How to Automate SOX/PCI Breach Detection with UCMDB-CM June 27, 2013

Similar documents

Advanced Configuration Management with HP UCMDB Configuration Manager & UCMDB Browser

What s New With HP Service Manager and Universal CMDB December 18, 2014

Managing the Challenges of Cloud Management November 7, 2013

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

What s New for HP Service Anywhere & Service Manager September 15, 2015

How to Consolidate your App Monitoring Strategy: End-to-End User Experience Monitoring for Your BSM October 20, 2015

AM chargeback/ TCO reporting for business services

DevOps: Old-School IT lessons for a New-World of IT Opportunities. February 16, 2012

Applications Performance Management for Mobile Applications September 18, 2013

Workshop: Mobile Performance Testing Series I May 10, Copyright 2016 Vivit Worldwide

CA Configuration Automation

Best Practices for Cloud Automation & Integration November 7, 2013

Operations Orchestration Automating Your Data Center May 21, 2014

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Best Practices Report

Are you ready to light up your Cloud? July 7, 2015

Copyright 11/1/2010 BMC Software, Inc 1

HP Change Configuration and Release Management (CCRM) Solution

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Enabling ITIL Best Practices Through Oracle Enterprise Manager, Session # Ana Mccollum Enterprise Management, Product Management

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

SapphireIMS 4.0 BSM Feature Specification

Big Data Analytics: Today's Gold Rush November 20, 2013

Enforcive / Enterprise Security

How to Keep a Cloud Environment Current, Secure and Available October 16, 2014

How To Get Your Computer To Comply With Pca

HP ALM and Lab Management Review of the Key Features November 13, 2013

Certification Report

Delivering Cost Effective IT Services

How To Manage Security On A Networked Computer System

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

PCI DSS Reporting WHITEPAPER

Application Security Center overview

How to Secure Your SharePoint Deployment

IPLocks Vulnerability Assessment: A Database Assessment Solution

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Change Management help topics for printing

Service Asset & Configuration Management PinkVERIFY

How To Use Itil To Improve Your Business

Moving beyond Virtualization as you make your Cloud journey. David Angradi

Symantec DLP Overview. Jonathan Jesse ITS Partners

White paper Maximize your electronic health records investment and improve patient care. A Configure Consulting white paper, sponsored by HP Software

White Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia

Simplify and Automate IT

IBM Security QRadar Risk Manager

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Spotlight Management Pack for SCOM

The Value of Vulnerability Management*

PCI Compliance for Cloud Applications

Simplify and Automate IT

IBM Security QRadar Risk Manager

Virtualization Impact on Compliance and Audit

Patch Management. Module VMware Inc. All rights reserved

Questions and Answers: Customer Success Story Upgrade to HP Asset Manager 9.3 Webinar

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

How RSA has helped EMC to secure its Virtual Infrastructure

Configuration Management

Se i o Pricing Document

Netwrix Auditor for Exchange

Security Compliance and Data Governance: Dual problems, single solution CON8015

SEAMLESS DATA PUMP. Out-of-the-box, and across the cloud, real-time secure data and event level integration

Integration Module for BMC Remedy Helpdesk

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

What is New: HP LoadRunner 12.02, HP Performance Center 12.20, StormRunner 1.30

FormFire Application and IT Security. White Paper

FireScope + ServiceNow: CMDB Integration Use Cases

GENERAL PLATFORM CRITERIA. General Platform Criterion Assessment Question

ITIL Intermediate Capability Stream:

McAfee Database Security. Dan Sarel, VP Database Security Products

Automate PCI Compliance Monitoring, Investigation & Reporting

ORACLE IT SERVICE MANAGEMENT SUITE

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

Virtual Compliance In The VMware Automated Data Center

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Netwrix Auditor for SQL Server

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

ITIL Asset and Configuration. Management in the Cloud

TRIPWIRE NERC SOLUTION SUITE

Automating the IT Operations to Business Connection

IBM Tivoli Netcool Configuration Manager

VMware's Cloud Management Platform Simplifies and Automates Operations of Heterogeneous Environments and Hybrid Clouds

Symantec Asset Management Suite 7.5 powered by Altiris technology

General Platform Criterion Assessment Question

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Ben Hall Technical Pre-Sales Manager Barry Kew Pre-Sales Consultant

Transcription:

How to Automate SOX/PCI Breach Detection with UCMDB-CM June 27, 2013 Copyright 2013 Vivit Worldwide

Brought to you by Vivit Configuration Management System Special Interest Group (SIG) Leaders: Evan Hamilton and Patrick Wolf www.vivit-worldwide.org Copyright 2013 Vivit Worldwide

Hosted by Evan Hamilton Vivit Configuration Management System SIG Leader VP Services Cravetek LLC Copyright 2013 Vivit Worldwide

Today s Presenters Brian Wong Practice Lead-Enterprise Security Configure Consulting Inc. Justin Harrison Technical Consultant, HP ITPS Configuration Consulting Inc. Copyright 2013 Vivit Worldwide

Housekeeping This LIVE session is being recorded Recordings are available to all Vivit members Session Q&A: Please type questions in the Questions Pane Copyright 2013 Vivit Worldwide

Webinar Control Panel Toggle View Window between Full screen/window mode. Questions Copyright 2013 Vivit Worldwide

How to Automate SOX/PCI Breach Detection with HP UCMDB-CM Presenters: Justin Harrison & Brian Wong

Agenda 1. Compliance Management 2. Leveraging CMS Portfolio 3. What is Configuration Manager? 4. How Can CM Help With Compliance? 5. Detection and Remediation 6. A day in life Demo 7. Questions and Answers About us As an HP Software and VMware Partner, Configure Consulting Inc. specializes in implementing quick-start solutions to empower IT operations teams with efficiency, stability and top performance in the delivery of business services. Our Services Professional IT Consulting Staff Augmentation Managed Services Training 8

Compliance Management IT Infrastructure is diverse, dynamic and complex Baseline infrastructure standards Network management policies Data center server guidelines Critical applications High availability requirements Geographic redundancy Security policies 9

Compliance Management Today s presentation: Addressing critical compliance challenges using Configuration Manager Extracting additional value from the UCMDB 10

Compliance Management Both SOX and PCI are focused on protecting end user data, here a few sample requirements: Failovers/back-ups managed in a separate location Avoid default administrator accounts Enforce usage of non-standard ports Network/firewall separation between web servers and related databases or internal servers Ensure anti-virus is installed and updated Have you struggled to give other stakeholders visibility into the data in UCMDB?... Adding policy-level context to the data already in your CMDB delivers huge value to compliance teams 11

Leveraging the CMS Portfolio Data Modeling Configuration Manager Discovery and Federation Auto-discovered, federated and integrated data CI attributes and relationships UCMDB CI attribute and relationship change history Views, application maps, service models Location, criticality, and other logical information Establish baseline and topological policies Apply policies to views, application maps and other CI groupings Scan the discovered environment for likeconfigurations Graphical interface, dashboards, reports 12

What is Configuration Manager? Configuration Manager helps IT establish configuration standards and enforce policies that improve the stability of the environment and enable delivery of standardized services Example: Policy with description and graphical view 13

How can CM help with Compliance? Network Security Cloud Services Scale and Accuracy Enterprise IT Infrastructure Private Cloud Infrastructure Brokered Cloud Services Uptime and Maintenance Simplified interface for viewing and managing various policies Standardize IT configurations Create and enforce baseline and topological policies Promote better IT management processes that adhere to compliance requirements Enforcing Policies Security and Compliance 14

Automated Breach Detection and Remediation Use CM to detect compliance breaches that would otherwise go unnoticed Identify unauthorized configuration changes Flag policy breaches and notify appropriate parties Automatically generate remediation workflow processes Example: -Compliance alert -Remediation engine automatically run -L1 & L2 automated remediation -L3 notification generated 15

Demo Overview Use and regularly update anti-virus software Assign a unique ID to each person with computer access SQL Server should not use default port Critical application servers should be redundant 16

Recap Simplified policy management through views and dashboards Standardize and reduce the amount of IT configurations to manage Improve IT management processes by driving changes according to standards and policies Stay Compliant with CM 17

Questions & Answers 18

Thank You For Your Attention Justin Harrison jharrison@configureconsulting.com Brian Wong brian@configureconsulting.com