2. Agenda
1. ID Theft
• Introduction
• Types
• Techniques
• Causes
2. Compliance
3. Approach
• Service
• Features
• IT Integration
4. Q & A
11/05/2012 Security Meeting May 2012 2
3. ID Theft
Definition (Wikipedia):
Identity theft is a form of stealing someone's identity
in which someone pretends to be someone else by
assuming that person's identity, typically in order to
access resources or obtain … other benefits in that
person's name.
AKA: Impersonating - meaning the person whose
identity has been assumed by the identity thief.
11/05/2012 Security Meeting May 2012 3
4. Some Types
• Finantial
• Governamental
• Social Network
• Child
• Smart Phone
11/05/2012 Security Meeting May 2012 4
5. Some Techniques
• Stealling
o IT Equipment
o Credit Cards
o (…)
• Impersonating
• Brute force attack weak passwords
• Explore security breaches (browser flaws,
malware, spyware) to steal information from
computer
11/05/2012 Security Meeting May 2012 5
6. Some Techniques (I)
• Hacking systems (servers, networks, databases,
firewalls)
• Improper privileges to company's employees,
resulting in unauthorized access to sensitive data
from these privileged users (internal
unauthorized access)
• (…)
11/05/2012 Security Meeting May 2012 6
7. Some Causes
Organizations:
• Don’t have an adequate security policy
• Fail to preserve computer security
• Fail to ensure network security (Firewall
Management)
• Fail do identify risks (Risk Management)
• Relaxed access control policy
• (…)
11/05/2012 Security Meeting May 2012 7
9. Compliance
• Help protect business from risk
• Increase IT Security
• Used as benchmark to protect information
• Automating compliance decrease audit time and
stress
o Keep configurations up- to-date (monitoring)
o Detects undesirable changes
• (…)
11/05/2012 Security Meeting May 2012 9
11. Approach
Traditional
• Vendor solution
• Go in, implement, customize & go out
• Assistance & support
Service
• Configuration control
• Compliance policy management
• Change auditing
• Real-time analysis of changes
• Remediation, Reconciliation
• Reporting
11/05/2012 Security Meeting May 2012 11
13. Approach
Features
• Provides compliance policies do manage user
Ids
o e.g. password strength and complexity
checks
• Proactive monitor IT security infrastructure
(firewalls).
11/05/2012 Security Meeting May 2012 13
15. Approach
• Continuous compliance
o File integrity monitoring by detecting any
change to a file or system setting.
o Automating the repair of configurations
that intentionally or accidentally fall from
secure and compliant states
• Generate an audit trail that logs the state of
physical and virtual infrastructure, along with
any actions taken to remediate out-of-
compliance infrastructure.
11/05/2012 Security Meeting May 2012 15
16. Approach
IT Infrastructure Integration
• Supports a variety of IT Technology
• OS with agent (HPUX, Solaris, RHEL, Windows)
• Direct monitor Databases
o Microsoft SQL Server
o Oracle Database Server
o Sybase Database Server
o DB2 Database Server
o (…)
11/05/2012 Security Meeting May 2012 16
17. Approach
• Direct monitor Directory Servers (Microsoft,
Novell, Sun, Generic LDAP…)
• Network devices (Cisco, F5 BigIP, HP Procurve,
Juniper, Nortel, …)
• Supports others devices not listed (Agent less
mode - with ssh)
11/05/2012 Security Meeting May 2012 17
18. How we do it
11/05/2012 Security Meeting May 2012 18
19. How we do it
11/05/2012 Security Meeting May 2012 19