obviously with more Security controls which add to the point threat mitigation solutions already in place. This acceptance has been driven by the business need of having to give access to our mobile workforce , suppliers, partners etc.
  • We talked about the business relevance of technology in the earlier slides. Nowadays we use the words Information & Data interchangeably; for me information with a business relevance is data. Do you think that what we see on this slide , though has lot of information, makes a particular business sense ? The reason being if this information were to be filtered manually for all the IT infrastructure components we would require an army of Security Administrators. To summarize , the following are the challenges that are obvious from this part of the discussion : Overwhelming Flood : Security devices such as firewalls and IDSs overwhelm security staff, generating tens or hundreds of millions of logs each day. There’s no way any company can hire the people it would take to manually review these logs Massive false positives : The vast majority of these logs, or events, are false positives…useless or or insignificant data from “chatty” devices that lack the context or intelligence to ascertain the true threats. Islands of Defense : each device, or each set of devices from an individual vendor, lack any context that is gained by a higher-level view and provides valuable context on what’s going on across devices, across the systems and networks. Heterogeneous consoles : These products each has its own log format, categorization and taxonomy, console and so on. A security person would need to learn and be proficient at each different console for trying to understand what is going on, with millions of logs streaming by all in incompatible formats. The common complaint is “YAC”—yet another console—the last thing a security person wants to try to manage. This means that the security team cannot do their most basic job: identifying, prioritizing, and defending against the highest priority threats. With all these disparate systems, they have no overall view, no overall understanding, no ability to monitor or report on even the most critical aspects of security.
  • Which depicts the attack severity status and count on a particular day.
  • Which depicts the incidents by their status ; whether they have been assigned to an owner or they are still open.
  • Which depicts a report of events grouped by their severity level.
  • This is a topic that is lot spoken about ; instead of going into the details all over again we would just like to add that apart from Regulations like SEBI Clause 49, SOX, etc organizations also have to gear up to implementing standards like ISO 27001 or BS 15000.
  • Let us now look at the solution(s) that address these challenges.
  • The solution is a single integrated system that can collect all the security events and enables security teams to identify, prioritize, and defend against internal & external threats.
  • Transport and Aggregation : Moving Log Data from point A to point B : Security of the data is important at this level, by reducing risk exposure by encrypting and authenticating the data, data transport can be accomplished with high certainty. Aggregation – Taking Data from multiple B level devices and consolidating the data into one system. Data Normalization – Taking the data from disparate log formats, applying taxonomy and creating a flexible single log format. Data Reduction – Reducing the data through deletion of duplicates, combining similar events into a single filtering, or using summary information. Compressing the data also is helpful to reduce bandwidth usage. Correlation : The process of correlating field variables into a unique consolidated event e.g between Cigarette and Smoking. Report : On the Security posture, on compliance etc. This also includes the ability to escalate events through appropriate workflow and also the ability to integrate with Service Desk Systems. Archive : For Historical reporting.
  • You can focus on innovation and growth. We look forward to the opportunity to have more conversations with you about how we can help. Thank you all very much for your time. NEXT SLIDE
  • Novell has responded to changing customer needs with a solution that is uniquely integrated and automated. When you combine security, identity and systems management for one complete view of compliance attestation (prove and track that you’ve taken action) and remediation (take action) Novell is unique in delivering enterprise-wide comprehensive security and compliance management
  • Unified View of all Subsystems
  • Novell Sentinel provides you a comprehensive Security posture across Perimeter Security Devices IT Referential Systems Operating Systems Line of Business Applications
  • Novell’s flagship product, Sentinel , helps organizations manage risk more effectively, improve security metrics and compliance reporting, and reduce security and compliance costs by replacing manual processes with a continuous monitoring and reporting solution for IT controls and systems management. By continuously monitoring activity through automation (vs. point in time sampling through manually reviewing logs), your able to better uncover incidents and remediate those incidents.
  • The iSCALE TM message-bus architecture, allowing customers to easily ride the waves of compliance by scaling quickly and cost-effectively, without an exponential increase in hardware, software and support costs.
  • Apart the pre built collector list Sentinel gives you the ability to build your own collectors resulting in a lower TCO.
  • Active Views provide a comprehensive set of real-time visualization and analytical tools to detect and analyze threats and policy violations. Sentinel 5 takes usability to a new level with one integrated, powerful security and compliance monitoring control center.
  • Sentinel 5 comes with “out-of-the-box” processes that leverage the SANS Institute’s guidelines for incident handling. You can use these pre-defined processes to get instant value and configure your own actions to reflect your organization’s best practices. With Sentinel, you guide, control, monitor and track the current status of violations and the actions taken to date. You can automatically handoff tasks to external systems (e.g., Remedy®, HP ServiceDesk®) and receive updates. An audit trail of all actions is automatically created to support audits. With iTRAC, you can demonstrate compliance to policies and that resolution processes were followed in the event of a policy violation.
  • Sentinel Reports provides valuable insight to executive management and internal and external auditors on policy adherence, violations, and remedial actions, as well as how user activity affects critical assets.

Identity Access Management solution Identity Access Management solution Presentation Transcript

  • Leveraging Information Overload for Effective Security Management
      • Shivaprakash,A.S
      • Pre Sales Head
      • India,Novell
      • [email_address]
  • Agenda
    • About Novell
    • Challenges Created by the Evolving Information Security Landscape
    • Solution’s to address these challenges
    • Summary
    • Demo
    • Q & A
  • Five Key Solution Areas
    • 1 Security and Identity Solutions
    • 2 Data Center Solutions
    • 3 Resource Management Solutions
    • 4 Workgroup Solutions
    • 5 Desktop Solutions
  • Novell Open Workgroup Suite Upto 70% less than an equivalent competing solution. Best of both worlds : Open Source and proprietary Platforms Backed by World class support from Novell
  • Evolution of Information Security Landscape
  • IT security versus information security Business problem Technology problem IT security Information security
    • Firewalls
    • Intrusion detection
    • Viruses, worms
    • System hardening
    • Encryption
    • Intellectual property
    • Business/financial integrity
    • Regulatory compliance
    • Insider abuse
    • Industrial espionage
    • Privacy
    Source: Forrester
  • Challenges..
  • InfoSecurity… The Tale of Sisyphus Wireless Remote Access Identity Application Perimeter
  • Investments in Multiple Point Solutions has led to lesser RoI I N T E R N E T W A N APP SERVER DMZ Public SERVER DMZ VLAN 1 VLAN 2                                                    WLAN VPN Gateway L2 Switch Subnet A Subnet B VLAN 1 VLAN 2 WLAN Handset PDA Java Smart Phone EXTRANET L3 Switch L3 Switch L3 Switch NIDS NIDS NIDS NIDS HIDS HIDS HIDS Firewall & VPN Firewall & VPN                                                                                                                       HTTTPS Application Switch SSL VPN SSL Portal Application Switch L2 Switch L2 Switch L2 Switch 802.1q 802.1x 802.1x 802.1x 802.1x 802.1x 802.1x 802.1x 802.1x WLAN LAN PERIMETER APPLICATIONS Ingress/Egress BW Mgmt Firewall,VPN,Anti Virus,IDS Authentication: 2,3-factor PnP Device Mgmt Removable Media Mgmt
  • What would you rather look at .. This ?? Jun 17 09:42:30 rmarty ifup: Determining IP information for eth0... Jun 17 09:42:35 rmarty ifup: failed; no link present. Check cable? Jun 17 09:42:35 rmarty network: Bringing up interface eth0: failed Jun 17 09:42:38 rmarty sendmail: sendmail shutdown succeeded Jun 17 09:42:38 rmarty sendmail: sm-client shutdown succeeded Jun 17 09:42:39 rmarty sendmail: sendmail startup succeeded Jun 17 09:42:39 rmarty sendmail: sm-client startup succeeded Jun 17 09:43:39 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128 Jun 17 09:45:42 rmarty last message repeated 2 times Jun 17 09:45:47 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128 Jun 17 09:56:02 rmarty vmnet-dhcpd: DHCPDISCOVER from 00:0c:29:b7:b2:47 via vmnet8 Jun 17 09:56:03 rmarty vmnet-dhcpd: DHCPOFFER on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8 Jun 17 09:56:03 rmarty vmnet-dhcpd: DHCPREQUEST for 172.16.48.128 from 00:0c:29:b7:b2:47 via vmnet8 Jun 17 09:56:03 rmarty vmnet-dhcpd: DHCPACK on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:00:03 rmarty crond(pam_unix)[30534]: session opened for user root by (uid=0) Jun 17 10:00:10 rmarty crond(pam_unix)[30534]: session closed for user root Jun 17 10:01:02 rmarty crond(pam_unix)[30551]: session opened for user root by (uid=0) Jun 17 10:01:07 rmarty crond(pam_unix)[30551]: session closed for user root Jun 17 10:05:02 rmarty crond(pam_unix)[30567]: session opened for user idabench by (uid=0) Jun 17 10:05:05 rmarty crond(pam_unix)[30567]: session closed for user idabench Jun 17 10:13:05 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.19/192.168.80.19 to UDP port: 192 Jun 17 10:13:05 rmarty portsentry[4797]: attackalert: Host: 192.168.80.19/192.168.80.19 is already blocked Ignoring Jun 17 10:14:09 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68 Jun 17 10:14:09 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked Ignoring Jun 17 10:14:09 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68 Jun 17 10:14:09 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked Ignoring Jun 17 10:21:30 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68 Jun 17 10:21:30 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked Ignoring Jun 17 10:28:40 rmarty vmnet-dhcpd: DHCPDISCOVER from 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:28:41 rmarty vmnet-dhcpd: DHCPOFFER on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:28:41 rmarty vmnet-dhcpd: DHCPREQUEST for 172.16.48.128 from 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:28:45 rmarty vmnet-dhcpd: DHCPACK on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68 Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked Ignoring Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68 Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked Ignoring Jun 17 10:35:28 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128 Jun 17 10:35:31 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128 Jun 17 10:38:51 rmarty vmnet-dhcpd: DHCPREQUEST for 172.16.48.128 from 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:38:52 rmarty vmnet-dhcpd: DHCPACK on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8 Jun 17 10:42:35 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128 Jun 17 10:42:38 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128
  • Or This !
  • Or This !
  • And this !
  • Regulations, Standards & Compliance
  • Gazing at the Crystal Ball ..
  • Creating Opportunity from the Chaos : SIEM Asset Incident Handling Process Scanning Application Profiles Exposures Incidents Intelligence
  • How the Solutions Work Security Information and Event Management Transport & Aggregate Reduce & Normalize Correlate Report Archive
  • Business Benefits of SIEM
    • Operational Efficiency
      • Monitor More Security and Compliance Controls with Limited Resources
      • Measure the Effectiveness of preventative, detective, and corrective controls
    • Automation of Manual Processes
      • Automating Auditing Preparation and Review of systems against regulatory and internal policy
      • Automate data Collection, Correlation, Reporting and Incident Response
    • Demonstrate Compliance to Policy/Regulation
      • Regulations require organizations to establish, document, and monitor a robust internal IT control environment
      • Continuously monitoring Controls and providing notification of Policy Violations in real-time
  • To help you focus on innovation and growth
  • Our Solutions Have Evolved Too .. Management Security Information & Event Systems Management Identity & Access Management Comprehensive Security & Compliance Leveraging integration and automation to drive down cost and reduce risk
  • Incident Response Threat Management Event Management Identity Management Policy Monitoring Compliance Access Control
  • IDC on the e-Security acquisition In the compliance area, customers want converged solutions that encompass system, identity, access and security event management. With the acquisition of e-Security, Novell is the only vendor with the potential to proactively address business needs for a real-time, comprehensive compliance solution that integrates people, systems and processes . -Chris Christiansen, IDC Vice President of Security Products and Services
  • Analyst and Industry Recognition Leader with Highest Rating for “Completeness of Vision” in SIEM Magic Quadrant, 2005 “ e-Security’s product architecture is supremely scalable and flexible...” “ If we had it to do over, we'd build a message bus architecture like this one [iSCALE] for scalability.” Other SIM solutions reporting to the 451 Group Impact Report (11/10/05) 2nd Consecutive Year! e-Security Receives Highest Rating In InfoWorld’s SEM Test e-Security Wins 2005 Technology Innovation Award
  • Sentinel Product Information and Architecture
  • Solution Benefits
    • View up-to-date reports on security posture
    • Eliminate manual log review and consolidation
    • Identify threats in real-time
    • Contain/remediate attacks quickly
    • Manage risk more effectively
    • Improve proof-of-compliance reporting, security metrics
    • Cut compliance and security costs View up-to-date compliance reports on Critical IT Assets
    • Eliminate manual log review and consolidation
    • Support “tone at the top”
  • Pre-defined Collectors Firewalls Symantec Enterprise Firewall Check Point Firewall-1 CyberGuard ISS BlackICE CISCO PIX SunScreen Sonic Wall Sonicwall Symantec Enterprise Firewall WatchGuard Firebox Juniper Netscreen Intrusion Prevention Symantec ManHunt McAfee IntruShield McAfee Entercept Intrusion Detection (network-based) Symantec Decoy Server CISCO IDS NFR Sentivist IDS Enterasys Dragon Open Source Software Snort Intrusion.com SecureNet ISS RealSecure ISS SiteProtector Juniper Netscreen Sourcefire Sourcefire Routers & Switches Nortel all Cisco all Incident Management BMC Remedy Hewlett-Packard Service Desk Authentication RSA ACE CISCO Secure Access Control Server (ACS) Policy Monitoring Symantec Enterprise Security Manager (ESM) Intrusion Detection (host-based) Open Source Software COPS ISS RealSecure Tripwire Symantec Intruder Alert Manager Patch Management BMC Marimba PatchLink Network Management IBM Tivoli Enterprise Console Hewlett-Packard OpenView BMC Patrol Micromuse Netcool Operating Systems Microsoft Windows NT Microsoft Windows 2000/3 Sun Solaris Sun SunOS Hewlett-Packard HP-UX IBM AIX Red Hat Enterprise SuSE Enterprise AS/400 Anti-Virus Symantec AntiVirus McAfee VirusScan McAfee ePolicy Orchestrator Trend Micro ServerProtect Trend Micro ScanMail Trend Micro InterScan VirusWall ERP PeopleSoft SAP Web Servers Apache Apache Microsoft IIS Microsoft Proxy Netscape Proxy Directory Services LDAP (standard) Active Directory Mainframe ACF2, RACF, Top Secret OS/390 Z/OS HP NonStop Databases Oracle Sybase Microsoft SQL Server MYSQL AB Informix Sybase DB/2 VPN CISCO VPN 3030 CISCO PIX Device Manager Nortel VPN Check Point VPN-1 Vulnerability Assessment ISS Internet Scanner ISS Database Scanner McAfee CyberCop ASaP McAfee Foundstone Qualys QualysGuard Open Source Software Nessus eEye Retina Network Security Scanner
    • Lower TCO
    • Unmatched Performance
    • Build your own Collectors on the fly and collect data from ANY source
    • Collect, parse, normalize and enrich events.
    • Available for many sources
      • Windows, Unix, AS400, Tandems
      • Firewalls, VPN, Routers, Switches
      • Vulnerability Scanners
      • IDS/IPS/Access Control Systems
      • Databases, Mainframes
      • Etc
    • Collect data remotely via
      • Logfile, Socket, Syslog, SSL, SSH, OPSEC, SNMP, ODBC, JDBC, HTTP, WMI and more
    Wizard Collection Technology
    • Real-time Dashboard that delivers under high event loads
    • Detect and Analyze Trends, Threats, Violations
    • Monitor Compliance Controls across the Enterprise
    Security and Compliance Dashboard Detect Violations Faster
    • Enable consistent, repeatable, documented response to violations
    • Creates audit trail, system-of-record
    • Drive metrics (e.g. “mean time to resolution”)
    Resolve and Document Policy Violations Faster
    • Automatically Retrieve Data About Event
    • Vulnerability state of target
    • Patch status
    • Asset details
    • Intelligence data on attack
    • Initiate data-gathering scripts
      • System details
      • Full-content monitoring
    • Assign Incident
    • Individual or Team
    • Accept & Verify Incident Assignment
    • Continue to manage incident locally or send to external system
      • Remedy or HP Service Desk
    • Run Eradication Scripts
    • Perform active actions
      • Shut down port
      • Perform vulnerability analysis
      • Remove foreign programs
    • Run Containment Scripts
    • Gather host & network-based evidence
    • Perform active actions
    • Gain Needed Insight Into IT Controls
      • Discover trends, anomalies
      • Track and report security-related activity on assets impacted by Sarbanes-Oxley, other regulations
    • Improve Proof-of-Compliance Reporting
      • Demonstrate Your Organization
        • Monitors activity on critical IT assets
        • Identifies and analyzes security and compliance incidents
        • Tracks and resolves incidents and policy violations
    • Out-of-Box Reports, Configure Existing Reports, Create Your Own
    Sentinel Reports T: Security Metrics, Compliance Reporting
  • Summary “ Success is a moving target and evolution is the only way forward “
  • Demo
  • Q & A