Secret Server HP ArcSight Integration Guide

Similar documents
Compliance with CloudCheckr

Security Terminology Related to a SOC

Complete document security

Mapping BeyondTrust Solutions to

IBM Internet Security Systems October Market Intelligence Brief

Oracle Database Vault

HIPAA Regulatory Compliance

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Transparent Solutions for Security and Compliance with Oracle Database 11g. An Oracle White Paper September 2008

Integration with ArcSight. Guardium Version 7.0

Compliance and Privileged Password Management

CipherCloud CASB+ Connector for ServiceNow

CSN38: Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

EMC Ionix IT Compliance Analyzer Application Edition

locuz.com SOC Services

Introduction to AWS GoldBase

Security Information Event Management { IT Search } Pongsawat Payungwong CISSP,MCSE,ACSA Business Development Manager Sysware(Thailand) Co., Ltd.

QuickBooks Online Security White Paper July 2017

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Automate and simplify PCI DSS compliance using FileAudit Plus

CRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations

ALERT LOGIC LOG MANAGER & LOG REVIEW

SecureVue. SecureVue

01.0 Policy Responsibilities and Oversight

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

An Oracle White Paper June Oracle Audit Vault and Database Firewall

Demonstrating Compliance in the Financial Services Industry with Veriato

Oracle Database Vault

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

SoftLayer Security and Compliance:

Cyber Risks in the Boardroom Conference

Top 10 use cases of HP ArcSight Logger

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Putting It All Together:

Automating the Top 20 CIS Critical Security Controls

Ekran System v Program Overview

LOG MANAGEMENT & COMPLIANCE BEST PRACTICES: HEALTHCARE INDUSTRY SECTOR. By Ipswitch, Inc. Network Management Division

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR SARBANES OXLEYANDCOBIT

Staying Secure in a Cloudy World

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

VANGUARD Policy Manager TM

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Security Fundamentals for your Privileged Account Security Deployment

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

WHITEPAPER. THE INGRES DATABASE AND COMPLIANCE Ensuring your business most valuable assets are secure

SQL Server Solutions GETTING STARTED WITH. SQL Secure

Altius IT Policy Collection Compliance and Standards Matrix

HIPAA Controls. Powered by Auditor Mapping.

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

VANGUARD POLICY MANAGERTM

HIPAA Compliance and Auditing in the Public Cloud

A Pragmatic Path to Compliance. Jaffa Law

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

The Honest Advantage

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

THE TRIPWIRE NERC SOLUTION SUITE

POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Why you should adopt the NIST Cybersecurity Framework

Altius IT Policy Collection Compliance and Standards Matrix

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

CimTrak Product Brief. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Compliance 101: Basics for Security Professionals

How AlienVault ICS SIEM Supports Compliance with CFATS

Access to University Data Policy

Balancing Between Risk and Compliance

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Information Security Management in a Regulation Driven World

[DATA SYSTEM]: Privacy and Security October 2013

Safeguarding Privileged Access. Implementing ISO/IEC Security Controls with the CyberArk Solution

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

What is Penetration Testing?

Netwrix Auditor for SQL Server

UCOP ITS Systemwide CISO Office Systemwide IT Policy

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

CIS Top 20 #5. Controlled Use of Administrative Privileges

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Achieving regulatory compliance

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

A Security Admin's Survival Guide to the GDPR.

Teradata and Protegrity High-Value Protection for High-Value Data

HIPAA Compliance Checklist

INTELLIGENCE DRIVEN GRC FOR SECURITY

Security Operations & Analytics Services

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

PROTECT AND AUDIT SENSITIVE DATA

Comprehensive Database Security

Cybersecurity in Higher Ed

Security Audit What Why

Cybersecurity Auditing in an Unsecure World

Database Auditing and Forensics for Privacy Compliance: Challenges and Approaches. Bob Bradley Tizor Systems, Inc. December 2004

Transcription:

Secret Server HP ArcSight Integration Guide Table of Contents Meeting Information Security Compliance Mandates: Secret Server and ArcSight SIEM Integration... 1 The Secret Server Approach to Privileged Account Management:... 1 Risks and Benefits... 1 The Common Event Format... 2 Conclusion... 5 About Thycotic Software... 5 About Secret Server... 5 About ArcSight... 5

Page1 Meeting Information Security Compliance Mandates: Secret Server and ArcSight SIEM Integration Leveraging Secret Server event data with ArcSight SIEM solutions can give organizations deep insight into the use of privileged accounts (such as Windows local administrator, service or application accounts, UNIX root accounts, Cisco enable passwords, and more). Used together, these tools provide secure access to privileged accounts and provide greater visibility to meet compliance mandates and detect internal network threats. The Secret Server Approach to Privileged Account Management: Many environments that have strict Information Security policies also require methods to control and monitor access to privileged accounts. Enterprises often apply security policies such as physical access restrictions to hardware, network firewalls, appropriate-use guidelines, and user account restrictions. In the case of privileged accounts, access is more difficult to track and verify. Implementing privileged account management software such as Secret Server enables organizations to strictly control and track access. Enterprises that implement Secret Server gain the ability to grant or deny granular access to critical systems. When access is granted, use of that access is tracked based on a wide range of events. While alerting is a core feature within Secret Server, managing real-time events on the aggregate can be cumbersome. Leveraging ArcSight to manage these real-time events allows users to build customized risk analysis into their privileged account management policies. Mitigating internal privilege account threats helps organizations meet compliance requirements like Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security Management Act (FISMA). Risks and Benefits Unmanaged privileged accounts often enjoy unchecked access across a wide array of systems, networks, and databases. Unmitigated top-level access, in the wrong hands, can be devastating to an organization. The potential for liability is not limited to internal data and productivity loss, but can include criminal and civil penalties for unauthorized disclosure of private or regulated information i. Implementing an enterprise-level privileged account management system (Secret Server) with a realtime event management system (ArcSight) allows organizations to mitigate risk. Critical systems can only be accessed by pre-defined users. IT Security Auditors are able to track access based on the needs Copyright 2012 Thycotic Software Ltd. Page 1 Revised: September 24, 2012

Page2 of the enterprise. Figure 1 depicts the general workflow around the relationship between these two technologies. Secret Server and ArcSight solution for privileged account monitoring and compliance. Thycotic Software Secret Server HP ArcSight SIEM Reporting Solution Access Privileged User Accounts Real-time Log File Data Activity Drill-down IT Security Auditor Reporting Customized Alerting Security Threat Prevention Figure 1: Privileged Users login to Secret Server. Usage of Secret Server is logged on many different data points. IT Security Auditors can build custom reports tracking not only usage habits but to also help enforce compliance requirements. Secret Server supports event tracking through the export of Common Event Format (CEF) data to ArcSight. ArcSight processes these events as they are received. Based on rules defined by organizations, a number of actions can be taken. These actions include alerting, security threat identification, and detailed activity drill-down options. These options allow enterprises to react quickly to potential threats. The Common Event Format The Common Event Format is a predefined format for sending events from a system for analysis on another system. Secret Server relays events related to privileged account access to ArcSight through the Common Event Format. ArcSight has multiple solutions for managing the forensic analysis of CEF data: ArcSight ESM and ArcSight Logger are two popular products capable of real-time event management. ArcSight has certified Secret Server for use with their Common Event Format analysis tool. As Secret Server develops new features and product enhancements, the application will be recertified by ArcSight to verify maximum compatibility and performance. Secret Server currently supports 44 different event types in CEF logging. In Figure 2, the ArcSight Web User Interface is displaying Secret Server Event examples. Copyright 2012 Thycotic Software Ltd. Page 2 Revised: September 24, 2012

Page3 Figure 2 Several examples of events and how they can be used to minimize risk are: [UNLIMITEDADMINISTRATOR ENABLE] Unlimited Administrator mode is an emergency-only feature that allows Secret Server Administrators to gain access to all Secret Server data in the case of a disaster recovery scenario. Enabling this feature will send this event to ArcSight and any unexpected events can be dealt with immediately. [SECRETTEMPLATE EDIT] Secret Templates are important because they control the rules for data saved in Secret Server. If a Secret Template has been modified without the knowledge of the organization, it could cause a variety of issues. For example, editing a template in Secret Server may mean that your organization s password policy is no longer meeting compliance requirements. Including this event in your ArcSight logs enables IT Security Auditors to know about unscheduled changes that can affect security/compliance policies. Copyright 2012 Thycotic Software Ltd. Page 3 Revised: September 24, 2012

Page4 An example of how events can be used together to indicate potential compliance issues: [USER ADDEDTOGROUP] used with [ROLE ASSIGNUSERORGROUP] This could be an issue where a user is added to a group and then the role permissions for that group are changed. In isolation, each event may seem harmless, but viewed together they could represent an issue. However, if ArcSight were logging and alerting these events, an IT Security Auditor would be made aware of a permissions change and could then investigate. Copyright 2012 Thycotic Software Ltd. Page 4 Revised: September 24, 2012

Page5 Conclusion Organizations that need to meet strict compliance requirements can implement privileged account management and real-time event analysis using Secret Server and ArcSight. Integrating these two products allows enterprises to both manage their privileged accounts and correlate and reduce security threats within a network. About Thycotic Software Thycotic Software, Ltd., a Washington DC-based company, is committed to providing password and AD group management solutions to IT administrators worldwide. With over 30,000 IT professionals using our IAM tools, Thycotic helps securely manage all credentials critical to an organization s operations. About Secret Server Secret Server is an enterprise password management tool that is used to store, distribute, monitor, and update privileged/shared account passwords in a central, web-based location. For more information, visit http://www.thycotic.com/products_secretserver_overview.html. About ArcSight ArcSight, an HP company, is a leading global provider of cyber-security and compliance solutions that protect organizations from enterprise threats and risks. Based on the market-leading SIEM offering, the ArcSight Enterprise Threat and Risk Management (ETRM) platform enables businesses and government agencies to proactively safeguard digital assets; comply with corporate and regulatory policy; and control the internal and external risks associated with cyber-theft, cyber-fraud, cyber-warfare and cyberespionage. For more information, visit http://www.hpenterprisesecurity.com/products/hp-arcsightsecurity-intelligence/. Note: Terminology used in this document is based on the SANS Glossary of Security Terms available at http://www.sans.org/security-resources/glossary-of-terms/ i Imation Compliance Heat Map http://www.databreaches.net/?p=25159 Copyright 2012 Thycotic Software Ltd. Page 5 Revised: September 24, 2012

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback