Change auditing: Who, What, When, Where details for every change with 'before' and 'after' values
Configuration assessment: State-in-time™ reports showing configuration settings at any point in time
More than 200 predefined reports and dashboards with filtering, grouping, sorting, exporting, email subscriptions, drill-down, web access, granular permissions and ability to create custom reports
AuditArchive™: scalable two-tiered storage (file-based + SQL database) holding consolidated audit data for up to and beyond 10 years
Unified platform to audit the entire IT infrastructure (including systems that do not produce logs), as opposed to multiple hard-to-integrate standalone tools from other vendors
2. #completevisibility
Agenda
Chi siamo o cosa offriamo
Partnering with Netwrix
Strumenti utili per I Partners
Technical Overview and Live Demo – Danny Murphy
Domande
4. #completevisibility
Netwrix Corporation
Fondata nel 2006
HQ in Irvine, California
Filosofia – garantire una visibilità completa sull’infrastruttura IT
Customer base Globale – 6000
6M di licenze
Supporto Globale in Nord America, EMEA e Asia
Una delle aziende USA di software a più alto tasso di crescita (Inc 5000, Deloitte)
Corporate Headquarters:
20 Pacifica #625
Irvine, CA 92618
888-638-9749
www.netwrix.com
Additional Offices:
Columbus, OH
Paramus, NJ
Atlanta, GA
Kent, UK
6. #completevisibility
Configuration Auditing
I software di Configuration auditing forniscono agli
amministratori di Sistema un valido strumento per la
valutazione delle configurazioni di Sistema, il rilevamento
di eventuali modifiche e la possibilità di rimediare
tempestivamente ad eventuali errori mitigando I rischi di
sicurezza connessi. Le impostazioni di Configurazione
vengono valutate in base alle policy specifiche
dell’azienda o in base agli standard di sicurezza previsti
dalle normative vigenti. Questi strumenti vengono
utilizzati non solo per il controllo specific di PC e Server,
ma anche per l’audit di Applicazioni, databases, apparati
di rete e ambienti virtuali.
7. #completevisibility
L’opinione degli analisti
• Forrester named configuration auditing the #1 security
technology for next 5 years.
• "Configuration auditing tools can help you analyze your
configurations according to best practices, enforce
configuration standards and adhere to regulatory
requirements."
8. #completevisibility
Casi comuni di utilizzo di IT Auditing
Compliance
Raggiungere requisiti di conformità alle normative e agli standard di compliance, come
PCI, HIPAA, SOX, FISMA/NIST800-53, GLBA, d.lg. 30 giugno 2003, n. 196.
Sicurezza
Migliorare la sicurezza prevenendo la perdita, il furto o la modifica di dati sensibili e
l’accesso non autorizzato a risorse quali email, applicazioni, databases…etc.
Analisi delle cause
Identificare la causa di un disservizio, risolvere rapidamente downtime dei sistemi e
ristabilire l’operatività riducendo al minimo le conseguenze delle interruzioni di servizio.
9. #completevisibility
WW, EU and Italian Regulations
• Cobit
• ISO 27001
• SOX
• EU Data Protection
• HIPPA
• PCI-DSS
• D.LGS. 196/03
• etc
10. #completevisibility
Linee guida del Garante
• Linee guida in materia di trattamento di dati personali di
lavoratori per finalità di gestione del rapporto di lavoro in
ambito pubblico
• Punto 2. Il rispetto dei princìpi di protezione dei dati personali
prevede che Il datore di lavoro pubblico può lecitamente trattare
dati personali dei lavoratori ……
• adottando adeguate misure di sicurezza, idonee a preservare i dati
da alcuni eventi tra cui accessi ed utilizzazioni indebiti, rispetto ai
quali l'amministrazione può essere chiamata a rispondere anche
civilmente e penalmente (artt. 15 e 31 e ss. del Codice)
11. #completevisibility
Esempi reali di Audit Failures
Indagini sulla Compliance
2010 – NY & Presbyterian Hospital e Columbia University. $4.8 millioni di multa
2009 – WellPoint Inc. $1.7 millioni di multa
Compromised Security
2014 – Home Depot 56 millioni di carte di credito dei clienti compromesse (la più grande violazione mai commessa
presso una catena di vendita al dettaglio)
– Dairy Queen 400 fast food
– Jimmy John’s 216 ristoranti
– JPMorgan Chase 76 millioni di famiglie, 8 millioni di piccole imprese a richio
2013 – Target. $3.6 – 12 billion (stimati)
2011 – Maricopa County $17 millioni
Interruzioni della Business Continuity
Una compagnia petrolifera globale
Qualcuno a causa di un errore in uno script ha cancellato inconsapevolmente 2000 utenti. Al lunedì mattina I dipendenti non
potevano accedere alla rete e alle risorse aziendali
Large Recycling Company
GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to
access particular applications/resources
12. #completevisibility
What we do
Simple: works right out of the box.
Efficient: fills gaps and eliminates noise in native audit without intrusive agents
Affordable pricing, no expensive staff or hardware
Change auditing: Determine who changed what, when and where
Audit the entire IT Infrastructure from a Unified Platform
Additional features and functionality (Self Service Password Reset / Inactive
User Tracking / Password Expiration Alerting / Logon Auditing / AD Rollback)
Our USP
13. #completevisibility
Limitations of native auditing
Report on who, what, when & where
- Coverage is limited, change detail is limited and cryptic
Show before and after values
- Little to no visibility of what the previous value was
Consolidation of audit data
- Only individual security logs on each server
Prevent audit data loss due to log overwrites
- Logs can easily be overwritten if configured incorrectly
Pre-Defined reports
- No pre-defined reports available natively
Easy to understand change records
- Multiple events need to be analyzed to determine a change
Long-term archiving capabilities
- Requires large amount of disk space and maintenance
Real-time alerts for critical changes
- Not available natively
14. #completevisibility
Netwrix Auditor
Unified Platform for Change and Configuration Auditing
Active Directory
Exchange
File Servers
SharePoint
SQL Server
VMware
Windows Server
Auditing solutions for:
AD, Group Policy, Inactive User Tracking and Password Expiration
Windows Servers, EMC Storage and NetApp Filers
SharePoint farm configuration, security and content changes
Exchange changes and non owner mailbox access
SQL Configuration and Security Changes
Windows configuration changes and user activity video recording
VMware vSphere, ESX and ESXi
15. #completevisibility
Features – Unified Platform
Change auditing: detection, reporting and alerting on all configuration
changes across your entire IT infrastructure with Who, What, When,
Where details and Before/After values.
#completevisibility
16. #completevisibility
Features – Unified Platform
Configuration assessment: State-in-time™ reports show configuration
settings at any point in time, such as group membership or password
policy settings as they were configured a year ago.
#completevisibility
17. #completevisibility
Features – Unified Platform
Simple and affordable: works out of the box, low TCO - no expensive
staff or hardware.
Unified platform to audit the entire IT infrastructure, unlike other
vendors with a set of hard-to-integrate standalone tools.
#completevisibility
18. #completevisibility
Features – Enterprise-grade scalability
Agentless or lightweight, non-intrusive agent-based modes of
operation.
AuditAssurance™: consolidates audit data from multiple independent
sources, filling-in key details not present in any single source.
#completevisibility
19. #completevisibility
Features – Enterprise-grade scalability
Auditing of virtually any system or application, even if it does not
produce any logs, via screen activity recording of privileged users with
ability to search and replay or tracking of configurations stored in
databases.
AuditArchive™: scalable two-tiered storage (file-based + SQL
database) holding consolidated audit data for 10 years or more.
#completevisibility
21. #completevisibility
Features – AuditIntelligence™
Reporting with filtering, grouping, sorting, export (PDF, XLS etc.), email
subscriptions, drill-down, access via web, granular permissions and
ability to create custom reports.
More than 200 predefined reports are included, enough to pass most
audits.
Real-time alerts and reports
#completevisibility
22. #completevisibility
Features – SIEM, Rollback, FIM
Integration with SIEM: optionally forwards meaningful audit data into
your existing SIEM, leveraging existing processes, protecting
technology investments and reducing console sprawl.
Event log management: "catchall" of non-change events in Windows
logs and Syslog, such as logon/logoff, account lockouts, etc.
Change rollback: Reverts unauthorized or malicious changes to a
previous state without any downtime or having to restore from backup.
File Integrity Monitoring (FIM) of critical system and content files as
required by compliance regulations.
#completevisibility
23. #completevisibility
Next Steps
Free Trial: setup in your own test environment
netwrix.com/freetrial
Test Drive: virtual POC, try in a Netwrix-hosted test lab
netwrix.com/testdrive
Live One-to-One Demo: product tour with Netwrix expert
netwrix.com/livedemo
Contact Sales to obtain more information
netwrix.com/contactsales
#completevisibility
25. #completevisibility
Partnering with Netwrix
You can offer your customers the broadest coverage of audited
systems and applications: agentless, Tier-2 storage for free,
complete visibility.
Empower your product portfolio with industry-leading products
Transparent and efficient partner program helping you to make more
money – up to 40% margin!
Robust marketing support to advance your sales!
Find our more: netwrix.com/partners/
26. #completevisibility
Netwrix Partner Program: Quick Start
Apply for partnership using Netwrix
Partner Registration Portal
We will supply you with all necessary
Information to make sure your sales are
100% Netwrix-ready.
Drive sales and watch your revenue
grow!
Helpful assets:
Netwrix partner program
Customer-facing Marketing content
Netwrix solutions
27. #completevisibility
How Do I Make Money with Netwrix?
The Netwrix PP Authorized Silver Gold
Basic discount new
Software Sales, 1st
year Support, Pre-
paid Support
5% 5% 5%
Deal Reg discount
new Software Sales,
1st year Support,
Pre-paid Support
20% 30% 35%
Total Partner
Discount for
Registered Deals
25% 35% 40%
28. #completevisibility
I Benefici
Benefits Authorized Silver Partner Gold Partner
Sales Support NO YES YES
Presales Tech
Support
NO YES Advanced
Marketing Support NO YES Advanced
SLA Portal SLA 1 SLA 2
Partner Portal
Access
YES YES YES
Netwrix Partner
Locator
NO YES YES
NFR Keys Limited Extended Extended+
29. #completevisibility
I requisiti
Requirements Authorized Silver Partner Gold Partner
Reg Deals Approvati 0 3 10
Representing
Netwrix on Partner
Website
NO YES YES+
Co-Marketing
Activities
NO Min 1 x Quarter Min 1 x Quarter
Certified Specialists:
min. 1 Sales and 1
Technical
NO YES YES
Customer Success
Story
NO 1 x Anno 2 x Anno
31. #completevisibility
Licensing & pricing
• Licenses can be perpetual or subscription
based
• Licensed by number of AD users
• Starts at 150 per enabled AD user
• Special pricing is available for government,
education and non-profit organizations.
32. #completevisibility
Support
• New perpetual licenses include
– 1-year Software Maintenance (additional cost)
– Valid from the date of purchase
– Entitles product updates and technical support for the
first year.
• Subscription license purchases come with a
Software Maintenance contract at no
additional cost.
34. #completevisibility
Useful content for your customers
Free Trial: setup in your own test environment
netwrix.com/freetrial
Test Drive: virtual POC, try in a Netwrix-hosted test lab
netwrix.com/testdrive
Live One-to-One Demo: product tour with Netwrix expert
netwrix.com/livedemo
Contact Sales to obtain more information
netwrix.com/contactsales
35. #completevisibility
Thank you for your attention!
Questions?
Giovanni Zanasca
Management Consultant Ciips Informatica
E-mail giovanni.zanasca@cips.it
Telephone 3491992152
Editor's Notes
This slide is shown when the webinar starts, at the same moment when the speaker starts to speak. A speaker says welcoming words – very brief “hi” by (a moderator who introduces a presenter, if moderator is actually involved) presenter, telling his name and position, introducing the topic, - and very importantly – explaining WHY attendees are here (optional), why we are happy to have the people here, what are their learning objectives (very briefly) that they are going to come away with. After that, there’s turning to the next slide.
(You can check The Script for a possible exact text for this slide).
It’s not just about reading the agenda points, but it’s rather about an explanation of specific takeaways and learning outcomes that the presenter will try to achieve in the webinar.
An important thing is to remember that at the end of the webinar the presenter should return in his speech to this agenda and remind what it was that we covered today, what were the most important things that we want to make sure that people are taking away from this webcast.
Explaining a little bit why companies do auditing stressing out these 3 reasons
Compromised Compliance
2010 – a breach of health information in New York and Presbyterian Hospital and Columbia University. Result: the largest HIPAA settlement to date of $4,8 million monetary payments for violating HIPAA
2009 – a breach of health information in WellPoint Inc. Affected nearly 612,402 individuals. Result: HIPAA settlement for $1.7 million
Compromised Security
2013 – a security breach in Target. Affected up to 110 million customers. Result: multiple legal claims to the company and monetary payments settlement for nearly $3.6 billion (estimated)
2011 – a security breach in Maricopa County Community College District. Affected 2.4 million individuals. Result: multiple lawsuits and estimated settlement for about $17 million
Sources for this slide info:
- NYP and CU: http://www.hhs.gov/news/press/2014pres/05/20140507b.html
- Well Point Inc: http://www.hhs.gov/news/press/2013pres/07/20130711b.html
- Target: http://techcrunch.com/2013/12/23/target-may-be-liable-for-up-to-3-6-billion-from-credit-card-data-breach/
- Maricopa: http://www.azcentral.com/story/news/local/phoenix/2014/05/02/lawsuit-filed-maricopa-districts-security-breach/8619189/
Additional text which could be used if needed:
“The cost of managing a data breach can be huge, including fines, class-action lawsuits, lost staff time, not to mention long-term damage to organizational reputation. The cost of preventing such breaches, on the other hand, including encryption, change and configuration auditing, risk analysis, targeted policy and procedures manuals, and staff training, may not be cheap but is far less costly than cleaning up after a breach”.
“Numerous recent security breaches, compliance violations and operations breakdowns at major retailers, healthcare organizations, telecom/Internet companies and hotel chains are vivid examples of audit failures”: (and then speak a little bit about the examples on the slide)
We have just addressed difficulties (challenges) of auditing AD changes with native tools and said that there is Netwrix Auditor which can simplify this task. On this slide we briefly introduce NA describing its major features and systems coverage, after which we turn to the presentation.
We have just addressed difficulties (challenges) of auditing AD changes with native tools and said that there is Netwrix Auditor which can simplify this task. On this slide we briefly introduce NA describing its major features and systems coverage, after which we turn to the presentation.
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons
Explaining a little bit why companies do auditing stressing out these 3 reasons