1 / 31

Why Auditing is a Must-Have Element in Your Security Strategy.

Explore why auditing is crucial in modern security strategies to combat insider threats, breaches, and evolving attack vectors. Learn how IT auditing reinforces defenses and enables proactive incident response to safeguard sensitive data and systems.

mcnally
Download Presentation

Why Auditing is a Must-Have Element in Your Security Strategy.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why Auditing is a Must-Have Element in Your Security Strategy. Jim Smith Director sales jim.smith@Netwrix.com

  2. Agenda The IT world we live in: the device mesh The future of security: expert predictions Notable breaches Perimeter defense: turning security inside out How IT auditing supplements security strategy Questions and answers

  3. The IT World We Live in: The “Device Mesh”

  4. Device mesh — is the proliferation of smart, digital, wireless, sensor-based, interconnected devices that people use personally and professionally to access applications, systems and information. Other IT buzz words today: Internet of Things, Cloud Computing, Big Data, Advanced Analytics, Advanced Machine Learning, Bring-Your-Own-Device, Convergence, DevOps, PaaS/SaaS

  5. Examples The ones we already got used to:

  6. Examples Self-driving cars. Connected smart home devices. Smart clothing. Personal health devices. Robots assistants. Other sensor-based devices and wearables for work and leisure. The ones that are growing in popularity:

  7. Interconnectivity-related Security Concerns Devices are widely used for work (BYOD spreads in the business world) but are lacking inherent security at the same time. The outcome: • Huge opportunities for simple hacking. • High possibility of stolen or lost devices. • Ease of access to corporate environment. • Cyber Security Bill for 2015: $75 Billion Spent, $300 Billion Lost

  8. Cyberattack Vector Will Broaden Personal data harvesting will gain traction with both sophisticated and simplistic hacking techniques. Credentials theft and acquisitions of accounts will be one of the most attractive ways of gaining access to systems and data. General cyber arms race will advance and impact more and more people.

  9. Security Experts’ Predictions

  10. Insider Threats Handling Will Become a Priority Insider threats outrank external attacks already today. Insider threats are becoming more difficult to deal with. A security focus will be set on establishing proper control over user activities inside corporate networks.

  11. Insider threats stats 2015 Vormetric Insider Threat Report … “How vulnerable is your organization to insider attacks?” 89% More at risk than before 34% Very / extremely vulnerable 2015 IBM Cyber Security Intelligence Index … “Of all responsible for security attacks” 45%Outsiders 31.5% Malicious Insiders 23.5% Inadvertent Insiders

  12. Sample Data Breaches That Could Have Been Prevented

  13. Data Breaches of 2015

  14. Data BreachCase Study The United States Office of Personnel Management Announcement: June 2015. Start: March 2014 or earlier. Affected: 21,5 million people. What leaked: social security numbers, names, dates and places of birth, addresses and other. Hacking method: attackers had gained valid user credentials, likely through social engineering. State involvement: linked to Chinese hackers / Chinese government 1

  15. Data BreachCase Study Experian Announcement: September 2015. Start: September 2013 or earlier. Affected: 15 million people. What leaked: names, addresses, birthdates, social security numbers and ID numbers. Hacking method: investigation is ongoing (presumably identity theft through phishing) 2

  16. The Concept of Network Perimeter Is Now Blurred

  17. Perimeter model ischanging Perimeter-based defenses (firewalls, antivirus, antimalware, IDS, distribution of privileges) alone became significantly less effective against increasingly adept attacks. The security focus is shifting from incident prevention to incident detection and attack response.

  18. Why Perimeter Defenses Aren’t Enough People bring devices to work (BYOD); growth of IoT market; growing interconnectivity of devices and systems, more data in circulation, adoption of cloud. Insecure devices; inherent vulnerabilities in applications and systems. Growing organization of hackers. Availability of easy-­to-­use hacking tools and effectiveness of simple hacking methods. Growing technological sophistication of intrusion tactics. Tense political atmosphere and state-sponsored attacks.

  19. How Auditing Can Solidify Your IT Security Strategy

  20. IT Auditing IT auditing delivers visibility into many aspects of corporate IT, such as access to sensitive data, privileged user activity and changes to critical configurations. Auditing helps organizations be more effective in detecting abnormal user activity, privilege abuse and suspicious data access and be more agile in responding to security incidents and minimizing the impact of threat factors.

  21. Main Questions IT Auditing Helps Answer What is happening in my IT infrastructure? Is my environment secure and ready for compliance audits? Who is violating security principlesor behaving strange? Who has access to what data or systems in my organization? What exactly was changed, when and where in my environment, and who must be held accountable?

  22. Covered Areas System changes System configuration at a given moment Distribution of privileges, permissions Privileged user activity Access to data and systems

  23. Issues related to using SIEM solutions to perform auditing for AD and GPO • “SIEM solutions are event and alert driven, covering multiple devices and locations. Someone needs to make sense of multiple event logs and alerts to determine what is actionable data” • SIEM is collecting raw data, they correlate but no Audit Intelligence just logs (who, what, when, where) • SIEM’s can notify of AD/GPO change, but lack the detail because they see logs not attributes for the following: • Group membership • GPO delta’s • Change detail • State in time or before and after values • SIEM’s cannot generically not perform playback and record of servers, desktops and VDI • Track activity with critical applications that do not produce logs • SIEM’s cannot perform automated restore of AD objects and attributes

  24. About Netwrix Corporation Year of foundation: 2006 Headquarters location: Irvine, California Global customer base: 6000 Customer support: global 24/5 support with 97% customer satisfaction. Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Proand others.

  25. What We Do? Netwrix Auditor Enables complete visibility Both security configuration and data access Provides actionable audit data who changed what, when and where Who has access to what across the entire IT infrastructure

  26. Netwrix Auditor Applications Scope Active Directory changes;Group Policy changes; State-in-Time information on configurations; real-time alerts; AD change rollback; inactive user tracking and password expiration alerting. Netwrix Auditor forActive Directory Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording. SQL configuration and database content changes. Netwrix Auditor forWindows Server Netwrix Auditor forSQL Server Changes to Windows-based file servers, EMC Storage and NetApp Filers; State-in-Time information on configurations. VMware vSphere changes. Netwrix Auditor forVMware Netwrix Auditor forFile Servers Exchange changes and non-owner mailbox access auditing. SharePoint farm configuration changes, security and content changes. Netwrix Auditor forExchange Netwrix Auditor forSharePoint

  27. Netwrix Auditor Benefits Strengthens Security Streamlines Compliance Optimizes Operations Provides actionable audit data required to prove that the organization’s IT compliance program adheres to PCI DSS, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 27001 and other audits. Relieves IT departments of manual crawling through disparate array of event logs to get the information about who changed what, when and where and who has access to what. Eliminates blind spots and makes it easy to identifychanges that violate corporate security policiesthus helping detectsuspicious user activity and prevent breaches.

  28. Customers Federal, State, Local Government Financial Healthcare & Pharmaceutical WebMD Industrial/Technology/Other

  29. Industry Awards and Recognition All awards: www.netwrix.com/awards

  30. Addressing the IT and Business Challenges IT Security Administrator Investigate suspicious user activity before it becomes a breach. ITAdministrator Generate and deliver audit and compliance reports faster. IT Director, CIO/CISO Mitigate security risksand minimize compliance costs. ITManager Maximize control over your IT infrastructure and eliminate stress of your next compliance audit.

  31. Questions& Answers Speaker’s Name Position Email.address@email.com

More Related