Automating Security and Compliance Management to Improve ROI
1. Improve ROI on Security and Compliance Management June 7, 2010
2. How Much It Cost To Be Secure? First Level Third Level Second Level *Calculated on 2080 Hours/Year Deeper it goes, longer is the Exposure and the associated Risk Cost Standard IT Security Model Resource Type Ownership % Hourly Cases Hourly Cost* Help Desk & Service Desk Low Skill Resources High Turnaround 68% 4 22$ IT Professionals Platform Specific In-House Personnel 26% 1,5 44$ Security Officers Technology Specific Mostly External 6% 0,13 112$
3.
4. Goal of IT Management Become an Efficient Business Enabler Operational Efficiency Business Enablement Goal: Cost Effective with Optimized Service Delivery Sub-Optimal: Cost-Centric and Tactical with Marginal Services Current State: Expensive and Tactical with Limited Perceived Value Sub-Optimal: Aligned To Business Goals But Expensive Efficient Business Enabler A Low Cost Provider C Expensive Business Enabler B Low Value Provider D
5. Management’s Dilemma Operational Efficiency vs. Business Enablement Significant up-front investments and the need for profound changes jeopardize or delay expected cost reductions . Off-shoring and outsourcing, combined with little investment in processes, often forsake agility and business enablement . “ The Cost Cutter” “ The Framework Adopter” Operational Efficiency Business Enablement Operational Efficiency Business Enablement
6.
7.
8. Control and Audit Configuration Primary Goal: Protect systems, applications and data in accordance with their business value and satisfy compliance mandates NetIQ Delivers Real-time event correlation reduces alert volumes while highlighting critical events, improving incident management while reducing costs. TRACE™ technology delivers log management, protects the chain of custody, and provides trend analysis and forensics to meet evolving mandates. Powerful auditing of user activity and access controls helps meet compliance mandates and address both inside and outside threats. Effective detection at both the host and network level provides better protection of corporate data and demonstrable oversight of change controls. What's Needed Event Correlation and Analysis Log Management and Forensics Access Control and User Monitoring Change and Threat Detection Challenges What's Needed 1. Security events and alerts often overwhelm security staff, inhibiting effective security incident management. Event Correlation and Analysis 2. Evolving mandates require more than simple log consolidation, to encompass integrity of data, chain of custody, and forensic reporting. Log Management and Forensics 3. Effective protection of corporate data is dependent on user activity monitoring, which is often inhibited by native capabilities. Access Control and User Monitoring 4. Intrusion detection and log monitoring are insufficient to meet the evolving mandates for data protection and change control. Change and Threat Detection
9. Monitor and Manage User Activity Primary Goal: Maintain the infrastructure, applications, user accounts, and security per business requirements NetIQ Delivers A prevention-oriented, proxy-based administration solution delivers higher availability than that of system-wide backup and restoration. Non-hierarchical, rules-based delegation simplifies safely granting privileges to users. Automated tasks triggered by events streamline routine administrative tasks, saving time and improving service. Automation and repeatability, along with Active Directory and Unix users optimization, assures business availability and satisfied end users. What's Needed Prevention and Recovery Delegated Administration Administrator Task Automation Migration and Optimization Challenges What's Needed 1. Administrative errors and malicious acts threaten the integrity and reliability of systems and services. Prevention and Recovery 2. Native tools make it impractical to enable non-administrators to make routine or low-risk changes. Delegated Administration 3. Manual, routine tasks often consume valuable skilled resources. Administrator Task Automation 4. Diversity, complexity and emerging technologies increase the time to deploy and operate systems management tools. Migration and Optimization
11. All of Those Through Automation Workflow Automation Engine NetIQ Products Message Bus, Resource Model, CMDB 3 rd Party Best-of-Breed products Run Books (Event Correlation, Fault Recovery, Routine Server Restarts, etc. ) Processes (ITIL Incident Management, Change Management, DR testing, etc.) Correlation Engine AM SM/CG SCM DRA SCOM HPOM Remedy Smarts Adapters Bi-directional data collection and control Activity Libraries Workflow building blocks that control other tools Process Templates Provides built-in knowledge Presentation Layer Consoles tailored to specific users Independent Engines Allow data processing scalability Resource Mgmt DB Normalizes data from diverse tools Ops Console Config Console Reports … …