Improve ROI on security & compliance management Infosec Israel 2010

© 2010 NetIQ Corporation. All rights reserved.

Improve ROI on Security and Compliance ManagementJune 7, 2010


How Much It Cost To Be Secure?

2

First Level

Third Level

Second Level

*Calculated on 2080 Hours/Year

Resource Type Ownership %

Hourly Cases

Hourly Cost*

Help Desk & Service DeskLow Skill ResourcesHigh Turnaround

68% 4 22$

IT ProfessionalsPlatform SpecificIn-House Personnel

26% 1,5 44$

Security OfficersTechnology SpecificMostly External

6% 0,13 112$

Deeper it goes, longer is the Exposureand the associated Risk Cost

Standard IT Security Model


High value resources consumed by simple tasks Different skills required for different platforms Training costs Adoptions of service management frameworks that incur

higher than expected costs Roles and responsibilities not formalized New technologies that introduce unexpected management

challenges Inability to track and evaluate response times The User is never part of the Solution Impossibility to calculate the per-piece/per-transaction

managing Security impact cost

And Why?

3


Goal of IT ManagementBecome an Efficient Business Enabler

Operational Efficiency

Business E

nablement

Goal:Cost Effective withOptimized Service Delivery

Sub-Optimal:Cost-Centric and Tacticalwith Marginal Services

Current State:Expensive and Tactical with

Limited Perceived Value

Sub-Optimal:Aligned To Business Goals But

Expensive

Efficient Business Enabler A

Low Cost Provider C

Expensive Business EnablerB

Low Value ProviderD


Management’s DilemmaOperational Efficiency vs. Business Enablement

Significant up-front Significant up-front investments and the need for investments and the need for profound changes profound changes jeopardize jeopardize or delay expected cost or delay expected cost reductionsreductions..

Off-shoring and outsourcing, Off-shoring and outsourcing, combined with little combined with little investment in processes, investment in processes, often often forsake agility and forsake agility and business enablementbusiness enablement..

“The Cost Cutter” “The Framework Adopter”


Busin

ess E

na

blem

ent


Busin

ess E

na

blem

ent


A Different ApproachIT Process Automation Provides a Direct Route to Improve Efficiency

IT Process Automation IT Process Automation enables you to:enables you to:

1 Reduce Inefficiencies from Current Security Mgmt Tools

• Eliminate manual intervention caused by routine, highly mundane tasks

• Free administrators to focus on more critical problems to the business

2 Integrate Tools within IT Security and Operations 3

• Combine management data with contextual information to further streamline IT run books

• Allow IT managers to reallocate resources to deliver strategic business projects

Integrate the Business into IT Security Mgmt Processes

• Bridge security and business users by formalizing responsibilities within the context of IT processes

• Improve business alignment and reduce IT costs by involving the business in IT processes

Simultaneously improve both business enablement and operational efficiency

Demonstrate improvements in the short term and long term

Support both framework adoption and cost-cutting strategiesOperational Efficiency

Bu

sine

ss En

ab

lem

en

t

1

2

3


The NetIQ Security Vision

7

Audit

Monitor

Control

Be efficient on risk vs. business value

Understand the security and risk posture

Satisfy compliance mandates

Distributed, multi-vendor environments

Business alignment and policy exceptions

Configuration drift Evolving best practices

and vulnerabilities

Reduce risks of privileged user access

Protect sensitive corporate data

Quickly resolve threats Satisfy compliance

mandates

Invisibility of privileged user activity

Large volume of user-generated events

Excessive privileged access rights

Lack of integration

Manage planned and unplanned changes to production systems

Harden business elements efficiently

Satisfy compliance mandates

Impractical or ineffective change auditing

Restricting permissions without impeding service delivery

Inability to relate changes to change authorizations

Monitor and Manage Monitor and Manage User ActivityUser Activity

Control and Audit Control and Audit ConfigurationConfiguration

Manage and Enforce Manage and Enforce Change ControlChange Control

Goals Challenges Our Approach

Ne

tIQ

So

luti

on

Ne

tIQ

So

luti

on

Ne

tIQ

So

luti

on

All of those through Automation


Control and Audit Configuration

8

NetIQ DeliversReal-time event correlation reduces alert volumes while highlighting critical events, improving incident management while reducing costs.

TRACE™ technology delivers log management, protects the chain of custody, and provides trend analysis and forensics to meet evolving mandates.

Powerful auditing of user activity and access controls helps meet compliance mandates and address both inside and outside threats.

Effective detection at both the host and network level provides better protection of corporate data and demonstrable oversight of change controls.

What's NeededEvent Correlation and Analysis

Log Management and Forensics

Access Control and User Monitoring

Change and Threat Detection

Challenges What's Needed1. Security events and alerts often overwhelm

security staff, inhibiting effective security incident management.

Event Correlation and Analysis

2. Evolving mandates require more than simple log consolidation, to encompass integrity of data, chain of custody, and forensic reporting.

Log Management and Forensics

3. Effective protection of corporate data is dependent on user activity monitoring, which is often inhibited by native capabilities.

Access Control and User Monitoring

4. Intrusion detection and log monitoring are insufficient to meet the evolving mandates for data protection and change control.

Change and Threat Detection

Primary Goal:

Protect systems, applications and data in accordance with their business value and satisfy compliance mandates


NetIQ DeliversA prevention-oriented, proxy-based administration solution delivers higher availability than that of system-wide backup and restoration.

Non-hierarchical, rules-based delegation simplifies safely granting privileges to users.

Automated tasks triggered by events streamline routine administrative tasks, saving time and improving service.

Automation and repeatability, along with Active Directory and Unix users optimization, assures business availability and satisfied end users.

Monitor and Manage User Activity

9

What's NeededPrevention and Recovery

Delegated Administration

Administrator Task Automation

Migration and Optimization

Primary Goal:

Maintain the infrastructure, applications, user accounts, and security per business requirements

Challenges What's Needed1. Administrative errors and malicious acts

threaten the integrity and reliability of systems and services.

Prevention and Recovery

2. Native tools make it impractical to enable non-administrators to make routine or low-risk changes.

Delegated Administration

3. Manual, routine tasks often consume valuable skilled resources.

Administrator Task Automation

4. Diversity, complexity and emerging technologies increase the time to deploy and operate systems management tools.

Migration and Optimization

© 2010 NetIQ Corporation. All rights reserved.10

Manage and Enforce Change Control

10

CalCom DeliversAutomated Process for Real Time Policies Enforcement within the different IT Layers, not stopping the normal operations

An extensible library with hundreds of Policy Process Protection Rules covering OSs, Applications, Users Behavior, Network Connections

Learning Mode to understand how and element should behave. Unparalleled capabilities in Monitoring, Auditing, Access and Change control

Built-in reports, Regulatory Compliance Reports, Policy Center © – Gap Analysis Report and Compliance Dashboard ©

What's NeededHardening Solutions that doesn’t harm or stop the Services Operations

Harden not only basic Objects but also ensure Applications proper utilization and regulate Policies Changes and Access

Easily provide Real Time Policies monitoring and implementation

Unparalleled reporting capabilities on regulatory compliance

Primary Goal:Real time enforcement of an organization policy throughout the different layers of the IT infrastructure. Without stopping the services operations

Challenges What's Needed1. Real time enforcement of an organization

policies on the IT Infrastructure layers, without harming the Services Operation

Hardening Solutions that doesn’t harm or stop the Services Operations

2. Protect and enforce the organization’s Policy Processes through verifying the User behavior

Harden not only basic Objects but also ensure Applications proper utilization and regulate Policies Changes and Access

3. Monitor, alert and prevent policies break, rolling back to any change of the hardened element following the Policies

Easily provide Real Time Policies monitoring and implementation

4. Be able to produce a wide range of regulatory reports, gap analysis, what if analysis and compliance dashboard

Unparalleled reporting capabilities on regulatory compliance


All of Those Through Automation

11

Workflow Automation Engine

NetIQ Products

Message Bus, Resource Model, CMDB

3rd Party Best-of-Breed products

Run Books(Event Correlation, Fault Recovery, Routine

Server Restarts, etc. )

Processes (ITIL Incident Management, Change

Management, DR testing, etc.)

Correlation Engine

AM

SM

/CG

SC

M

DR

A

SC

OM

HP

OM

Rem

edy

Sm

arts

AdaptersBi-directional data collection and control

Activity LibrariesWorkflow building blocks that control other tools

Process TemplatesProvides built-in knowledge

Presentation LayerConsoles tailored to specific users

Independent EnginesAllow data processing scalability

Resource Mgmt DB Normalizes data from diverse tools

Ops ConsoleConfig Console Reports

…

…


At The End This is What Really Counts

12


Real World Example On Self Password Reset

13


NetIQ Aegis

NetIQ Security Manager− CalCom Hardening Module− NetIQ Change Guardian for Databases− NetIQ Change Guardian for Active Directory− NetIQ Change Guardian for Group Policy− NetIQ Change Guardian for Windows

NetIQ Secure Configuration Manager

NetIQ Security Solutions for iSeries

NetIQ Identity Integration Suite

The Cast and The Crew

14


• Organizations can realize benefits in the form of improved productivity for system administrators, as well as other IT professionals, through the automation of common IT processes.

• Higher ROIs are achievable with each additional process automated through Aegis. In general, an organization would expect greater returns as more workflows are implemented to reduce the amount of time required to perform a given process.

Total Economic ImpactROI and Payback Period for NetIQ IT Security Process Automation

FORRESTER®

Summary financial results

Original estimate Risk-adjusted

ROI 150% 141%

Payback period (yrs)

1.1 1.2

Total Benefits (PV) $1,232,563 $1,192,083

Total costs (PV) ($493,847) ($495,549)

Total (NPV) $738,716 $696,534

15


Next Steps with NetIQ & CalCom

Your Need Action ItemsLearn More about IT Process Automation

Visit NetIQ.com and Calcomp.com Schedule an online demo Attend a NetIQ webinar

Validate Our Approach

Read Forrester SWOT and Total Economic Impact™ Study Read Gartner SIEM Magic Quadrant™ report Read Gartner IT Governance, Risk & Compliance MarketScope™

Build a Business Case for NetIQ

Read Forrester Total Economic Impact™ Study Complete ROI calculation with NetIQ and CalCom Complete an internal business case

Assess NetIQ for aTechnical Fit

Schedule a technical discussion with our engineers Implement a Proof Of Concept (POC) onsite Engage our consultancy services to perform an onsite assessment

Prepare for IT Process Automation

Optimize your existing deployment Work with NetIQ/CalCom consultancy to plan a roll-out Leverage introductory pricing to implement a production pilot


NetIQ Sales IGIC

Via Varese 6/a – Paderno Dugnano

Milan, 20037 Italy

Tel: +39 02 99 06 02 01

Fax: +39 (0) 2 9904 4784

[email protected]

NetIQ.comFollow NetIQ:

NetIQ, an Attachmate business.


Marco BianchiSales Director Italy, Greece, Israel and Cyprus

World Wide New Offerings Director+39 348 [email protected] - [email protected] - www.calcomp.co.il

Improve ROI on security & compliance management Infosec Israel 2010

Technology

Transcript of Improve ROI on security & compliance management Infosec Israel 2010