SlideShare a Scribd company logo

20111012 Sap Datasheet Site

N
Nicola_Milone
1 of 4
Download to read offline
WhiteOPS ™ for SAP Identity Intelligence. Plus. SAP application, in accordance with its business role, holds good deal of sensitive information and will usually be in the center of internal and external audit processes. WhiteOPS™ offers the industry's most holistic solution for protecting your SAP. Introduction WhiteOPS™ Enables You To Whitebox Security is an Identity Intelligence solution provider. WhiteOPS™, the core solution, incorporates all the required key capabilities in this field. It addresses the following key identity intelligence questions:  Who did what?  When and where did access occur?  Who has access to what?  Who should have access to what?  Who reviewed and approved what? With WhiteOPS™ You Can In addition, WhiteOPS™ addresses the following two questions, providing a full identity intelligence solution:  Monitor privileged and unprivileged users.  Monitor field level view and change activities.  Who / What does not comply with policy?  Who / What risks my business and how?  Analyze effective permissions for every user and role.  Detect usage patterns and unused users and roles. Why Should You Care?  Control access to resources and respond to violations.  You don't know in real-time what users are actually  Detect and easily manage and solve SoD conflicts. doing.  Proactively avoid SoD conflicts using What-If analysis.  You don't know whether sensitive transactions are  Manage access certification and attestation processes. being executed by unauthorized personnel.  Manage ITGC controls with best practices.  You want to achieve sustainable and on-going compliance.  Get all the above for various business applications (ERP, File Servers, SharePoint, Exchange, Home Grown)  You suspect many users have excess privileges in your from one security console. SAP application, some violating SoD policy.  You think you have unused resources. (Users, Roles, Licenses, etc.) Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 1
WhiteOPS™ Product Overview Main Capabilities Identity and Activity Monitoring Answering two key Identity Intelligence questions: WhiteOPS™ cross examines the defined roles with the  Who did what? actual roles being used. This allows WhiteOPS™ to  When and where did access occur? determine which roles a user should possess and as a These two capabilities are the cornerstone of our suite. result which he shouldn't possess. You may use this WhiteOPS™ monitors each type of application using capability to delete unused users and roles and by that purpose built software. Our SAP solution is 'SAP certified' reduce licenses and operational costs. by SAP and is real-time and non- Policy Compliance intrusive by nature. It also Answering two key identity enables monitoring view and intelligence questions: change actions of specific fields  Who / What does not inside a transaction, a comply with policy? WhiteOPS™ unique. This capability is built of three Furthermore, WhiteOPS™ sub-capabilities: supplies the security context by  (i) Real-Time Unified Policy. enriching each activity with its  (ii) Segregation of Duties (SoD). complimentary security attributes  (iii) Business Asset Compliance. regarding the user, machine and session from the IT Real-Time Unified Policy security systems (e.g. HR Modules, Microsoft AD, FWs, WhiteOPS™ patent-pending real-time unified policy etc.). This assures a complete 360° security context for engine is an industry first. It allows defining both negative each activity that is relevant to the event execution time. (Define violation, all other cases are approved) and positive (Define approved cases, all other cases are WhiteOPS™ enables an innovative forensics mechanism violations) rules and respond to each violation separately. that enables you to ask questions and get answers. A question can be based on every monitored and enriched A rule is a pattern defined based on the attributes from security attribute. the activity itself, as well as data enriched from various policy providers. Each attribute is related to a specific WH Using this tailor-made monitoring solution, WhiteOPS™ question. This allows quick and easy building of rules. time-to-value is fast and turnovers are quickly achieved. A Violation of a rule will trigger configurable responses to Role Analytics allow mitigation of a risk or a compensating control. Answering two key Identity Intelligence questions: An example rule can be: a user executing a financial  Who has access to what? transaction should be a member of the Finance  Who should have access to what? department, use smart-card authentication and have This capability enables to view and analyze permissions, specific finance roles in the Identity Management system. roles and their usage for all of the monitored applications. Another example would be: send immediate email Detect duplicate permissions, Collector users (Aggregating notification to the CISO when a user with a 'junior permissions while switching positions) or any other accountant' job releases an invoice that is over 10K$. permissions management anomaly in a click of a button. Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 2
WhiteOPS™ Product Overview Policy definitions can be WhiteOPS™ offers you no more surprises. Just schedule done explicitly using our the compliance checks and controls relevant for your Policy Editor or the organization from our best practices knowledge base or innovative Policy Wizard easily create your custom checks and controls. that is based on analysis of WhiteOPS™ will handle the reminders, execution and actual usage of a resource. needed approvals so you will get a true on-going Segregation of Duties (SoD) compliance solution. SoD is a concept for identifying users with the potential Example to an out-of-the-box control is permissions for completing business processes on their own. These attestation process that is available to all your business users can (potentially) perform frauds or mistakes which applications from a single point in the same way. can bring heavy financial results to the organization. Impact Analysis WhiteOPS™ contains a complete Segregation of Duties Answering the key identity intelligence question: (SoD) solution. Starting from easily customizing the out-of-  Who / What risks my business and how? the-box SoD Policy to fit your company requirements, This capability will correlate all the information created by through managing SoD violations, exceptions and all the other capabilities into prioritized business compensation controls. Historical data is saved and information. For example, an IT user who reads a mail of a analyzed to produce trends analysis. colleague is severe but an IT user who issues 500 MRBR WhiteOPS™ SoD policy fully supports authorization object (Invoice release) transactions in an hour can be level rules and variables (e.g. Organization ID) to minimize catastrophic. false positives and provide greater accuracy. WhiteOPS™ will change alerts priorities, notify you on WhiteOPS™ enables to proactively analyze permission upcoming compliance checks, send Emails and text changes effects to the SoD policy compliance using its messages when needed so you will always be aware and powerful What-If analysis engine. Integration of the handle the most urgent and important issues first. analysis to a permission change process on various IDM All the impact analysis information is centralized on a systems is available. dynamic Dashboard screen that contains customizable widgets. Each SoD violations are fairly complicated and hard to solve. widget can be WhiteOPS™ provides a root-cause-analysis for each SoD replaced so violation so all the available paths for resolution would be that every user crystal clear in seconds. will get the Business Asset Compliance view that fits Every organization has dozens of compliance checks to be him the most. executed on timely basis, whether regulation related or not, it is not an easy task to perform since most of the organizations are surprised on the day of an audit. Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 3
WhiteOPS™ Product Overview WhiteOPS™ Advantages WhiteOPS™ Monitors Portfolio WhiteOPS™ is a platform WhiteOPS™ enables you to get all the benefits of purpose- built software in a platform. All of WhiteOPS™ screens are designed to treat the same for information originated in different business applications. Rapid Time To Value WhiteOPS™ POCs usually take less than a week to complete. Production implementation projects usually take less than a month. In some territories, Whitebox has cooperation with major accountant firms like Deloitte, Ernst & Young and KPMG, resulting in compliance controls Why Whitebox Security? and SoD policy that are tailored-made to the customer. Whitebox Security is the first company to focus on Data Enrichment purpose built identity intelligence platform. The company WhiteOPS™ is equipped with an innovative and patent- has been named one of the top 10 innovative security pending data enrichment mechanism. Every monitored companies in 2010 by the RSA conference. activity is enriched by data regarding the user, machine Whitebox Security is fast growing with proven success and session from organizational security systems like record as a solution provider to top ISPs, Financial directory services, HR modules, IDM systems and more. Services, Retail and defense industries companies. All information is going through a data dictionary, no text Among our customers you can find: blobs. That way, every activity can be understood by anyone, regardless of his technical skills. Forensics Capabilities WhiteOPS™ allows you to ask anything. Literally ask. Using the advanced forensics mechanism you can, for example, ask for all the activities made on business transactions by workers from the IT department. Contact Information Policy Compliance Whitebox Security Ltd. WhiteOPS™ enables you to manage a complete audit P.O. Box 1025 process starting from controls execution, reviews and Tel Aviv, 61009 approvals and easily producing the needed reports to the Israel auditor. Best practices are supplied out-of-the-box. T:+972-54-2452840 F:+972-3-7602007 Proactivity sales@whiteboxsecurity.com WhiteOPS™ provides proactive insights by simulating affects to policy compliance by permission changes made in a monitored system. Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 4

Recommended

PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote VendorsObserveIT
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingAndris Soroka
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Systems, Inc.
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 

Recommended

PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote VendorsObserveIT
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingAndris Soroka
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Systems, Inc.
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Systems, Inc.
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business casepmcbrideva1
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Systems, Inc.
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Managing Passwords for Mobile Users
Managing Passwords for Mobile Users Managing Passwords for Mobile Users
Managing Passwords for Mobile Users Hitachi ID Systems, Inc.
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh D
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingAlienVault
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 
Sistem informasi
Sistem informasiSistem informasi
Sistem informasiwiws
 
January 22 ESP 179 Hydro
January 22 ESP 179 HydroJanuary 22 ESP 179 Hydro
January 22 ESP 179 HydroCEQAplanner
 

More Related Content

What's hot

PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Systems, Inc.
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business casepmcbrideva1
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh D
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingAlienVault
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 

What's hot (20)

PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security Analysis
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 
Managing Passwords for Mobile Users
Managing Passwords for Mobile Users Managing Passwords for Mobile Users
Managing Passwords for Mobile Users
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner Event
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
 

Viewers also liked

Sistem informasi
Sistem informasiSistem informasi
Sistem informasiwiws
 
January 22 ESP 179 Hydro
January 22 ESP 179 HydroJanuary 22 ESP 179 Hydro
January 22 ESP 179 HydroCEQAplanner
 
WABO presentatie DIV SCD/De Waard
WABO presentatie DIV SCD/De WaardWABO presentatie DIV SCD/De Waard
WABO presentatie DIV SCD/De WaardRobinlassche01
 
Presentation Procedure
Presentation ProcedurePresentation Procedure
Presentation ProcedureADHP
 
Calendario económico abril 2011 Global Securities
Calendario económico abril 2011 Global SecuritiesCalendario económico abril 2011 Global Securities
Calendario económico abril 2011 Global SecuritiesGlobal Securities
 
Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?Virtual Forge
 
Humanitarian efforts at the university of virginia school of law
Humanitarian efforts at the university of virginia school of lawHumanitarian efforts at the university of virginia school of law
Humanitarian efforts at the university of virginia school of lawSteven Guynn
 
1112 presentatie formatie_taakbeleid_medewerkers_120531
1112 presentatie formatie_taakbeleid_medewerkers_1205311112 presentatie formatie_taakbeleid_medewerkers_120531
1112 presentatie formatie_taakbeleid_medewerkers_120531Sintermeertencollege
 
Boas novas que anunciam a paz
Boas novas que anunciam a pazBoas novas que anunciam a paz
Boas novas que anunciam a pazCorreios
 
12th european biomass conference amsterdam 2002
12th european biomass conference amsterdam 200212th european biomass conference amsterdam 2002
12th european biomass conference amsterdam 2002Sylvain Martin
 
Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...
Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...
Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...TELECOM I+D 2011
 
Ge mc kinsey matrix powerpoint ppt slides.
Ge mc kinsey matrix powerpoint ppt slides.Ge mc kinsey matrix powerpoint ppt slides.
Ge mc kinsey matrix powerpoint ppt slides.SlideTeam.net
 

Viewers also liked (19)

Sistem informasi
Sistem informasiSistem informasi
Sistem informasi
 
January 22 ESP 179 Hydro
January 22 ESP 179 HydroJanuary 22 ESP 179 Hydro
January 22 ESP 179 Hydro
 
La autoestma 2
La autoestma 2La autoestma 2
La autoestma 2
 
WABO presentatie DIV SCD/De Waard
WABO presentatie DIV SCD/De WaardWABO presentatie DIV SCD/De Waard
WABO presentatie DIV SCD/De Waard
 
Presentation Procedure
Presentation ProcedurePresentation Procedure
Presentation Procedure
 
Calendario económico abril 2011 Global Securities
Calendario económico abril 2011 Global SecuritiesCalendario económico abril 2011 Global Securities
Calendario económico abril 2011 Global Securities
 
Romberger 1933 drosophila
Romberger 1933 drosophilaRomberger 1933 drosophila
Romberger 1933 drosophila
 
Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?
 
Humanitarian efforts at the university of virginia school of law
Humanitarian efforts at the university of virginia school of lawHumanitarian efforts at the university of virginia school of law
Humanitarian efforts at the university of virginia school of law
 
1112 presentatie formatie_taakbeleid_medewerkers_120531
1112 presentatie formatie_taakbeleid_medewerkers_1205311112 presentatie formatie_taakbeleid_medewerkers_120531
1112 presentatie formatie_taakbeleid_medewerkers_120531
 
M leg directiva_80_68_cee_textoconsolidado
M leg directiva_80_68_cee_textoconsolidadoM leg directiva_80_68_cee_textoconsolidado
M leg directiva_80_68_cee_textoconsolidado
 
4c. vlissingen
4c. vlissingen4c. vlissingen
4c. vlissingen
 
Boas novas que anunciam a paz
Boas novas que anunciam a pazBoas novas que anunciam a paz
Boas novas que anunciam a paz
 
12th european biomass conference amsterdam 2002
12th european biomass conference amsterdam 200212th european biomass conference amsterdam 2002
12th european biomass conference amsterdam 2002
 
Relief 2.0, B2B and Enterprise
Relief 2.0, B2B and EnterpriseRelief 2.0, B2B and Enterprise
Relief 2.0, B2B and Enterprise
 
Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...
Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...
Mesa Redonda: "Innovación en la Smart City como impulsora del nuevo modelo pr...
 
Ge mc kinsey matrix powerpoint ppt slides.
Ge mc kinsey matrix powerpoint ppt slides.Ge mc kinsey matrix powerpoint ppt slides.
Ge mc kinsey matrix powerpoint ppt slides.
 
Conceptos
ConceptosConceptos
Conceptos
 
Eq31941949
Eq31941949Eq31941949
Eq31941949
 

Similar to 20111012 Sap Datasheet Site

SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONInfosec Train
 
Dynamics - Administre sus usuarios, roles y perfiles en SAP
Dynamics - Administre sus usuarios, roles y perfiles en SAPDynamics - Administre sus usuarios, roles y perfiles en SAP
Dynamics - Administre sus usuarios, roles y perfiles en SAPTomas Martinez
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityHorst Walther
 
Sailpoint Identity IQ Online Training.pptx
Sailpoint Identity IQ Online Training.pptxSailpoint Identity IQ Online Training.pptx
Sailpoint Identity IQ Online Training.pptxJayanthvisualpath
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
SAM Services powered by AUPIT
SAM Services powered by AUPITSAM Services powered by AUPIT
SAM Services powered by AUPITJames Galera
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Securitybrunomase
 
CSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 BrochureCSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 BrochureCSI tools
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprisehardik soni
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 

Similar to 20111012 Sap Datasheet Site (20)

SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
Dynamics - Administre sus usuarios, roles y perfiles en SAP
Dynamics - Administre sus usuarios, roles y perfiles en SAPDynamics - Administre sus usuarios, roles y perfiles en SAP
Dynamics - Administre sus usuarios, roles y perfiles en SAP
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process Agility
 
Sailpoint Identity IQ Online Training.pptx
Sailpoint Identity IQ Online Training.pptxSailpoint Identity IQ Online Training.pptx
Sailpoint Identity IQ Online Training.pptx
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
SAM Services powered by AUPIT
SAM Services powered by AUPITSAM Services powered by AUPIT
SAM Services powered by AUPIT
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
CSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 BrochureCSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 Brochure
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprise
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 

20111012 Sap Datasheet Site

  • 1. WhiteOPS ™ for SAP Identity Intelligence. Plus. SAP application, in accordance with its business role, holds good deal of sensitive information and will usually be in the center of internal and external audit processes. WhiteOPS™ offers the industry's most holistic solution for protecting your SAP. Introduction WhiteOPS™ Enables You To Whitebox Security is an Identity Intelligence solution provider. WhiteOPS™, the core solution, incorporates all the required key capabilities in this field. It addresses the following key identity intelligence questions:  Who did what?  When and where did access occur?  Who has access to what?  Who should have access to what?  Who reviewed and approved what? With WhiteOPS™ You Can In addition, WhiteOPS™ addresses the following two questions, providing a full identity intelligence solution:  Monitor privileged and unprivileged users.  Monitor field level view and change activities.  Who / What does not comply with policy?  Who / What risks my business and how?  Analyze effective permissions for every user and role.  Detect usage patterns and unused users and roles. Why Should You Care?  Control access to resources and respond to violations.  You don't know in real-time what users are actually  Detect and easily manage and solve SoD conflicts. doing.  Proactively avoid SoD conflicts using What-If analysis.  You don't know whether sensitive transactions are  Manage access certification and attestation processes. being executed by unauthorized personnel.  Manage ITGC controls with best practices.  You want to achieve sustainable and on-going compliance.  Get all the above for various business applications (ERP, File Servers, SharePoint, Exchange, Home Grown)  You suspect many users have excess privileges in your from one security console. SAP application, some violating SoD policy.  You think you have unused resources. (Users, Roles, Licenses, etc.) Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 1
  • 2. WhiteOPS™ Product Overview Main Capabilities Identity and Activity Monitoring Answering two key Identity Intelligence questions: WhiteOPS™ cross examines the defined roles with the  Who did what? actual roles being used. This allows WhiteOPS™ to  When and where did access occur? determine which roles a user should possess and as a These two capabilities are the cornerstone of our suite. result which he shouldn't possess. You may use this WhiteOPS™ monitors each type of application using capability to delete unused users and roles and by that purpose built software. Our SAP solution is 'SAP certified' reduce licenses and operational costs. by SAP and is real-time and non- Policy Compliance intrusive by nature. It also Answering two key identity enables monitoring view and intelligence questions: change actions of specific fields  Who / What does not inside a transaction, a comply with policy? WhiteOPS™ unique. This capability is built of three Furthermore, WhiteOPS™ sub-capabilities: supplies the security context by  (i) Real-Time Unified Policy. enriching each activity with its  (ii) Segregation of Duties (SoD). complimentary security attributes  (iii) Business Asset Compliance. regarding the user, machine and session from the IT Real-Time Unified Policy security systems (e.g. HR Modules, Microsoft AD, FWs, WhiteOPS™ patent-pending real-time unified policy etc.). This assures a complete 360° security context for engine is an industry first. It allows defining both negative each activity that is relevant to the event execution time. (Define violation, all other cases are approved) and positive (Define approved cases, all other cases are WhiteOPS™ enables an innovative forensics mechanism violations) rules and respond to each violation separately. that enables you to ask questions and get answers. A question can be based on every monitored and enriched A rule is a pattern defined based on the attributes from security attribute. the activity itself, as well as data enriched from various policy providers. Each attribute is related to a specific WH Using this tailor-made monitoring solution, WhiteOPS™ question. This allows quick and easy building of rules. time-to-value is fast and turnovers are quickly achieved. A Violation of a rule will trigger configurable responses to Role Analytics allow mitigation of a risk or a compensating control. Answering two key Identity Intelligence questions: An example rule can be: a user executing a financial  Who has access to what? transaction should be a member of the Finance  Who should have access to what? department, use smart-card authentication and have This capability enables to view and analyze permissions, specific finance roles in the Identity Management system. roles and their usage for all of the monitored applications. Another example would be: send immediate email Detect duplicate permissions, Collector users (Aggregating notification to the CISO when a user with a 'junior permissions while switching positions) or any other accountant' job releases an invoice that is over 10K$. permissions management anomaly in a click of a button. Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 2
  • 3. WhiteOPS™ Product Overview Policy definitions can be WhiteOPS™ offers you no more surprises. Just schedule done explicitly using our the compliance checks and controls relevant for your Policy Editor or the organization from our best practices knowledge base or innovative Policy Wizard easily create your custom checks and controls. that is based on analysis of WhiteOPS™ will handle the reminders, execution and actual usage of a resource. needed approvals so you will get a true on-going Segregation of Duties (SoD) compliance solution. SoD is a concept for identifying users with the potential Example to an out-of-the-box control is permissions for completing business processes on their own. These attestation process that is available to all your business users can (potentially) perform frauds or mistakes which applications from a single point in the same way. can bring heavy financial results to the organization. Impact Analysis WhiteOPS™ contains a complete Segregation of Duties Answering the key identity intelligence question: (SoD) solution. Starting from easily customizing the out-of-  Who / What risks my business and how? the-box SoD Policy to fit your company requirements, This capability will correlate all the information created by through managing SoD violations, exceptions and all the other capabilities into prioritized business compensation controls. Historical data is saved and information. For example, an IT user who reads a mail of a analyzed to produce trends analysis. colleague is severe but an IT user who issues 500 MRBR WhiteOPS™ SoD policy fully supports authorization object (Invoice release) transactions in an hour can be level rules and variables (e.g. Organization ID) to minimize catastrophic. false positives and provide greater accuracy. WhiteOPS™ will change alerts priorities, notify you on WhiteOPS™ enables to proactively analyze permission upcoming compliance checks, send Emails and text changes effects to the SoD policy compliance using its messages when needed so you will always be aware and powerful What-If analysis engine. Integration of the handle the most urgent and important issues first. analysis to a permission change process on various IDM All the impact analysis information is centralized on a systems is available. dynamic Dashboard screen that contains customizable widgets. Each SoD violations are fairly complicated and hard to solve. widget can be WhiteOPS™ provides a root-cause-analysis for each SoD replaced so violation so all the available paths for resolution would be that every user crystal clear in seconds. will get the Business Asset Compliance view that fits Every organization has dozens of compliance checks to be him the most. executed on timely basis, whether regulation related or not, it is not an easy task to perform since most of the organizations are surprised on the day of an audit. Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 3
  • 4. WhiteOPS™ Product Overview WhiteOPS™ Advantages WhiteOPS™ Monitors Portfolio WhiteOPS™ is a platform WhiteOPS™ enables you to get all the benefits of purpose- built software in a platform. All of WhiteOPS™ screens are designed to treat the same for information originated in different business applications. Rapid Time To Value WhiteOPS™ POCs usually take less than a week to complete. Production implementation projects usually take less than a month. In some territories, Whitebox has cooperation with major accountant firms like Deloitte, Ernst & Young and KPMG, resulting in compliance controls Why Whitebox Security? and SoD policy that are tailored-made to the customer. Whitebox Security is the first company to focus on Data Enrichment purpose built identity intelligence platform. The company WhiteOPS™ is equipped with an innovative and patent- has been named one of the top 10 innovative security pending data enrichment mechanism. Every monitored companies in 2010 by the RSA conference. activity is enriched by data regarding the user, machine Whitebox Security is fast growing with proven success and session from organizational security systems like record as a solution provider to top ISPs, Financial directory services, HR modules, IDM systems and more. Services, Retail and defense industries companies. All information is going through a data dictionary, no text Among our customers you can find: blobs. That way, every activity can be understood by anyone, regardless of his technical skills. Forensics Capabilities WhiteOPS™ allows you to ask anything. Literally ask. Using the advanced forensics mechanism you can, for example, ask for all the activities made on business transactions by workers from the IT department. Contact Information Policy Compliance Whitebox Security Ltd. WhiteOPS™ enables you to manage a complete audit P.O. Box 1025 process starting from controls execution, reviews and Tel Aviv, 61009 approvals and easily producing the needed reports to the Israel auditor. Best practices are supplied out-of-the-box. T:+972-54-2452840 F:+972-3-7602007 Proactivity sales@whiteboxsecurity.com WhiteOPS™ provides proactive insights by simulating affects to policy compliance by permission changes made in a monitored system. Whitebox Security 2011 ©, All Rights Reserved http://www.whiteboxsecurity.com Page 4