How to Survive an IT Audit and Thrive Off It! Presenter: Adam Stetson Presales Engineer Adam.Stetson@netwrix.com 1.201.490.8840 x2907
Agenda Compliance Overview Continuous Compliance Control Processes Product Demonstration Briefly about Netwrix Questions and Answers
Compliance Overview Best Practices, Standards and Regulations ISO 27001, COBIT, NIST PCI, HIPAA, SOX, FISMA, FFIEC/GLBA Commonalities Availability, Integrity, Accountability, Data Retention Policies, Implementation, Validation, Reporting Perform reviews of your policies Periodic reviews should be planned and executed Processes for policies and procedures improvement should be established
Audit Failures Real-Life Examples Compliance Investigations 2010 NY and Presbyterian Hospital and Columbia University. $4.8 million 2009 WellPoint Inc. $1.7 million Compromised Security 2014 Home Depot 56 million customer cards compromised (largest retail breach on record) Dairy Queen 395 locations Jimmy John s 216 locations JPMorgan Chase 76 million households, 8 million small businesses exposed 2013 Target. $3.6 12 billion (estimated) 2011 Maricopa County $17 million Business Continuity Disruptions A Global Oil Company Someone mistakenly deleted 2000 user accounts because of a mistake in a script. Monday morning, people couldn t logon Large Recycling Company GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to access particular applications/resources
Ways to Approach Compliance One-Time Effort Compliance as an Event Regime Establishment Compliance as a Continuous Process
Continuous Compliance is the Way Initial effort for establishing a continuous compliance regime can be cumbersome: Extensive planning and development of internal policies, Assignment of roles and responsibilities, Implementation of controls and mechanisms for feedback and improvement. Once continuous compliance is established, it brings many benefits, including: Increased efficiency of operations, No high risk periods, Continuous improvement, Lower total cost (over the years).
Security & Compliance
Control Processes Change management Process for controlling the lifecycle of all changes, ensuring that no unauthorized changes appear in information systems Access control Process for establishing selective restrictions of access to information systems and data Account management Issuing, removing, maintaining, and configuring information systems accounts and related privileges Credentials management Management of credential information such as user names and passwords Privileged users management Management of privileged accounts, including their provisioning and life cycle management, authentication, authorization, credentials management, auditing, and access control
Control Processes (continued) Integrity monitoring Process for performing validation of data and configurations integrity by comparing between the current state and the known, good baseline Configuration management Interrelated processes and management techniques for evaluating, coordinating, and controlling changes to and configurations states of the information systems Data governance Management of the availability, usability, integrity, and security of the data employed in an organization Audit trial Collection, consolidation, retention, and processing of the audit data
About Netwrix Auditor Netwrix Auditor A visibility and governance platform that enables control over changes, configurations, and access in hybrid cloud IT environments by providing security analytics to detect anomalies in user behavior and investigate threat pattern before a data breach occurs.
Netwrix Auditor Conceptual Model Схема будет в понедельник!
Compliance and Netwrix Auditor Regulation How Netwrix helps Processes and Report Categories Netwrix Report HIPAA 164.308 (a)(6)(ii) Response and reporting. Netwrix Auditor provides complete audit trail of activities leading to the incident and helps with root cause analysis afterwards. AUDIT TRAIL Active Directory: - All Active Directory Changes Exchange Server: - All Exchange Server Changes and more PCI 10.1 Implement audit trails to link all access to system components to each individual user. Utilize Netwrix Auditor s fully featured auditing and reporting of all user activities including access to sensitive files, across the entire IT infrastructure and recording of who changed what, when, and where. ACCESS CONTROL Systems Access Data Access User Activity AUDIT TRAIL User Activity Active Directory: - User Accounts Last Logon Time File Servers: - File Server Changes by User and more SOX DS5.4: User Account Management Audit all changes to user accounts, elevation of privileges, regular and privileged users activities. ACCOUNT MANAGEMENT Accounts States Account Changes Policies Changes Policies States Group Policy: - Account Policy Changes - User Configuration Changes and more
Netwrix Auditor Demonstration
Netwrix Auditor Applications Active Directory Exchange Office 365 Windows File Servers EMC NetApp Windows Server VMware SQL Server SharePoint
Netwrix Auditor Applications Scope Active Directory Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; logon auditing; AD change rollback; inactive user tracking and password expiration alerting NetApp Changes to files, folders, shares and permissions; successful and failed access attempts; data usage and data ownership Exchange Changes to Exchange server configuration, Exchange databases, mailboxes, mailbox delegation, permissions; non-owner mailbox access auditing Windows Server Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording Office 365 Exchange Online administrative changes; changes to mailboxes, mail users, groups, permissions, policies, and management roles; non-owner mailbox access auditing VMware Changes made to vcenter and its servers, folders, clusters, resource pools and hardware configurations of virtual machines Windows File Servers Changes to files, folders, shares and permissions; successful and failed access attempts; file analysis reporting; state-in-time information on configurations SQL Server Changes to SQL Server objects and permissions, server instances, roles, databases, tables, stored procedures, etc. Changes to files, folders, shares and permissions; successful and failed data access attempts; data usage and data ownership Changes to farm configuration, user content and security; permissions; group membership and security policies; read access auditing EMC SharePoint
Related Resources: Free Guide: PCI, SOX, HIPAA, FISMA, ISO/IEC 27001 with Netwrix Auditor netwrix.com/compliance Whitepaper: General Principles of IT Compliance and Continuous Compliance with Netwrix start.netwrix.com/white_paper_compliance_demystified.html Upcoming & Recorded Webinars: netwrix.com/webinars netwrix.com/webinars#featured
About Netwrix Corporation Year of foundation: 2006 Headquarters location: Irvine, California Global customer base: 6000 Customer support: global 24/5 support with 97% customer satisfaction Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Pro and others
Netwrix Customers Financial Healthcare & Pharmaceutical Federal, State, Local, Government GA Industrial/Technology/Other
Award winning products All awards: www.netwrix.com/awards
Next Steps Free Trial: setup in your own test environment netwrix.com/freetrial Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live One-to-One Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales
Thank You!