How to Survive an IT Audit… and Thrive Off It!

Presenter:

Adam StetsonPresales EngineerAdam.Stetson@netwrix.com1.201.490.8840 x2907

How to Ask Questions

Type your question here

Click “Send”

Agenda

Compliance overview

Continuous compliance

Control processes

Demonstration

Briefly about Netwrix

Questions and Answers

Compliance Overview

Best Practices, Standards and Regulations

ISO 27001, COBIT, NIST

PCI, HIPAA, SOX, FISMA, FFIEC/GLBA

GDPR

Commonalities

Availability, Integrity, Accountability

Policies, Implementation, Validation, Reporting

Perform reviews of your policies

Periodic reviews should be planned and executed

Processes for policies and procedures improvement should be established

Visibility Failures Real-Life Examples

Compliance Investigations2015 – Anthem Inc. — 78,8 million entries

2014 – NY and Presbyterian Hospital — $4.8 million fine

Compromised Security 2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database

2015 – Office of Personnel Management — 21,5 Million records

2014 – Home Depot 56 million customer cards compromised (largest retail breach on record)

– Dairy Queen 395 locations

– Jimmy John’s 216 locations

– JPMorgan Chase 76 million households, 8 million small businesses exposed

2013 – Target. $3.6 – 12 billion (estimated)

Business Continuity DisruptionsA Global Oil Company

Someone mistakenly deleted 2000 user accounts because of a mistake in a script. Monday morning, people couldn’t logon

Large Recycling Company

GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to access particular applications/resources

Ways to Approach Compliance

One-Time Effort

Compliance as an Event

Regime Establishment

Compliance as a Continuous Process

Continuous Compliance is the Way

Initial effort for establishing a continuous compliance regime can be

cumbersome:

Extensive planning and development of internal policies,

Assignment of roles and responsibilities,

Implementation of controls and mechanisms for feedback and improvement.

Once continuous compliance is established, it brings many benefits, including:

Increased efficiency of operations

No high risk periods

Continuous improvement

Lower total cost (over the years)

Change managementProcess for controlling the lifecycle of all changes, ensuring that no unauthorized changes appear in information systems

Access controlProcess for establishing selective restrictions of access to information systems and data

Account managementIssuing, removing, maintaining, and configuring information systems’ accounts and related privileges

Credentials managementManagement of credential information such as user names and passwords

Privileged users managementManagement of privileged accounts, including their provisioning and life cycle management, authentication, authorization, credentials management, auditing, and access control

Control Processes

Integrity monitoringProcess for performing validation of data and configurations integrity by comparing between the current state and the known, good baseline

Configuration managementInterrelated processes and management techniques for evaluating, coordinating, and controlling changes to and configurations states of the information systems

Data governanceManagement of the availability, usability, integrity, and security of the data employed in an organization

Audit trialCollection, consolidation, retention, and processing of the audit data

Control Processes (continued)

Demonstration

Netwrix Auditor

About Netwrix Auditor

Netwrix Auditor

A visibility platform for user behavior analysis and risk mitigation

that enables control over changes, configurations, and access in hybrid IT environments. It

provides security analytics to detect anomalies in user behavior and investigate threat

patterns before a data breach occurs.

Netwrix Auditor Applications

Netwrix Auditor for Active Directory

Netwrix Auditor for Windows File Servers

Netwrix Auditor for Oracle Database

Netwrix Auditor for Azure AD

Netwrix Auditor for EMC

Netwrix Auditor for SQL Server

Netwrix Auditor for Exchange

Netwrix Auditor for NetApp

Netwrix Auditor for Windows Server

Netwrix Auditor for Office 365

Netwrix Auditor for SharePoint

Netwrix Auditor for VMware

Netwrix Auditor Conceptual Model

About Netwrix Corporation

Year of foundation: 2006

Headquarters location: Irvine, California

Global customer base: over 8,000

Recognition: Among the fastest growing

software companies in the US with 105

industry awards from Redmond

Magazine, SC Magazine, WindowsIT Pro

and others

Customer support: global 24/5 support

with 97% customer satisfaction

Netwrix Locations

Corporate Headquarters:

300 Spectrum Center Drive #200

Irvine, CA 92618

888-638-9749

www.netwrix.com

Netwrix Customers

GA

Financial

Healthcare & Pharmaceutical

Federal, State, Local, Government

Industrial/Technology/Other

Industry Awards and Recognition

All awards: www.netwrix.com/awards

Free Trial: setup in your own test environment:

On-premises: netwrix.com/freetrial

Virtual: netwrix.com/go/appliance

Cloud: netwrix.com/go/cloud

Test Drive: run a virtual POС in a Netwrix-hosted test lab

netwrix.com/testdrive

Live Demo: product tour with Netwrix expert netwrix.com/livedemo

Contact Sales to obtain more information netwrix.com/contactsales

Webinars: join our upcoming webinars and watch the recorded sessions

• netwrix.com/webinars

• netwrix.com/webinars#featured

Next Steps

Thank You!