Presenter: Nick Cavalancia Auditing Evangelist 3 Ways Auditing Needs to be a Part of Your Security...
-
Upload
myra-felicia-charles -
Category
Documents
-
view
215 -
download
0
Transcript of Presenter: Nick Cavalancia Auditing Evangelist 3 Ways Auditing Needs to be a Part of Your Security...
Presenter:
Nick CavalanciaAuditing Evangelist
3 Ways Auditing Needs to be a Part of Your Security Strategy
Brought to You by
Agenda
GA
Security Breaches and Data Leaks in the News & Reality
Where Does Auditing Fit?
Why is Auditing Necessary?
Goals Auditing Helps With
Can Auditing Complement Threat Defense Mechanisms?
A 10K Foot View of a Simple Security Strategy
IT Systems Critical for Auditing
Netwrix Auditor
Conclusion
Questions & Answers
Security Breaches and Data Leaks in the News
What Typically Hits the Headlines?
General public impacted
Large numbers
High profile companies / state sponsored
attacks
Malware to Steal Specific Data
Target breach, 2013
The Home Depot breach, 2014
Sophisticated Targeted Attacks
JP Morgan Chase breach, 2014
“Stuxnet” worm targeting specific
organizations
Uncovered Vulnerabilities that may be Exploited by Hackers
Heartbleed
Shellshock
Security Breaches and Data Leaks in Reality
PwC “Information Security Breaches” Survey, 2014:
81% of large and 60% of small firms had a security breach
63% of large organizations had staff related incidents
55% of large organizations suffered from outsider attacks
Verizon “Data Breach Investigations” Report, 2014:
88% of insider incidents were due to privilege misuse
22% of organizations detected insider misuse within weeks, 11% within months
Thycotic “Black Hat” Hacker Survey, 2014:
Primary attack targets: Contractors (40%) and IT admins (30%)
99% of hackers believe simple hacking tactics are still effective
Where Does Auditing Fit?
For many, auditing is an afterthought
For many, auditing is merely a “once-a-year” part of an overall security strategy
Just documenting changes is not enough
Checking security state at a single point in time doesn’t provide the visibility
So Why is Auditing Necessary?
IT changes happen…o Undocumentedo Unloggedo Unapproved…
57%Make changeswithoutdocumenting
46%Make changesthat
impactsecurity
52%Make changesthatimpactavailability
62%Have no ability to
auditchanges
42%Make changesacross
multiplesystems
Goals Auditing Helps With
Security Enhancement
Achieving Regulatory Compliance and Passing
Audits
Achieving Operational Efficiency
1. Assess2. Assign3. Audit
A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy
1. Assess2. Assign3. Audit
A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy
1. Assess2. Assign3. Audit
A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy
A 10,000 Foot View: 3 High-Level StepsHow Auditing Can Solidify Your Security Strategy
1. Assess2. Assign3. Audit
IT Systems Critical for Auditing
Active Directory
SharePoint
SQL Server
VMware
Windows Server
File Servers
Exchange
IT-Auditing
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: 6000 Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Pro and others
Customer support: global 24/5 support with 97% customer satisfaction
Netwrix Locations
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: 6000
Corporate Headquarters:300 Spectrum Center Drive #1100 Irvine, CA 92618888-638-9749www.netwrix.com
About Netwrix Auditor
Netwrix Auditor
enables #completevisibility into both security configuration
and data access within the IT infrastructure
by providing actionable audit data about who changed what, when and where
and who has access to what
Netwrix Auditor Benefits
Eliminates blind spots and makes it easy to identify
changes that violate corporate security policies
thus helping detect suspicious user activity and
prevent breaches.
Provides actionable audit data required to prove that
the organization’s IT compliance program
adheres to PCI DSS, HIPAA, SOX, FISMA/NIST800-53,
COBIT, ISO/IEC 27001 and other audits.
Relieves IT departments of manual crawling through disparate array of event
logs to get the information about who changed what, when and where and who
has access to what.
Strengthens Security Streamlines Compliance Optimizes Operations
Netwrix Auditor Applications Scope
Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; AD change rollback; inactive user tracking and password expiration alerting
Changes to Windows-based file servers, EMC Storage and NetApp Filers; State-in-Time information on configurations.
SharePoint farm configuration changes, security and content changes
Exchange changes and non-owner mailbox access auditing
SQL configuration and database content changes
Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording
VMware vSphere changes
Netwrix Auditor for Active Directory
Netwrix Auditor for Exchange
Netwrix Auditor for File Servers
Netwrix Auditor for SharePoint
Netwrix Auditor for SQL Server
Netwrix Auditor for VMware
Netwrix Auditor for Windows Server
Netwrix Auditor Conceptual Model
Conclusion
Companies make undocumented changes on a daily basis.
Changes coming from outsiders is not mythic either.
Security is never a static thing but is a multi-faceted
process.
Change Auditing should be a part of your holistic security
strategy and an ongoing exercise mirroring the dynamic
nature of your environment.
Presenter:
Nick CavalanciaAuditing Evangelist
Thank you for your attention!
Questions?
Brought to You by