Post on 16-Jan-2016
transcript
2Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Evolution of SecurityM
anag
emen
t
Time
1st GenerationGates, Guns, Guards
2nd GenerationReactive Security
3rd GenerationSecurity asan Enabler
4th GenerationProactive Security
Management
Accountability
Align Security With Business
http://www.sonofnights.com
3Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Imperatives for IT: The Challenge
Technology Drivers
- Growth in numbers e.g. storage, security threats
- Proliferation of devices
- Distributed enterprise
- Cost control
- Infrastructure change & complexity
Business Drivers
- Regulatory compliance
- Responsiveness
- Investment ROI
- Business dependence
- Outsourcing
- Change in business process
Manage RiskManage Risk
Improve ServiceImprove Service
Align IT Investments
Align IT Investments
Manage CostManage Cost
Goal:
Unify & Simplify the Management of IT
http://www.sonofnights.com
4Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
CA’s Vision
Enterprise IT Management (EITM) is CA’s vision for how to unify and simplify the management of enterprise-wide IT
Application EnvironmentsApplication Environments
AssetsAssetsUsersUsers
Business ProcessesBusiness Processes
IT ServicesIT Services
Manage and Secure
Unify Simplify
http://www.sonofnights.com
5Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
EITM – Unify and Simplify It All
Bu
siness S
ervice Op
timizatio
nB
usin
ess Service O
ptim
ization
Sec
urity M
anag
emen
tS
ecu
rity Man
agem
ent
Sto
rage
Man
agem
ent
Sto
rage
Man
agem
ent
En
terprise S
ystem
s Ma
nag
emen
tE
nterp
rise Syste
ms M
an
agem
ent
Application EnvironmentsApplication Environments
AssetsAssetsUsersUsers
Business ProcessesBusiness Processes
IT ServicesIT Services
IT Processes &
Best Practices
Manage and Secure
http://www.sonofnights.com
6Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Challenges
If most Analysts say that 80% of Attacks come from the inside and 20% from the outside, why is the CSI/FBI 2005 Study showing nearly similar values, constantly over 6 years ?
Reason: No Security Sensors and Information Management on the inner perimeter, maybe also no inner perimeter ?
http://www.sonofnights.com
7Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Challenges
It used to be “simple” - stop attacksNew challenge:
- Understanding the impact of security to business Service Continuity Efficiently manage identities and their access to assets Make applications more secure – deep within the application
and across the transaction Enforce business policies Comply with industry and government regulations
Security Needs to be Managed
http://www.sonofnights.comhttp://www.sonofnights.com
8Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Challenges
PC AntiVirus ProtectionConsole
PC’s Protected by AntiVirus Products
InternetCisco Fw inHigh Avail.
Conf.
Active Directory
RedHad Linux
FileServers Microsoft and Novell
Microsoft Exchange Server
Cisco IDS Console
IDS-Sensor
9Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Managed
Internet
PC AntiVirus Security Console
PC AntiVirus Protection
Cisco Fw inHigh Avail.
Conf.
Active Directory
RedHad Linux
FileServers Microsoft and Novell
Microsoft Exchange Server,
AntiVirusAntiSpam
Cisco IDS Console
IDS-Sensor
eTrust AuditeTrust Security
CommandCenter
Identity andAccess
Management
View on Portals for Security
Personnel and Management
SecureContentManager
VulnerabilityManager
http://www.sonofnights.com
10Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Needs to be Managed
SSO Access Management Authentication
Policy Management Reporting Web Services
Password Management
AuthorizationProvisioningVirus Protection
Asset Discovery & Classification
Event CollectionAnti-Spam
Spyware Prevention
Gateway Protection
Firewall Protection
Malware ProtectionScan & Clean
Proactive Management
Federation ForensicsCompliance Mapping
Correlation
Vulnerability Assessment
http://www.sonofnights.com
11Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Needs to be Managed
SSO Access Management Authentication
Policy Management Reporting Web Services
Password Management
AuthorizationProvisioningVirus Protection
Asset Discovery & Classification
Event CollectionAnti-Spam
Spyware Prevention
Gateway Protection
Firewall Protection
Malware ProtectionScan & Clean
Proactive Management
Federation ForensicsCompliance Mapping
Correlation
Vulnerability Assessment
Asset Discovery & ClassificationEvent CollectionVulnerability AssessmentCorrelationForensicsCompliance MappingPolicy ManagementReporting
Virus PreventionSpyware PreventionAnti-SpamGateway Protection
AuthenticationAuthorization
FederationWeb ServicesProvisioning
Password ManagementSSO
Access Management
Firewall ProtectionScan and CleanMalware ProtectionProactive Management
http://www.sonofnights.com
12Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Managed
CompleteSecurity
Management
http://www.sonofnights.com
13Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Strategy for Success
Enables organizations to clearly understand:- Who has access to what within their IT environment?- What is happening in that environment?- What actions need to be taken based on this information?
Security Management
http://www.sonofnights.com
14Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Strategy for Success
Our goal is to deliver complete, integrated and open solutions for:
– Identity and Access Management
– Security Information Management
– Threat Management
To enable organizations to achieve:
– Risk Management
– Asset Protection
– Business Enablement
– Regulatory Compliance
– Service Continuity
– Cost Management
Security Management
http://www.sonofnights.com
15Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Our VisionTo Unify and Simplify It All
Sec
urity M
anag
emen
tS
ecu
rity Man
agem
ent
En
terprise S
ystem
s Ma
nag
emen
tE
nterp
rise Syste
ms M
an
agem
ent
Bu
siness S
ervice Op
timizatio
nB
usin
ess Service O
ptim
ization
Sto
rage
Man
agem
ent
Sto
rage
Man
agem
ent
Application EnvironmentsApplication Environments
AssetsAssetsUsersUsers
Business ProcessesBusiness Processes
IT ServicesIT Services
Manage and SecureIT Processes &
Best Practices
http://www.sonofnights.com
17Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Finance Sector
A key to Basel II conformance is strong, effective internal IT controls, which can yield lower operational risk.
An complete, integrated identity management compliance infrastructure can improve IT controls, and can therefore have significant direct financial benefits.
Specifically, Basel II includes requirements for:- Access rights administration- Authentication- Network Access- Operating System Access- Remote Access- Logging and data collection
http://www.sonofnights.com
18Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Finance Sector
EmployeesContractors
CustomersPartners
Supply chain
InternetIntranet
IdentityIdentityAdministrationAdministration ProvisioningProvisioning AccessAccess
ManagementManagementAuditing/Auditing/
MonitoringMonitoring
Help DeskHelp Desk
HR SystemHR System
Physical AssetsPhysical Assets PlatformPlatform Application Application
Common roles, policies, reporting, workflow
Enterprise Infrastructure EventLogs
Directory
SystemsSystem Services
MainframesSystem files
SCMERPSAP
Custom
Mobile phoneBadges
PDATelephone
http://www.sonofnights.com
19Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Finance Sector Platform Components
Platform Category
Product Compliance Capabilities
Identity Management & Provisioning
Identity Manager
Delegated admin & self service of user identitiesCentralized entitlement managementApproval & notification workflowsImmediate termination of access rightsIdentifies and corrects “separation of duties” violationsRole-based allocation of resources
Access Management
SiteMinder
Access Control
ACF2, TopSecret
CA-Cleanup
Authentication managementCentralized control of user access (authorization)Role-based access control for protected files, and system services Access control for Super-user privilegesHost intrusion preventionControl of access to protected mainframe resources Automated, continuous and unattended security file cleanup Identifies user accounts (access rights) that are unused
Monitoring SCC
Audit
Centralized real-time collection and reporting of access control events from network, systems and applications Asset value based vulnerability analysis and event correlations Policy based filtering, correlation and alerting Network, systems, and application level auditing and reporting
http://www.sonofnights.com
20Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Healthcare Sector
Has to protect clients (patients-) data
Conformance to HIPAA or similar Regulations
Specifically, these Regulations include requirements for:- Access rights administration- Authentication- Network Access- Operating System Access- Remote Access- Logging and data collection
http://www.sonofnights.com
21Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Healthcare Sector
EmployeesContractors
CustomersPartners
Supply chain
InternetIntranet
IdentityIdentityAdministrationAdministration ProvisioningProvisioning AccessAccess
ManagementManagementAuditing/Auditing/
MonitoringMonitoring
Help DeskHelp Desk
HR SystemHR System
Physical AssetsPhysical Assets PlatformPlatform Application Application
Common roles, policies, reporting, workflow
Enterprise Infrastructure EventLogs
Directory
SystemsSystem Services
MainframesSystem files
SCMERPSAP
Custom
Mobile phoneBadges
PDATelephone
http://www.sonofnights.com
22Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Healthcare SectorPlatform Components
Platform Category
Product Compliance Capabilities
Identity Management & Provisioning
Identity Manager
Delegated admin & self service of user identitiesCentralized entitlement managementApproval & notification workflowsImmediate termination of access rightsIdentifies and corrects “separation of duties” violationsRole-based allocation of resources
Access Management
SiteMinder
Access Control
ACF2, TopSecret
CA-Cleanup
Authentication managementCentralized control of user access (authorization)Role-based access control for protected files, and system services Access control for Super-user privilegesHost intrusion preventionControl of access to protected mainframe resources Automated, continuous and unattended security file cleanup Identifies user accounts (access rights) that are unused
Monitoring SCC
Audit
Centralized real-time collection and reporting of access control events from network, systems and applications Asset value based vulnerability analysis and event correlations Policy based filtering, correlation and alerting Network, systems, and application level auditing and reporting
http://www.sonofnights.com
23Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Oil & Gas Sector
Are belonging worldwide to the critical Infrastructure.
An complete, integrated identity management compliance infrastructure is a must in IT controls as they are targets in several ways (physically & digital).
Specifically, this includes requirements for:- Access rights administration- Authentication- Network Access- Operating System Access- Remote Access- Logging and data collection
http://www.sonofnights.com
24Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Oil & Gas Sector
EmployeesContractors
CustomersPartners
Supply chain
InternetIntranet
IdentityIdentityAdministrationAdministration ProvisioningProvisioning AccessAccess
ManagementManagementAuditing/Auditing/
MonitoringMonitoring
Help DeskHelp Desk
HR SystemHR System
Physical AssetsPhysical Assets PlatformPlatform Application Application
Common roles, policies, reporting, workflow
Enterprise Infrastructure EventLogs
Directory
SystemsSystem Services
MainframesSystem files
SCMERPSAP
Custom
Mobile phoneBadges
PDATelephone
http://www.sonofnights.com
25Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Oil & Gas SectorPlatform Components
Platform Category
Product Compliance Capabilities
Identity Management & Provisioning
Identity Manager
Delegated admin & self service of user identitiesCentralized entitlement managementApproval & notification workflowsImmediate termination of access rightsIdentifies and corrects “separation of duties” violationsRole-based allocation of resources
Access Management
SiteMinder
Access Control
ACF2, TopSecret
CA-Cleanup
Authentication managementCentralized control of user access (authorization)Role-based access control for protected files, and system services Access control for Super-user privilegesHost intrusion preventionControl of access to protected mainframe resources Automated, continuous and unattended security file cleanup Identifies user accounts (access rights) that are unused
Monitoring SCC
Audit
Centralized real-time collection and reporting of access control events from network, systems and applications Asset value based vulnerability analysis and event correlations Policy based filtering, correlation and alerting Network, systems, and application level auditing and reporting
http://www.sonofnights.com
26Copyright ©2006 CA. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Telco, Utilities, Transportation
All these sectors can use the Oil & Gas Slides, just exchange the Sector Title.
Utilities are: Power, Water, Gas Distribution Companies or Organisations who deliver Energy to the public and therefore belonging worldwide to the critical infrastructure.
Transportation on high scale also belongs to the critical infrastructure.
http://www.sonofnights.com