Implementing and Proving Compliance Tactics with Novell Compliance Management Platform Identity Tracking Solution

Implementing and Proving Compliance Tactics with Novell® Compliance Management Platform Identity Tracking Solution

Adam LoughranPrincipal, Compliance ManagementNovell Inc./[email protected]

Stuart ProffittTSS Principal - IdentityNovell Inc./[email protected]

Arlene MordenoTechnology Specialist,Novell Inc./[email protected]

© Novell, Inc. All rights reserved.2

Agenda

• Novell® Compliance Management Platform• Novell Identity Tracking Solution• Suggested Environment• Installation• Data Acquisition• Event Samples• Correlation Rules• Reports


Solutions

Compliance Management PlatformIndustry Leading Modular Product Offerings

Tightly integrated compliance and governance solutions

Novell®

Access Manager

Novell®

Identity Manager

Novell® Sentinel™


Novell® Compliance Management Platform

• User Provisioning• User Password Self

Service• Manage User Access to

Web Applications• SSL VPN to Private Cloud• Identity Federation• Web Single Sign-on• Real-time Monitoring• Security Remediation


Novell® Identity Tracking Solution

• The goal of this Solution Pack is to help you to manage security problems, providing accurate information about User Management from Novell® Sentinel™.

• A Sentinel Solution Pack includes some pre-formatted Reports, Correlation Rules, Collectors, Dynamic Lists, Workflows and Roles that were designed with regulatory requirements in mind.

• This Solution Pack is shipped separately and works for Sentinel RD and Sentinel 6.1.


Real-time, Identity-EnrichedSecurity Information

• Who caused this security event?

• What else have they been doing recently?

• What other accounts do they have throughout the enterprise?


Suggested Environment

Installing the Identity Tracking Solution


Steps to Install the Identity Tracking Solution

• Download the latest release of Identity Tracking Solution (ITS) from the Sentinel Content Web site http://support.novell.com/products/sentinel/secure/sentinel61.html

• Using Sentinel Solution Manager, import the ITS package

• Launch Deploy Screen• Install and Configure resources following ITS

documentation• Collect Events and Test


Data Acquisition - Collector


Event Samples

• Directory– Login– Logout– Password Changed

• Access Manager– Login– Logout– URL Accessed

• Identity Manager– Identity Provisioned– Identity Deprovisioned


Correlation Rules

• Identity Tracking provides correlation rules:– Affected By Exploits– Detect Exploited Assets– Detect Impersonators– Identify Terminated Employees– Monitor ITS Control Management– Remove Reactivated Employees– Rogue Administration– Unauthorized Access By Terminated Employees

Reports


Dashboard Reporting

Providing an overview of identity and security concerns throughout the enterprise

– The top threats and possible vulnerabilities at a glance

– Aggregation of the most important security events enriched with Identity Information


From Dashboard to Detail

Detailed information regarding individual activity


Provisioning Versus Utilization

Are users actually using provisioned resources?

– Identity Management systems can easily tell you what resources users are provisioned to—can they tell you when is the last time used?

– Combining identity information with security events provides an additional level of inspection and validation

– Provides insight regarding effectiveness of provisioning as well as role definitions


Understanding User Activity

What is the usage history of provisioned resources?

– Security information enriched with identity data can provide insight regarding how users are utilizing provisioned resources

– Provides additional data regarding usage trends, anomalies, and comparisons to average utilization


Password Policy Compliance

And do their passwords conform to policy?

– How effective are enterprise password policies?

– How effective is password self service and/or enterprise single sign-on?

Demonstration


Use Cases

1. User Provisioned2. Workflow Process3. Access Granted4. User Access5. Separation-of-Duty (SoD) violation6. Employee Termination7. Rogue Administration8. Attestation

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Documents

Implementing and Proving Compliance Tactics with Novell Compliance Management Platform Identity Tracking Solution