Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

Transcription

1 Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

2 Comply Prove it! Reduce the risk of security breaches by automating the tracking, alerting and reporting on the who-what-where of changes across the network Easily meet compliance and governance standards by tracking all changes in real time and leveraging prebuilt reporting to demonstrate compliance Keep your auditors happy with detailed user and administrator activity reports 2

3 5 IT Auditing & Compliance Mistakes Organizations Make Lack of visibility into who is doing what in Windows environments Underestimating user & organizational impact Inconsistent or absence of a GRC strategy Inadequate data protection Failure to plan and manage external & internal audits 3

4 Auditing & Compliance technical challenges No comprehensive view of changes and event logs Event log collection and change reporting to satisfy auditors and prove compliance Searching for a specific event is time consuming and frustrating Native event details contain limited information which is difficult to decipher without expertise No protection exists to prevent sensitive objects from being deleted or logs from rolling over Knowing when violations to compliance and security policies occur is not possible through native tools Business requirements exceed native capabilities Meeting reporting needs from management to auditor is time consuming and manual Working with disparate tools across heterogeneous environments 4

5 Consequences of not having a proactive auditing & compliance solution Failure stay in front of external regulations such as PCI DSS Lack of adherence to internal policies and standards Security breaches (internal and external offenders) Leaks of sensitive data (accidental and maliciously motivated) A failed IT audit System downtime 5

6 First the good news... If you have Active Roles and all your administration is done through it then everything is logged within Active Roles 6

7 Employee account change or termination 7

8 Results 8

9 Now the bad news... What if you don t use Active Roles? What if administrators still have native access to Active Directory? What if something has changed and no one will admit to doing it? What if you don t know what's changed? 9

10 Now the bad news... You could always use native logging. Microsoft Best Practice for Securing Active Directory guide lists 28 pages of events with approximately 15 events per page = 375 events (roughly) 10

11 Once in a while you might strike it lucky. 11

12 But then again... 12

13 Change Auditor - A better way Change Auditor provides complete, real-time change auditing, in-depth forensics and comprehensive reporting on all key configuration, user and administrator changes for Active Directory, ADLDS, AD Queries, Exchange, SharePoint, Lync, VMware, NetApp, Windows File Servers, EMC, and SQL Server. Change Auditor also tracks detailed user activity for web storage and services, logon and authentication activity and other key services across enterprises. Who Made the change? Where Was the change made from? What Object was changed? Real-time smart alerts to any device Why Was the change made (comment)? When Was the change made? Workstation Where the change originated from 13

14 Visibility into enterprise-wide activities from one console 14

15 Deep integration provides information you need ARS user Search, report and alert on ARS users taking action in AD 15

16 Reduces security risks with real-time alerts to any device Enable real-time alerts on: Security configurations Policy deviations Security breaches Failed access attempts Know when critical items are changed or when patterns of change occur Take action on threats from anywhere as they happen 16

17 Simplifies external compliance audits with built-in regulatory reports Provides auditor ready and scheduled reporting Ensures compliance with external regulations, including reports for SOX, PCI DSS, HIPAA, FISMA and SAS70 17

18 But wait there s more... Change Auditor doesn t just report on changes. It can prevent them from happening in the first place. 18

19 Prevents critical assets from being accessed or modified Protects against undesirable changes to AD objects, mailboxes, Windows files and folders Limits the control of privileged users and native permissions Generate events and alerts when users attempt access or change to protected objects Provide flexible access controls to certain users or groups 19

20 Final thoughts... 20

21 Thank you Protection & Compliance are you capturing what s going on?