How to Survive an IT Audit… and Thrive Off It!

Presenter:

Adam StetsonPresales EngineerAdam.Stetson@netwrix.com1.201.490.8840 x2907

Agenda

Compliance Overview

Continuous Compliance

Control Processes

Product Demonstration

Briefly about Netwrix

Questions and Answers

Compliance Overview

Best Practices, Standards and Regulations

ISO 27001, COBIT, NIST

PCI, HIPAA, SOX, FISMA, FFIEC/GLBA

Commonalities

Availability, Integrity, Accountability

Policies, Implementation, Validation, Reporting

Perform reviews of your policies

Periodic reviews should be planned and executed

Processes for policies and procedures improvement should be established

Visibility Failures Real-Life Examples

Compliance Investigations2015 – Anthem Inc. — 78,8 million entries

2014 – NY and Presbyterian Hospital — $4.8 million fine

Compromised Security 2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database

2015 – Office of Personnel Management — 21,5 Million records

2014 – Home Depot 56 million customer cards compromised (largest retail breach on record)

– Dairy Queen 395 locations

– Jimmy John’s 216 locations

– JPMorgan Chase 76 million households, 8 million small businesses exposed

2013 – Target. $3.6 – 12 billion (estimated)

Business Continuity DisruptionsA Global Oil Company

Someone mistakenly deleted 2000 user accounts because of a mistake in a script. Monday morning, people couldn’t logon

Large Recycling Company

GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to access particular applications/resources

Ways to Approach Compliance

One-Time Effort

Compliance as an Event

Regime Establishment

Compliance as a Continuous Process

Continuous Compliance is the Way

Initial effort for establishing a continuous compliance regime can be cumbersome:

Extensive planning and development of internal policies,

Assignment of roles and responsibilities,

Implementation of controls and mechanisms for feedback and improvement.

Once continuous compliance is established, it brings many benefits, including:

Increased efficiency of operations

No high risk periods

Continuous improvement

Lower total cost (over the years)

Change managementProcess for controlling the lifecycle of all changes, ensuring that no unauthorized changes appear in information systems

Access controlProcess for establishing selective restrictions of access to information systems and data

Account managementIssuing, removing, maintaining, and configuring information systems’ accounts and related privileges

Credentials managementManagement of credential information such as user names and passwords

Privileged users managementManagement of privileged accounts, including their provisioning and life cycle management, authentication, authorization, credentials management, auditing, and access control

Control Processes

Integrity monitoringProcess for performing validation of data and configurations integrity by comparing between the current state and the known, good baseline

Configuration managementInterrelated processes and management techniques for evaluating, coordinating, and controlling changes to and configurations states of the information systems

Data governanceManagement of the availability, usability, integrity, and security of the data employed in an organization

Audit trialCollection, consolidation, retention, and processing of the audit data

Control Processes (continued)

Demonstration

Netwrix Auditor

About Netwrix Auditor

Netwrix Auditor

A visibility and governance platform that enables control over

changes, configurations, and access in hybrid cloud IT environments by

providing security analytics to detect anomalies in user behavior and

investigate threat pattern before a data breach occurs.

Netwrix Auditor Applications

Active Directory Exchange

Office 365

Windows File Servers

EMC

NetApp

Windows Server

VMware

SQL Server

SharePoint

Azure Active Directory

Oracle Database

Netwrix Auditor Conceptual Model

About Netwrix Corporation

Year of foundation: 2006

Headquarters location: Irvine, California

Global customer base: over 8,000

Recognition: Among the fastest growing

software companies in the US with 105

industry awards from Redmond

Magazine, SC Magazine, WindowsIT Pro

and others

Customer support: global 24/5 support

with 97% customer satisfaction

Netwrix Customers

GA

Financial

Healthcare & Pharmaceutical

Federal, State, Local, Government

Industrial/Technology/Other

Awards

All awards: www.netwrix.com/awards

Free Trial: setup in your own test environment:

On-premises: netwrix.com/freetrial

Virtual: netwrix.com/go/appliance

Cloud: netwrix.com/go/cloud

Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive

Live Demo: product tour with Netwrix expert netwrix.com/livedemo

Contact Sales to obtain more information netwrix.com/contactsales

Webinars: join our upcoming webinars and watch the recorded sessions

netwrix.com/webinars

netwrix.com/webinars#featured

Next Steps

Thank You!