Upload
warren-pittard
View
228
Download
4
Tags:
Embed Size (px)
Citation preview
Enterprise Reporter 2.0 Customer Presentation
Market Landscape
5 IT Governance, Risk and Compliance (GRC) Mistakes Organizations Make 1. Lack of visibility into who has access to what in Windows
environments
2. Underestimating user & organizational impact
3. Inconsistent or absence of a GRC strategy
4. Inadequate data protection
5. Failure to plan and manage external & internal audits
GRC Technical Challenges
• Not understanding rights and permissions can result in compromised security or this information may be needed for audit purposes to prove you can provide it when asked
• No process automation for periodically reviewing users and their privileges does not let IT focus on core business priorities
• Information that is out of date can be inaccurate and result in non-compliance to regulations without being aware of it
• Manually checking for changes in rights could result in missed changes which could spell a security violation
• Other individuals in the organization may have their own preference on the set and format of the reports
Consequences of Not Having a Proactive GRC Solution• Failure stay in front of external regulations such as PCI DSS
• Lack of adherence to internal policies and standards
• Security breaches (internal and external offenders)
• Leaks of sensitive data (accidental and maliciously motivated)
• A failed IT audit
• System downtime
Dell Solutions
We provide organizations visibility
We simplify audits and streamline operations
We reduce risk with proactive controls
We deliver superior results more quickly
7
Dell GRC Lifecycle Dell provides organizations with
four core capabilities that are common between compliance and operational needs. The core capabilities are assess, audit/alert remediate and manage.
Software
8 Confidential Software
Dell IT Governance, Risk and Compliance
• Determine configuration settings
• Set baselines
• Automate reporting
• Track key performance and security indicators
• Track and report on access
• Enable real-time alerts
• Administer access rights and permissions
• Implement best-practice compliance reporting
• Retain and retrieve data
• Implement preventative controls
• Rectify deviations and security breaches
• Restore data
9 Confidential Software
Enterprise Reporter
• Determine current system configuration and settings for AD, Exchange, SQL Server and file systems
• Set baselines for visibility of user activity and for compliance with internal policies
and external regulations
• Automate operational reporting with anytime, anywhere access
• Track key performance and security indicators
• Track and report on access
• Enable real-time alerts
• Administer access rights and permissions with Security Explorerbased on Enterprise Reporter data
• Implement best-practice compliance reporting
• Implement preventative controls
• Rectify deviations and security breaches
• Restore data
10 Confidential Software
Enterprise Reporter
What is Enterprise ReporterEnterprise Reporter enables administrators, security officers and helpdesk staff to collect, store, and report on the data they need, whether for security assessments, Active Directory pre and post migration analysis or configuration change history auditing.
Why Enterprise Reporter
Configuration Visibility
How do I stay compliant with security best
practices and compliance regulations?
What software is installed on my servers?
What local users and groups are present on servers?
How are my servers configured
?
What logins exist in my SQL server database?
Security Assessment
How do I tighten up security and pass the
audit?
Who has administrative access to Windows
servers and workstations?
Where users have
permissions to shares,
folders and files on file servers and
network filers?
Who has Access to
What?
Who has delegated rights in Active
Directory?
Pre-migration Analysis
How do I ensure a smooth migration
project?
How many domains, users and groups are
there?
What accounts can be excluded
from migration?
What needs to
be migrated?
What possible
conflicts can happen during
migration?
Visibility into the security and configuration of environments• Gain visibility into configuration of critical
IT assets:– Active Directory domains– SQL Servers– Windows File Servers– NAS devices
• Leverage pre-built reports for security best practices, internal polices and external regulations
Minimize unplanned disruptions with change history reports • Capture how configuration
changes over time for:– Group membership– Active Directory domains– Computers– NTFS files, folders or shares– Registry keys or values– SQL servers or databases
• Minimize risk of business disruptions due to unnoticed and unwanted changes with in-depth historical analysis
Tighten security with real-time access assessments
• Reduce risk of internal and external data breaches by determining who has access to what files, folders and shares
• Detect security violations such as identifying users with inappropriate access
• Provide access on a need to know basis
• Ensure successful IT audits and meet compliance requirements
Pre-migration and post-migration analysis companion
• Inventory Windows environments
• Identify unused assets for cleanup
• Determine the impact of consolidation and restructuring
• Find the best way to stage the migration project
• Verify migration is completed as planned
Achieve enterprise readiness with automated, scalable data collection• Scale to environments of any
size and geographic distribution
• Schedule collections during off-peak hours
• Satisfy reporting needs of multiple departments
Decrease workload with automated report generation
• Automate report generation and delivery for multiple consumers
• Honor departmental and business boundaries by letting auditors, help desk and IT managers get exactly the reports they asked for
• Control the status of data collection and report delivery from the screen of your mobile phone
Meet unique reporting needs with customizable reports• Enable effective data
analysis
• Multiple formats ( PDF, HTML, MHT, RTF, XLS, XLSX, CSV, text and images) with advanced filtering options
Unified reporting interface across Dell GRC solutions
• Consolidate and view data from multiple data sets and platforms into one single pane of glass for reporting at no additional cost
• Reduce training and infrastructure costs for multiple interfaces
• Save time with predefined security and compliance reports
• Simplifies decision making with dashboard reporting
• Provides end users control over what and how they want to receive reports without IT administrator intervention
Case Study
Snapshot• Large enterprise hospitality company
Challenge Needed to find a way to raise visibility into user permissions and configuration changes in order to comply with:
• SOX • PCI-DSS• Company policy
Results • Provides daily, weekly and monthly
reports to stakeholders
• Is able to automatically report on and understand what is happening in Active Directory and Windows Servers
• Reduced workload by 50-75%
• Met compliance requirements
• Strengthened internal security controls
• Provided managers with evidence of IT controls
Software
Enterprise Reporter for Active Directory
Discover, report and audit AD across the enterprise
• Answer tough questions such as:– Who can do what in my Active Directory?– What users, groups and computers exist
in Active Directory?– What user accounts can be safely deleted
before migrating to a new domain?– How does group membership change over
time for domain, local and global groups?
Enterprise Reporter for Active Directory features
• Pre-migration assessment– Ensure a smooth domain migration or consolidation project by pinpointing user and
group dependencies, matching conflicts and unused accounts before the migration starts.
• Delegated rights reporting– Ensure appropriate Active Directory delegation by reporting on who has access to
Active Directory domains and OUs, users, groups and computers.
• Change review– Capture historical configuration information on users, groups, organizational units
and permissions, and view detailed change history reports. Gain in-depth insight for historical analysis and compliance reporting.
Enterprise Reporter for Windows Servers
Windows Servers and NAS discovery, reporting and auditing across the enterprise• Provide answers to questions often
asked by IT auditors and management such as:
– Where this user or group has access to critical unstructured data?
– Who has administrative access to Windows servers and workstations?
– How are servers configured – including general computer information, network settings, services running, installed programs and custom Registry keys?
– How does the configuration of servers change over time?
Enterprise Reporter for Windows Servers Features
• Access assessment– Rapidly find out in real time where selected users and groups have permissions
across the entire Windows file server and NAS environment. Windows file server access reporting enables tightened security and ensures access is provided on a business-need-to-know basis.
• Local policy assessment– Make sure local security configuration is aligned with domain-wide policies. Check
local security policies, membership of local administrative groups and other security configuration stored in Registry keys.
• Permission reporting– Collect and report on permissions of shares, files and folders, printers, Registry keys
and services for comprehensive Windows Server permission reporting. Identify access control entries (ACEs) explicitly set on files in a folder hierarchy of a specified depth.
Enterprise Reporter for SQL Server
Enhance database security with SQL Server discovery, reporting and change history auditing• Have answers on hand to
compliance and security questions such as:
– What roles and logins are set across all SQL databases?
– Who has administrative access to each SQL server?
– How does the configuration of each SQL server change over time?
Enterprise Reporter for SQL Server Features
• Permission reporting– Collect and report on permissions to SQL databases, users, roles and logins for
comprehensive SQL Server permission reporting.
• Change history review– Capture historical configuration information on database objects and view detailed
change history reports. Gain in-depth insight for historical analysis and compliance reporting.
To learn more about Enterprise Reporter
http://software.dell.com/Enterprise-Reporter