How to Survive an IT Audit… and Thrive Off It!

Presenter:

Adam StetsonPresales EngineerAdam.Stetson@netwrix.com1.201.490.8840 x2907

Agenda

Compliance Overview

Continuous Compliance

Control Processes

Product Demonstration

Briefly about Netwrix

Questions and Answers

Prize Drawing

Compliance Overview

Best Practices, Standards and Regulations

ISO 27001, COBIT, NIST

PCI, HIPAA, SOX, FISMA, FFIEC/GLBA

Commonalities

Availability, Integrity, Accountability

Policies, Implementation, Validation, Reporting

Perform reviews of your policies

Periodic reviews should be planned and executed

Processes for policies and procedures improvement should be established

Audit Failures Real-Life Examples

Compliance Investigations2010 – NY and Presbyterian Hospital and Columbia University. $4.8 million

2009 – WellPoint Inc. $1.7 million

Compromised Security 2014 – Home Depot 56 million customer cards compromised (largest retail breach on record)

– Dairy Queen 395 locations

– Jimmy John’s 216 locations

– JPMorgan Chase 76 million households, 8 million small businesses exposed

2013 – Target. $3.6 – 12 billion (estimated)

2011 – Maricopa County $17 million

Business Continuity DisruptionsA Global Oil Company

Someone mistakenly deleted 2000 user accounts because of a mistake in a script. Monday morning, people couldn’t logon

Large Recycling Company

GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to access particular applications/resources

Ways to Approach Compliance

One-Time Effort

Compliance as an Event

Regime Establishment

Compliance as a Continuous Process

Continuous Compliance is the Way

Initial effort for establishing a continuous compliance regime can be cumbersome:

Extensive planning and development of internal policies,

Assignment of roles and responsibilities,

Implementation of controls and mechanisms for feedback and improvement.

Once continuous compliance is established, it brings many benefits, including:

Increased efficiency of operations,

No high risk periods,

Continuous improvement,

Lower total cost (over the years).

Security & Compliance

Change managementProcess for controlling the lifecycle of all changes, ensuring that no unauthorized changes appear in information systems

Access controlProcess for establishing selective restrictions of access to information systems and data

Account managementIssuing, removing, maintaining, and configuring information systems’ accounts and related privileges

Credentials managementManagement of credential information such as user names and passwords

Privileged users managementManagement of privileged accounts, including their provisioning and life cycle management, authentication, authorization, credentials management, auditing, and access control

Control Processes

Integrity monitoringProcess for performing validation of data and configurations integrity by comparing between the current state and the known, good baseline

Configuration managementInterrelated processes and management techniques for evaluating, coordinating, and controlling changes to and configurations states of the information systems

Data governanceManagement of the availability, usability, integrity, and security of the data employed in an organization

Audit trialCollection, consolidation, retention, and processing of the audit data

Control Processes (continued)

About Netwrix Auditor

Netwrix Auditor

enables #completevisibility into both security configuration

and data access within the IT infrastructure

by providing actionable audit data

about who changed what, when and whereand who has access to what

Netwrix Auditor Conceptual Model

Compliance and Netwrix Auditor

Regulation How Netwrix helpsProcesses and Report

CategoriesNetwrix Report

HIPAA

§ 164.308 (a)(6)(ii) Response and reporting.

Netwrix Auditor provides complete audit trail of activities

leading to the incident and helps with root cause analysis

afterwards.

AUDIT TRAIL

Netwrix Auditor for Active Directory:- All Active Directory Changes

Netwrix Auditor for Exchange Server- All Exchange Server Changes

and more

PCI

10.1 Implement audit trails to link all access to system components to each individual user.

Utilize Netwrix Auditor’s fully featured auditing and reporting of all user activities including access to sensitive files, across the entire IT infrastructure and recording of

who changed what, when, and where.

ACCESS CONTROLSystems Access

Data Access User Activity AUDIT TRAIL User Activity

Netwrix Auditor for Active Directory:- User Accounts Last Logon Time

Netwrix Auditor for File Servers: - File Server Changes by User

and more

SOX

DS5.4: User Account Management

Audit all changes to user accounts, elevation of privileges, regular and

privileged users’ activities.

ACCOUNT MANAGEMENTAccounts States

Account ChangesPolicies Changes

Policies States

Netwrix Auditor for Group Policy:- Account Policy Changes- User Configuration Changes

and more

Demonstration

Netwrix Auditor

Netwrix Auditor

Netwrix Auditor Applications

Netwrix Auditor for

Active Directory

Netwrix Auditor for

SharePoint

Netwrix Auditor for SQL Server

Netwrix Auditor

for VMware

Netwrix Auditor for

Windows Server

Netwrix Auditor for

File Servers

Netwrix Auditor for

Exchange

Netwrix Auditor Applications Scope

Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; AD change rollback; inactive user tracking and password expiration alerting.

Changes to Windows-based file servers, EMC Storage and NetApp Filers; State-in-Time information on configurations.

SharePoint farm configuration changes, security and content changes.

Exchange changes and non-owner mailbox access auditing.

SQL configuration and database content changes.

Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording.

VMware vSphere changes.

Netwrix Auditor forActive Directory

Netwrix Auditor forExchange

Netwrix Auditor forFile Servers

Netwrix Auditor forSharePoint

Netwrix Auditor forSQL Server

Netwrix Auditor forVMware

Netwrix Auditor forWindows Server

Related Resources:

Free Guide: PCI, SOX, HIPAA, FISMA, GLBA, ISO/IEC 27001 with Netwrix Auditor

netwrix.com/compliance

Whitepaper: General Principles of IT Compliance and Continuous Compliance with Netwrix

start.netwrix.com/white_paper_compliance_demystified.html

Upcoming & Recorded Webinars:

netwrix.com/webinars

netwrix.com/webinars#featured

About Netwrix Corporation

Year of foundation: 2006

Headquarters location: Irvine, California

Global customer base: 6000Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Proand others

Customer support: global 24/5 support with 97% customer satisfaction

Netwrix Customers

GA

Financial

Healthcare & Pharmaceutical

Federal, State, Local, Government

Industrial/Technology/Other

Award winning products

All awards: www.netwrix.com/awards

Free Trial: setup in your own test environment

netwrix.com/freetrial

Test Drive: virtual POC, try in a Netwrix-hosted test lab

netwrix.com/testdrive

Live One-to-One Demo: product tour with Netwrix expert

netwrix.com/livedemo

Contact Sales to obtain more information

netwrix.com/contactsales

Next Steps

Thank You!

Prize Drawing

Haven’t won this time? Sign up for upcoming sessions: https://www.netwrix.com/webinars.html

Get Your Fitbit Activity Wristband!