Enterprise Reporter 2.0 Customer Presentation

Market Landscape

5 IT Governance, Risk and Compliance (GRC) Mistakes Organizations Make 1. Lack of visibility into who has access to what in Windows

environments

2. Underestimating user & organizational impact

3. Inconsistent or absence of a GRC strategy

4. Inadequate data protection

5. Failure to plan and manage external & internal audits

GRC Technical Challenges

• Not understanding rights and permissions can result in compromised security or this information may be needed for audit purposes to prove you can provide it when asked

• No process automation for periodically reviewing users and their privileges does not let IT focus on core business priorities

• Information that is out of date can be inaccurate and result in non-compliance to regulations without being aware of it

• Manually checking for changes in rights could result in missed changes which could spell a security violation

• Other individuals in the organization may have their own preference on the set and format of the reports

Consequences of Not Having a Proactive GRC Solution• Failure stay in front of external regulations such as PCI DSS

• Lack of adherence to internal policies and standards

• Security breaches (internal and external offenders)

• Leaks of sensitive data (accidental and maliciously motivated)

• A failed IT audit

• System downtime

Dell Solutions

We provide organizations visibility

We simplify audits and streamline operations

We reduce risk with proactive controls

We deliver superior results more quickly

7

Dell GRC Lifecycle Dell provides organizations with

four core capabilities that are common between compliance and operational needs. The core capabilities are assess, audit/alert remediate and manage.

Software

8 Confidential Software

Dell IT Governance, Risk and Compliance

• Determine configuration settings

• Set baselines

• Automate reporting

• Track key performance and security indicators

• Track and report on access

• Enable real-time alerts

• Administer access rights and permissions

• Implement best-practice compliance reporting

• Retain and retrieve data

• Implement preventative controls

• Rectify deviations and security breaches

• Restore data

9 Confidential Software

Enterprise Reporter

• Determine current system configuration and settings for AD, Exchange, SQL Server and file systems

• Set baselines for visibility of user activity and for compliance with internal policies

and external regulations

• Automate operational reporting with anytime, anywhere access

• Track key performance and security indicators

• Track and report on access

• Enable real-time alerts

• Administer access rights and permissions with Security Explorerbased on Enterprise Reporter data

• Implement best-practice compliance reporting

• Implement preventative controls

• Rectify deviations and security breaches

• Restore data

10 Confidential Software

Enterprise Reporter

What is Enterprise ReporterEnterprise Reporter enables administrators, security officers and helpdesk staff to collect, store, and report on the data they need, whether for security assessments, Active Directory pre and post migration analysis or configuration change history auditing.

Why Enterprise Reporter

Configuration Visibility

How do I stay compliant with security best

practices and compliance regulations?

What software is installed on my servers?

What local users and groups are present on servers?

How are my servers configured

?

What logins exist in my SQL server database?

Security Assessment

How do I tighten up security and pass the

audit?

Who has administrative access to Windows

servers and workstations?

Where users have

permissions to shares,

folders and files on file servers and

network filers?

Who has Access to

What?

Who has delegated rights in Active

Directory?

Pre-migration Analysis

How do I ensure a smooth migration

project?

How many domains, users and groups are

there?

What accounts can be excluded

from migration?

What needs to

be migrated?

What possible

conflicts can happen during

migration?

Visibility into the security and configuration of environments• Gain visibility into configuration of critical

IT assets:– Active Directory domains– SQL Servers– Windows File Servers– NAS devices

• Leverage pre-built reports for security best practices, internal polices and external regulations

Minimize unplanned disruptions with change history reports • Capture how configuration

changes over time for:– Group membership– Active Directory domains– Computers– NTFS files, folders or shares– Registry keys or values– SQL servers or databases

• Minimize risk of business disruptions due to unnoticed and unwanted changes with in-depth historical analysis

Tighten security with real-time access assessments

• Reduce risk of internal and external data breaches by determining who has access to what files, folders and shares

• Detect security violations such as identifying users with inappropriate access

• Provide access on a need to know basis

• Ensure successful IT audits and meet compliance requirements

Pre-migration and post-migration analysis companion

• Inventory Windows environments

• Identify unused assets for cleanup

• Determine the impact of consolidation and restructuring

• Find the best way to stage the migration project

• Verify migration is completed as planned

Achieve enterprise readiness with automated, scalable data collection• Scale to environments of any

size and geographic distribution

• Schedule collections during off-peak hours

• Satisfy reporting needs of multiple departments

Decrease workload with automated report generation

• Automate report generation and delivery for multiple consumers

• Honor departmental and business boundaries by letting auditors, help desk and IT managers get exactly the reports they asked for

• Control the status of data collection and report delivery from the screen of your mobile phone

Meet unique reporting needs with customizable reports• Enable effective data

analysis

• Multiple formats ( PDF, HTML, MHT, RTF, XLS, XLSX, CSV, text and images) with advanced filtering options

Unified reporting interface across Dell GRC solutions

• Consolidate and view data from multiple data sets and platforms into one single pane of glass for reporting at no additional cost

• Reduce training and infrastructure costs for multiple interfaces

• Save time with predefined security and compliance reports

• Simplifies decision making with dashboard reporting

• Provides end users control over what and how they want to receive reports without IT administrator intervention

Case Study

Snapshot• Large enterprise hospitality company

Challenge Needed to find a way to raise visibility into user permissions and configuration changes in order to comply with:

• SOX • PCI-DSS• Company policy

Results • Provides daily, weekly and monthly

reports to stakeholders

• Is able to automatically report on and understand what is happening in Active Directory and Windows Servers

• Reduced workload by 50-75%

• Met compliance requirements

• Strengthened internal security controls

• Provided managers with evidence of IT controls

Software

Enterprise Reporter for Active Directory

Discover, report and audit AD across the enterprise

• Answer tough questions such as:– Who can do what in my Active Directory?– What users, groups and computers exist

in Active Directory?– What user accounts can be safely deleted

before migrating to a new domain?– How does group membership change over

time for domain, local and global groups?

Enterprise Reporter for Active Directory features

• Pre-migration assessment– Ensure a smooth domain migration or consolidation project by pinpointing user and

group dependencies, matching conflicts and unused accounts before the migration starts.

• Delegated rights reporting– Ensure appropriate Active Directory delegation by reporting on who has access to

Active Directory domains and OUs, users, groups and computers.

• Change review– Capture historical configuration information on users, groups, organizational units

and permissions, and view detailed change history reports. Gain in-depth insight for historical analysis and compliance reporting.

Enterprise Reporter for Windows Servers

Windows Servers and NAS discovery, reporting and auditing across the enterprise• Provide answers to questions often

asked by IT auditors and management such as:

– Where this user or group has access to critical unstructured data?

– Who has administrative access to Windows servers and workstations?

– How are servers configured – including general computer information, network settings, services running, installed programs and custom Registry keys?

– How does the configuration of servers change over time?

Enterprise Reporter for Windows Servers Features

• Access assessment– Rapidly find out in real time where selected users and groups have permissions

across the entire Windows file server and NAS environment. Windows file server access reporting enables tightened security and ensures access is provided on a business-need-to-know basis.

• Local policy assessment– Make sure local security configuration is aligned with domain-wide policies. Check

local security policies, membership of local administrative groups and other security configuration stored in Registry keys.

• Permission reporting– Collect and report on permissions of shares, files and folders, printers, Registry keys

and services for comprehensive Windows Server permission reporting. Identify access control entries (ACEs) explicitly set on files in a folder hierarchy of a specified depth.

Enterprise Reporter for SQL Server

Enhance database security with SQL Server discovery, reporting and change history auditing• Have answers on hand to

compliance and security questions such as:

– What roles and logins are set across all SQL databases?

– Who has administrative access to each SQL server?

– How does the configuration of each SQL server change over time?

Enterprise Reporter for SQL Server Features

• Permission reporting– Collect and report on permissions to SQL databases, users, roles and logins for

comprehensive SQL Server permission reporting.

• Change history review– Capture historical configuration information on database objects and view detailed

change history reports. Gain in-depth insight for historical analysis and compliance reporting.

To learn more about Enterprise Reporter

http://software.dell.com/Enterprise-Reporter