How to Survive an IT Audit… and Thrive Off It!
Presenter:
Adam StetsonPresales [email protected] x2907
Agenda
Compliance Overview
Continuous Compliance
Control Processes
Product Demonstration
Briefly about Netwrix
Questions and Answers
Compliance Overview
Best Practices, Standards and Regulations
ISO 27001, COBIT, NIST
PCI, HIPAA, SOX, FISMA, FFIEC/GLBA
Commonalities
Availability, Integrity, Accountability
Policies, Implementation, Validation, Reporting
Perform reviews of your policies
Periodic reviews should be planned and executed
Processes for policies and procedures improvement should be established
Visibility Failures Real-Life Examples
Compliance Investigations2015 – Anthem Inc. — 78,8 million entries
2014 – NY and Presbyterian Hospital — $4.8 million fine
Compromised Security 2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database
2015 – Office of Personnel Management — 21,5 Million records
2014 – Home Depot 56 million customer cards compromised (largest retail breach on record)
– Dairy Queen 395 locations
– Jimmy John’s 216 locations
– JPMorgan Chase 76 million households, 8 million small businesses exposed
2013 – Target. $3.6 – 12 billion (estimated)
Business Continuity DisruptionsA Global Oil Company
Someone mistakenly deleted 2000 user accounts because of a mistake in a script. Monday morning, people couldn’t logon
Large Recycling Company
GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to access particular applications/resources
Ways to Approach Compliance
One-Time Effort
Compliance as an Event
Regime Establishment
Compliance as a Continuous Process
Continuous Compliance is the Way
Initial effort for establishing a continuous compliance regime can be cumbersome:
Extensive planning and development of internal policies,
Assignment of roles and responsibilities,
Implementation of controls and mechanisms for feedback and improvement.
Once continuous compliance is established, it brings many benefits, including:
Increased efficiency of operations
No high risk periods
Continuous improvement
Lower total cost (over the years)
Change managementProcess for controlling the lifecycle of all changes, ensuring that no unauthorized changes appear in information systems
Access controlProcess for establishing selective restrictions of access to information systems and data
Account managementIssuing, removing, maintaining, and configuring information systems’ accounts and related privileges
Credentials managementManagement of credential information such as user names and passwords
Privileged users managementManagement of privileged accounts, including their provisioning and life cycle management, authentication, authorization, credentials management, auditing, and access control
Control Processes
Integrity monitoringProcess for performing validation of data and configurations integrity by comparing between the current state and the known, good baseline
Configuration managementInterrelated processes and management techniques for evaluating, coordinating, and controlling changes to and configurations states of the information systems
Data governanceManagement of the availability, usability, integrity, and security of the data employed in an organization
Audit trialCollection, consolidation, retention, and processing of the audit data
Control Processes (continued)
Demonstration
Netwrix Auditor
About Netwrix Auditor
Netwrix Auditor
A visibility and governance platform that enables control over
changes, configurations, and access in hybrid cloud IT environments by
providing security analytics to detect anomalies in user behavior and
investigate threat pattern before a data breach occurs.
Netwrix Auditor Applications
Active Directory Exchange
Office 365
Windows File Servers
EMC
NetApp
Windows Server
VMware
SQL Server
SharePoint
Azure Active Directory
Oracle Database
Netwrix Auditor Conceptual Model
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: over 8,000
Recognition: Among the fastest growing
software companies in the US with 105
industry awards from Redmond
Magazine, SC Magazine, WindowsIT Pro
and others
Customer support: global 24/5 support
with 97% customer satisfaction
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
Awards
All awards: www.netwrix.com/awards
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
netwrix.com/webinars
netwrix.com/webinars#featured
Next Steps
Thank You!