Real-Time Security for Active Directory



Similar documents
Security and HIPAA Compliance

Monitoring Change in Active Directory White Paper October 2005

Virtualization Management Survey Analysis White Paper August 2008

The Challenges of Administering Active Directory

The Challenges of Administering Active Directory

AD Management Survey: Reveals Security as Key Challenge

NetIQ AppManager for NetBackup UNIX

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

Reduce Your Breach Risk: File Integrity Monitoring for PCI Compliance and Data Security

NetIQ Aegis Adapter for Databases

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

NetIQ and LECCOTECH: Integrated Solutions for Optimal SQL Server Performance October 2003

NetIQ Free/Busy Consolidator

Reporting and Incident Management for Firewalls

NetIQ Aegis Adapter for VMware vcenter Server

Best Practices for Managing & Monitoring Active Directory and Group Policy

Using NetIQ to Address PCI Compliance on the iseries Platform White Paper March, 2008

Executing Large-Scale Data Center Transformation Projects with PlateSpin Migrate 12

Addressing the Risks of Outsourcing

NetIQ Update October 31, 2013 Michel van der Laan

Achieving ROI From Your PCI Investment White Paper November 2007

Reduce Your Breach Risk: File Integrity Monitoring for PCI DSS Compliance and Data Security

Using NetIQ Security and Administration Products to Ensure HIPAA Compliance March 25, Contents

A Practical Guide to Cost-Effective Disaster Recovery Planning

Reduce Your Breach Risk: File Integrity Monitoring for PCI DSS Compliance and Data Security

User Guide. NetIQ Change Guardian for Group Policy. March 2010

The Who, What, When, Where and Why of IAM Bob Bentley

Optimizing Business Continuity Management with NetIQ PlateSpin Protect and AppManager. Best Practices and Reference Architecture

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

The NetIQ Risk & Compliance Approach

Upgrading to MailMarshal Version 6.0 SMTP Technical Reference

Leveraging a Maturity Model to Achieve Proactive Compliance

NetIQ AppManager for Cisco Interactive Voice Response. Management Guide

White paper September Realizing business value with mainframe security management

Installation and Configuration Guide. NetIQ Security and Compliance Dashboard

Staying Secure in a Cloudy World

The problem with privileged users: What you don t know can hurt you

Mitigating Risks and Monitoring Activity for Database Security

Strengthen security with intelligent identity and access management

User Guide. Directory and Resource Administrator Exchange Administrator. Directory and Resource Administrator Exchange Administrator User Guide

Addressing Regulatory Compliance in the Healthcare Industry January 2006

IBM Security Privileged Identity Manager helps prevent insider threats

How To Manage A Privileged Account Management

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Using NetIQ's Implementation of NetFlow to Solve Customer's Problems Lecture Manual

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Windows Least Privilege Management and Beyond

8 Key Requirements of an IT Governance, Risk and Compliance Solution

IBM Tivoli Netcool Configuration Manager

Solving the Security Puzzle

Integration With Third Party SIEM Solutions

How To Buy Nitro Security

NetIQ FISMA Compliance & Risk Management Solutions

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Privilege Gone Wild: The State of Privileged Account Management in 2015

Best Practices: NetIQ Analysis Center for VoIP

Extending Access Control to the Cloud

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

How to Develop a Log Management Strategy

CORE Security and GLBA

Installation Guide. NetIQ Security Solutions for iseries. September 10, 2008

NetIQ AppManager for Self Monitoring UNIX and Linux Servers (AMHealthUNIX) Management Guide

Understanding Enterprise Cloud Governance

Proven LANDesk Solutions

MailMarshal 6.0 SMTP Sizing Guide White Paper June 2004

NetIQ AppManager ResponseTime for Microsoft Active Directory Management Guide

LANDesk Service Desk Certified in All 15 ITIL. v3 Suitability Requirements. LANDesk demonstrates capabilities for all PinkVERIFY 3.

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Proving Control of the Infrastructure

NetIQ AppManager ResponseTime for Microsoft SQL Server

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Privilege Gone Wild: The State of Privileged Account Management in 2015

CONTENT OUTLINE. Background... 3 Cloud Security Instance Isolation: SecureGRC Application Security... 5

IT Security & Compliance. On Time. On Budget. On Demand.

Enforcing IT Change Management Policy

Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration Guide

Trial Guide. NetIQ Security Manager. October 2011

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Mitigating the Risks of Privilege-based Attacks in Federal Agencies

content-aware identity & access management in a virtual environment

HIGH-RISK USER MONITORING

Sustainable Compliance: How to Align Compliance, Security and Business Goals

Identity as a Service Powered by NetIQ Solution Overview Guide

LANDesk Service Desk. Outstanding IT Service Management Made Easy

Logging and Alerting for the Cloud

IBM Security QRadar Risk Manager

Boosting enterprise security with integrated log management

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Using the Message Releasing Features of MailMarshal SMTP Technical White Paper October 15, 2003

NEC Managed Security Services

Symantec Control Compliance Suite. Overview

Best Practices for PCI DSS V3.0 Network Security Compliance

RSA ARCHER OPERATIONAL RISK MANAGEMENT

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

IBM Tivoli Compliance Insight Manager

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

WHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: f:

CA Process Automation for System z 3.1

HP Service Manager software

Transcription:

Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The Risk of Traditional Approaches for Active Directory Monitoring... 4 Reducing the risk of insider attack, data loss, and unmanaged change White Paper Companies face significant challenges in controlling change in their Active Directory environments. This white paper describes the need for more effective Active Directory monitoring as part of a broader change-control process, the problems with current approaches, and how to leverage NetIQ products to assure policy compliance and operational integrity. Criteria for an Ideal Solution 5 NetIQ s Approach to Active Directory Change Management... 6 Conclusion: NetIQ Change Guardian for Active Directory - Detecting Change and Reducing Risk... 7 About NetIQ... 7 About Attachmate... 8

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright 2009 NetIQ Corporation. All rights reserved. ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveReporting, ADcheck, Aegis, AppAnalyzer, AppManager, the cube logo design, Change Administrator, Change Guardian, Compliance Suite, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowing is Everything, Knowledge Scripts, Mission Critical Software for E-Business, MP3check, NetConnect, NetIQ, the NetIQ logo, the NetIQ Partner Network design, Patch Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Risk and Compliance Center, Secure Configuration Manager, Security Administration Suite, Security Analyzer, Security Manager, Server Consolidator, VigilEnt, Vivinet, Vulnerability Manager, Work Smarter, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies. 2 White Paper

The Need to Monitor and Control Change The ability to effectively and efficiently monitor and audit Active Directory (AD) has never been more important. As organizations work to reduce the risk of data breaches and insider attack, security and operational teams are recognizing the vital importance of detecting and as much as possible, preventing unmanaged changes to Active Directory and Group Policies. This requirement is further driven by the need of the business and auditors to meet regulatory requirements and demonstrate that appropriate controls are in place to meet those regulations, policies, and standards. The problem is that IT environments are in a constant state of change, and every change represents risk: risk that external attackers may breach security controls, risk that an insider may use elevated privileges to steal sensitive data, risk that an administrator may simply make a mistake that results in a significant and negative business impact. An overworked administrator may circumvent change control policy in order to respond to a business request and accidentally cause thousands of systems to become unavailable to their users. Likewise, a malicious insider executing an attack to steal sensitive data may well begin by escalating privileges on an account to gain greater access to the target resources. Unmanaged changes are a particular cause of many system failures and security incidents. Even when properly managed, changes to Active Directory may cause system outages due to an inherent lack of visibility to dependencies within the infrastructure. Unfortunately the prevailing approach to addressing problematic changes reactively fighting fires is unacceptable. Active Directory forms the foundational underpinnings of user management and access controls; therefore, good security for Active Directory is essential to maintaining the availability, integrity and confidentiality of both critical systems and the data they house. Reducing Risk and Standardizing Controls Effective change management ensures that standardized processes for all changes are enforced. These processes should facilitate the efficient and prompt handling of all changes, yet maintain the proper balance between the need for the change and the risk that the change has a negative impact on the business. Unfortunately, change controls are often heavily manual procedures, making them ineffective and expensive. Worse, these manual processes are rarely well integrated with other change detection and management technologies, which reduces the ability of the operational and security teams to respond rapidly to changes and reduce risk to data and services. Unless a change to a significant element of organizational infrastructure such as Active Directory can be placed in the context of other events and processes, there is far less chance to identify when a privileged user is conducting an attack or an accidental change is having a negative business impact. Real-Time Security for Active Directory 3

Integrating Change Monitoring Integrated change monitoring closes the loop on the change management process and enforces control over the execution of change. Most importantly, change is controlled throughout the implementation and is verifiable, auditable, and recoverable. Good change monitoring provides documented proof that change and security controls are effective, demonstrates that only authorized and intended changes have been made to AD environments, and supports change control policy and security best practices. In addition to the need to provide secure controls around access to critical systems and data, the organization must also meet its objectives around compliance with regulations and policies, both internal and external. Good change monitoring will therefore have a direct impact on the way that Active Directory is managed and improve the ability to ultimately eliminate unmanaged change. Change monitoring processes should be able to rapidly detect when an unmanaged, or unauthorized change is taking place, and ensure that the appropriate response occurs generating an alert, escalating information to security personnel, or even initiating a process to remediate the change itself. Policy Compliance Another significant driver for monitoring changes in Active Directory is the need to demonstrate compliance with policies and standards. The mandates for Active Directory security and compliance come from many sources. Perhaps the most common sources are regulations and industry standards, such as PCI-DSS (Payment Card Industry Data Security Standard), Sarbanes-Oxley, and FISMA Accord. Indeed, external auditors routinely review their clients compliance programs as part of the financial audit. Unfortunately, many organizations do not have robust or complete information compliance policies, and those that do may struggle to implement those controls on something as dynamic as Active Directory. Documenting change control policy, and showing that such controls are in place, is essential to maintaining compliance. Thus an integrated change detection and management will provide the best approach to ensuring that compliance drivers are more easily met. The Risk of Traditional Approaches for Active Directory Monitoring Although the ability to detect when changes have occurred to Active Directory is vital to maintaining the security and integrity of assets, the methods for ensuring the security of Active Directory have, in many cases, not evolved at the same rate as the risks and threats. This represents a critical and growing organizational vulnerability. Traditional approaches to managing change within Active Directory can be traced back to the earliest days of using AD in the corporate environment; therefore, they are often inadequate when faced with the much broader, and more critical, use of AD today. 4 White Paper

Such processes are often: Highly manual Manual processes, using native tools, place an excessive burden on AD management teams. As such, these processes are difficult to scale across the enterprise, are errorprone, costly, and often come at the expense of more strategic planning and projects. Slow to detect change The inability to rapidly detect changes to AD represents a very meaningful risk to security and compliance. Even a well-intentioned administrator can make an accidental change that can result in business disruption. A motivated and skilled attacker can extensively undermine security policy through changes to AD and Group Policies. If these changes are not detected quickly, it may be too late to stop an attack before the damage is done. Not integrated with other security technologies The lack of integration between AD management, change controls, and other security technologies, such as compliance assessment and especially Security and Information Event Management (SIEM) tools, is a dangerous blind-spot in overall security monitoring. This lack of integration prevents security and AD teams from placing changes in the context of other events within the infrastructure, or having the ability to rapidly confirm that changes are indeed authorized and planned in the change management or ticketing system. Not scalable across the enterprise Processes that are manual, slow and poorly integrated may not scale well within a rapidly changing enterprise environment. As a result, AD security and the ability to manage change become less and less aligned with business and security needs. This will only be compounded as technologies such as Active Directory become integral to broad Identity and Access Management (IAM) programs. Criteria for the Ideal Solution The ideal solution for Active Directory monitoring should meet the following requirements: Reduces the workload of IT auditors and other involved personnel Any Active Directory management approach should be efficient. It should leverage automated technology when possible, and minimize the number of manual procedures. Assesses compliance with policies, regulations, standards and leading practices Compliance with applicable policies and standards (i.e., benchmarks) and other drivers (e.g., PCI- DSS, Sarbanes-Oxley, FISMA) is important in today s business. The solution should facilitate compliance by identifying exceptions from policies and standards. Leverages existing infrastructure whenever possible Organizations should not have to deploy a completely new monitoring framework just to support the necessary monitoring and auditing of Active Directory. An ideal solution would take advantage of existing systems and agents to provide monitoring, reporting and alerting of Active Directory changes. Provides an accurate assessment of security posture Active Directory audits should provide a comprehensive picture of security. They should provide a view from the inside out, so that it is clear where compliance exceptions and vulnerabilities exist. Supports real-time monitoring and continuous auditing The solution should be completely automated and work hands free. This means the solution should enable assessments to be scheduled on a recurring basis and performed during off hours, and should hold the results and data securely for subsequent reporting and analysis. Real-Time Security for Active Directory 5

Scales securely The solution should grow with the business and support the entire enterprise. This means the solution should work over large, distributed Active Directory domains with little impact on utilization and other resources. Moreover, it should communicate and store data securely, so that the solution itself does not become a potential exposure. Provides insight into different types of change It is not enough just to know that change is occurring. In order to help administrators, management and auditors, the ideal solution should help to classify and identify the types of changes occurring in the Active Directory environment so that there is an understanding of which changes and personnel are following defined processes. NetIQ s Approach to Active Directory Change Management NetIQ Change Guardian TM for Active Directory delivers real-time monitoring and alerts you of changes to your Active Directory environment, It also provides detailed audit reporting that shows changes made inside or outside of your change process, as well as the level of importance of the change. Not only does this ensure that changes to the production infrastructure are authorized, tested, and approved, but it also identifies unauthorized changes and how they impact audit metrics. This technology is well integrated with leading SIEM solutions, in order to enable rapid detection of changes to be placed in the context of activity, especially privileged-user activity, and to more easily identify insider attacks before they cause significant damage. Benefits of NetIQ Change Guardian for Active Directory NetIQ Change Guardian for Active Directory minimizes the risks associated with operational changes to Active Directory. The product provides the visibility you need to protect your Active Directory environment from dangerous security exposures and costly service disruptions by automating and simplifying Active Directory change monitoring. Improving Compliance and Security Posture for Active Directory Risk exposure from operational changes is most effectively managed with a change control effort that closely monitors changes to Active Directory. NetIQ Change Guardian for Active Directory enables IT security teams and AD administrators to perform IT security audits efficiently on the most important aspects of Active Directory and also scales to support both large and small implementations from those in a single domain to domains distributed around the world. Moreover, because monitoring occurs in a real-time continuous basis, NetIQ Change Guardian for Active Directory enables you to identify and alert on potential policy compliance issues at any time, assuring that issues can be addressed within minutes, instead of hours or days. Minimizing cost while maximizing existing infrastructure NetIQ Change Guardian for Active Directory enables you to maximize the technology you already use. Not having to deploy a new infrastructure just to monitor and alert on Active Directory changes means that your organization can realize the additional benefits of monitoring and reporting without having to learn entirely new interfaces or incur additional impacts on performance. 6 White Paper

Reinforcing change control processes through metrics Providing the ability to differentiate between managed, unmanaged, and high-profile changes in Active Directory gives organizations a unique opportunity to really see which changes are occurring within or outside of their change control process a very important metric for the auditing process. Increasing availability and reducing risk Assuring that AD administrators and other privileged personnel are making changes according to corporate policy and process through the use of smart monitoring can provide confidence to your organization that risk is being mitigated and that necessary systems and services will be available to the knowledge workers in your organization. Conclusion: NetIQ Change Guardian for Active Directory - Detecting Change and Reducing Risk As never before, IT auditors and managers, as well as Active Directory administrators, require a tool designed for both policy compliance assessments and operational integrity reporting that also provides realtime alerting on the types of changes that matter most. NetIQ Change Guardian for Active Directory automates and streamlines the AD auditing process, freeing up administrators from manually gathering historical data from log files and enabling security teams to identify and respond more effectively to potential attacks. By enabling the rapid detection and response to unmanaged changes in Active Directory, organizations will be able to most directly support and reinforce existing security controls, and directly reduce the workload on the critical Active Directory management teams the first line of defense against attacks to critical systems and sensitive data. About NetIQ NetIQ, an Attachmate business, is a leading provider of comprehensive systems and security management solutions that help enterprises maximize IT service delivery and efficiency. With more than 12,000 customers worldwide, NetIQ solutions yield measurable business value and results that dynamic organizations demand. NetIQ's best-of-breed solutions help IT organizations deliver critical business services, mitigate operational risk, and document policy compliance. The company's portfolio of awardwinning management solutions includes IT Process Automation, Systems Management, Security Management, Configuration Control, and Enterprise Administration. Real-Time Security for Active Directory 7

About Attachmate Attachmate enables IT organizations to extend mission critical services and assure they are managed, secure, and compliant. Our goal is to empower IT organizations to deliver trusted applications, manage services levels, and ensure compliance by leveraging knowledge, automation, and secured connectivity. To fulfill that goal, we offer solutions that include host connectivity, systems and security management, and PC lifecycle management. 8 White Paper

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information