identity access management solution
DESCRIPTION
TRANSCRIPT
February 2, 2007
Leveraging Information Overload for Effective Security Management
Shivaprakash,A.SPre Sales HeadIndia,[email protected]
© Novell Inc. All rights reserved
2
Agenda
• About Novell
• Challenges Created by the Evolving Information Security Landscape
• Solution’s to address these challenges
• Summary
• Demo
• Q & A
© Novell Inc. All rights reserved
3
Five Key Solution Areas
• 1 Security and Identity Solutions
• 2 Data Center Solutions
• 3 Resource Management Solutions
• 4 Workgroup Solutions
• 5 Desktop Solutions
© Novell Inc. All rights reserved
4
Novell Open Workgroup Suite
Upto 70% less than an equivalent competing solution.
Best of both worlds : Open Source and proprietary Platforms
Backed by World class support from Novell
Evolution of Information Security Landscape
© Novell Inc. All rights reserved
6
IT security versus information security
Business problem
Technology problem
IT security Information security•Firewalls
•Intrusion detection
•Viruses, worms
•System hardening
•Encryption
•Intellectual property
•Business/financial integrity
•Regulatory compliance
•Insider abuse
•Industrial espionage
•Privacy
Source: Forrester
© Novell Inc. All rights reserved
7
Challenges..
© Novell Inc. All rights reserved
8
InfoSecurity… The Tale of Sisyphus
Wireless
Remote Access
Identity
Application
Perimeter
© Novell Inc. All rights reserved
9
Investments in Multiple Point Solutions has led to lesser RoI
IINNTTEERRNNEETT
WWAANN
APP SERVER DMZ
Public SERVER DMZ
VLAN 1VLAN 1
VLAN 2VLAN 2
WLAN VPN WLAN VPN
GatewayGateway
L2 SwitchL2 Switch Subnet ASubnet ASubnet BSubnet B
VLAN 1VLAN 1
VLAN 2VLAN 2
WLAN HandsetWLAN HandsetPDAPDA Java Smart PhoneJava Smart Phone
EXTRANET
L3 L3 SwitchSwitch
L3 L3 SwitchSwitch
L3 L3 SwitchSwitch
NIDSNIDSNIDSNIDS
NIDSNIDS
NIDSNIDSHIDSHIDS
HIDSHIDS
HIDSHIDS
Firewall & Firewall & VPNVPN
Firewall & Firewall & VPNVPN
HTTTPSHTTTPS
Application Application SwitchSwitch
SSL VPN SSL VPN
SSL SSL PortalPortal
Application Application SwitchSwitch
L2 SwitchL2 Switch
L2 SwitchL2 Switch
L2 SwitchL2 Switch
802.1q802.1q
802.1x802.1x
802.1x802.1x
802.1x802.1x
802.1x802.1x
802.1x802.1x
802.1x802.1x
802.1x802.1x
802.1x802.1x
WLANWLAN
LANLAN
PERIMETERPERIMETER
APPLICATIONSAPPLICATIONS
Ingress/Egress Ingress/Egress BW MgmtBW Mgmt
Firewall,VPN,Anti Virus,IDSFirewall,VPN,Anti Virus,IDSAuthentication: 2,3-factorAuthentication: 2,3-factor
PnP Device MgmtPnP Device MgmtRemovable Media MgmtRemovable Media Mgmt
© Novell Inc. All rights reserved
10
Jun 17 09:42:30 rmarty ifup: Determining IP information for eth0...Jun 17 09:42:35 rmarty ifup: failed; no link present. Check cable?Jun 17 09:42:35 rmarty network: Bringing up interface eth0: failedJun 17 09:42:38 rmarty sendmail: sendmail shutdown succeededJun 17 09:42:38 rmarty sendmail: sm-client shutdown succeededJun 17 09:42:39 rmarty sendmail: sendmail startup succeededJun 17 09:42:39 rmarty sendmail: sm-client startup succeededJun 17 09:43:39 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128Jun 17 09:45:42 rmarty last message repeated 2 timesJun 17 09:45:47 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128Jun 17 09:56:02 rmarty vmnet-dhcpd: DHCPDISCOVER from 00:0c:29:b7:b2:47 via vmnet8Jun 17 09:56:03 rmarty vmnet-dhcpd: DHCPOFFER on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8Jun 17 09:56:03 rmarty vmnet-dhcpd: DHCPREQUEST for 172.16.48.128 from 00:0c:29:b7:b2:47 via vmnet8Jun 17 09:56:03 rmarty vmnet-dhcpd: DHCPACK on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:00:03 rmarty crond(pam_unix)[30534]: session opened for user root by (uid=0)Jun 17 10:00:10 rmarty crond(pam_unix)[30534]: session closed for user rootJun 17 10:01:02 rmarty crond(pam_unix)[30551]: session opened for user root by (uid=0)Jun 17 10:01:07 rmarty crond(pam_unix)[30551]: session closed for user rootJun 17 10:05:02 rmarty crond(pam_unix)[30567]: session opened for user idabench by (uid=0)Jun 17 10:05:05 rmarty crond(pam_unix)[30567]: session closed for user idabenchJun 17 10:13:05 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.19/192.168.80.19 to UDP port: 192Jun 17 10:13:05 rmarty portsentry[4797]: attackalert: Host: 192.168.80.19/192.168.80.19 is already blocked IgnoringJun 17 10:14:09 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68Jun 17 10:14:09 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked IgnoringJun 17 10:14:09 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68Jun 17 10:14:09 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked IgnoringJun 17 10:21:30 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68Jun 17 10:21:30 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked IgnoringJun 17 10:28:40 rmarty vmnet-dhcpd: DHCPDISCOVER from 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:28:41 rmarty vmnet-dhcpd: DHCPOFFER on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:28:41 rmarty vmnet-dhcpd: DHCPREQUEST for 172.16.48.128 from 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:28:45 rmarty vmnet-dhcpd: DHCPACK on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked IgnoringJun 17 10:30:47 rmarty portsentry[4797]: attackalert: UDP scan from host: 192.168.80.8/192.168.80.8 to UDP port: 68Jun 17 10:30:47 rmarty portsentry[4797]: attackalert: Host: 192.168.80.8/192.168.80.8 is already blocked IgnoringJun 17 10:35:28 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128Jun 17 10:35:31 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128Jun 17 10:38:51 rmarty vmnet-dhcpd: DHCPREQUEST for 172.16.48.128 from 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:38:52 rmarty vmnet-dhcpd: DHCPACK on 172.16.48.128 to 00:0c:29:b7:b2:47 via vmnet8Jun 17 10:42:35 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128Jun 17 10:42:38 rmarty vmnet-dhcpd: DHCPINFORM from 172.16.48.128
What would you rather look at .. This ??
© Novell Inc. All rights reserved
11
Or This !
© Novell Inc. All rights reserved
12
Or This !
© Novell Inc. All rights reserved
13
And this !
© Novell Inc. All rights reserved
14
Regulations, Standards & Compliance
© Novell Inc. All rights reserved
15
Gazing at the Crystal Ball ..
© Novell Inc. All rights reserved
16
Creating Opportunity from the Chaos : SIEM
Asset
ExposuresIncid
ents
Intelligence
© Novell Inc. All rights reserved
17
How the Solutions Work
Transport & Aggregate
Reduce & Normalize
Correlate Report Archive
Security Information and Event Management
© Novell Inc. All rights reserved
18
Business Benefits of SIEM• Operational Efficiency
– Monitor More Security and Compliance Controls with Limited Resources
– Measure the Effectiveness of preventative, detective, and corrective controls
• Automation of Manual Processes– Automating Auditing Preparation and Review of systems against
regulatory and internal policy– Automate data Collection, Correlation, Reporting and Incident
Response• Demonstrate Compliance to Policy/Regulation
– Regulations require organizations to establish, document, and monitor a robust internal IT control environment
– Continuously monitoring Controls and providing notification of Policy Violations in real-time
© Novell Inc. All rights reserved
19
To help you focus on innovation and growth
© Novell Inc. All rights reserved
20
Our Solutions Have Evolved Too ..
Management
SecurityInformation
& Event
Systems
Management
Identity & Access
Management
ComprehensiveSecurity &
Compliance
Leveraging integration and automation to drive down cost and reduce risk
© Novell Inc. All rights reserved
21
IncidentResponse
ThreatManagement
EventManagement
IdentityManagement
PolicyMonitoring
Compliance
AccessControl
© Novell Inc. All rights reserved
22
IDC on the e-Security acquisition
In the compliance area, customers want converged solutions that encompass system, identity, access and security event management. With the acquisition of e-Security, Novell is the only vendor with the potential to proactively address business needs for a real-time, comprehensive compliance solution that integrates people, systems and processes.
-Chris Christiansen, IDC Vice President of Security Products and Services
© Novell Inc. All rights reserved
23
Leader with Highest Rating for “Completeness of Vision” in SIEM Magic Quadrant, 2005
“e-Security’s product architecture is supremely scalable and flexible...”
“If we had it to do over, we'd build a message bus architecture like this one [iSCALE] for scalability.”
Other SIM solutions reporting to the 451 Group Impact Report (11/10/05)
2nd Consecutive Year!
e-Security Receives Highest Rating In InfoWorld’s SEM Test
e-Security Wins 2005 Technology Innovation Award
Analyst and Industry Recognition
© Novell Inc. All rights reserved
24
Sentinel Product Information and Architecture
© Novell Inc. All rights reserved
25
• View up-to-date reports on security posture
• Eliminate manual log review and consolidation
• Identify threats in real-time
• Contain/remediate attacks quickly
• Manage risk more effectively
• Improve proof-of-compliance reporting, security metrics
• Cut compliance and security costs View up-to-date compliance reports on Critical IT Assets
• Eliminate manual log review and consolidation
• Support “tone at the top”
Solution Benefits
© Novell Inc. All rights reserved
26
Pre-defined CollectorsFirewallsSymantec Enterprise FirewallCheck Point Firewall-1CyberGuardISS BlackICECISCO PIXSunScreenSonic Wall SonicwallSymantec Enterprise FirewallWatchGuard FireboxJuniper Netscreen
Intrusion PreventionSymantec ManHuntMcAfee IntruShieldMcAfee Entercept
Intrusion Detection(network-based)Symantec Decoy ServerCISCO IDSNFR Sentivist IDSEnterasys DragonOpen Source Software SnortIntrusion.com SecureNetISS RealSecureISS SiteProtectorJuniper NetscreenSourcefire Sourcefire
Routers & SwitchesNortel allCisco all
Incident ManagementBMC RemedyHewlett-Packard Service Desk
AuthenticationRSA ACECISCO Secure Access Control Server (ACS)
Policy MonitoringSymantec Enterprise SecurityManager (ESM)
Intrusion Detection(host-based)Open Source Software COPSISS RealSecureTripwireSymantec Intruder Alert Manager
Patch ManagementBMC MarimbaPatchLinkNetwork ManagementIBM Tivoli Enterprise ConsoleHewlett-Packard OpenViewBMC PatrolMicromuse Netcool
Operating SystemsMicrosoft Windows NTMicrosoft Windows 2000/3Sun SolarisSun SunOSHewlett-Packard HP-UXIBM AIXRed Hat EnterpriseSuSE EnterpriseAS/400
Anti-VirusSymantec AntiVirusMcAfee VirusScanMcAfee ePolicy OrchestratorTrend Micro ServerProtectTrend Micro ScanMailTrend Micro InterScan VirusWall
ERPPeopleSoftSAP
Web ServersApache ApacheMicrosoft IISMicrosoft ProxyNetscape Proxy
Directory ServicesLDAP (standard)Active Directory
MainframeACF2, RACF, Top SecretOS/390Z/OSHP NonStop
DatabasesOracleSybaseMicrosoft SQL ServerMYSQL ABInformixSybaseDB/2
VPNCISCO VPN 3030CISCO PIX Device ManagerNortel VPNCheck Point VPN-1
VulnerabilityAssessmentISS Internet ScannerISS Database ScannerMcAfee CyberCop ASaPMcAfee FoundstoneQualys QualysGuardOpen Source Software NessuseEye Retina Network SecurityScanner
© Novell Inc. All rights reserved
27
• Lower TCO• Unmatched Performance
© Novell Inc. All rights reserved
28
• Build your own Collectors on the fly and collect data from ANY source
• Collect, parse, normalize and enrich events.• Available for many sources
– Windows, Unix, AS400, Tandems– Firewalls, VPN, Routers, Switches– Vulnerability Scanners– IDS/IPS/Access Control Systems– Databases, Mainframes– Etc
• Collect data remotely via– Logfile, Socket, Syslog, SSL, SSH,
OPSEC, SNMP, ODBC, JDBC, HTTP, WMI and more
Wizard Collection Technology
© Novell Inc. All rights reserved
29
• Real-time Dashboard that delivers under high event loads
• Detect and Analyze Trends, Threats, Violations
• Monitor Compliance Controls across the Enterprise
Security and Compliance Dashboard
Detect Violations Faster
© Novell Inc. All rights reserved
30
Automatically Retrieve Data About Event
• Vulnerability state of target• Patch status• Asset details• Intelligence data on attack• Initiate data-gathering scripts
– System details– Full-content monitoring
Assign Incident• Individual or Team
Accept & Verify Incident Assignment• Continue to manage incident locally or send
to external system– Remedy or HP Service Desk
Run Eradication Scripts• Perform active actions
– Shut down port– Perform vulnerability analysis– Remove foreign programs
Run Containment Scripts• Gather host & network-based evidence• Perform active actions
• Enable consistent, repeatable, documented response to violations• Creates audit trail, system-of-record• Drive metrics (e.g. “mean time to resolution”)
Resolve and Document Policy Violations Faster
© Novell Inc. All rights reserved
31
• Gain Needed Insight Into IT Controls– Discover trends, anomalies– Track and report security-related activity on
assets impacted by Sarbanes-Oxley, other regulations
• Improve Proof-of-Compliance Reporting
– Demonstrate Your Organization> Monitors activity on critical IT assets> Identifies and analyzes security
and compliance incidents> Tracks and resolves incidents
and policy violations• Out-of-Box Reports, Configure
Existing Reports, Create Your Own
Sentinel ReportsT:
Security Metrics, Compliance Reporting
© Novell Inc. All rights reserved
32
Summary
“Success is a moving target and evolution is the only way forward “
© Novell Inc. All rights reserved
33
Demo
© Novell Inc. All rights reserved
34
Q & A