Transcript Blank 2002 Template

NetVision’s Policy
Management Suite:
Security for eDirectory™, the NetWare® File System,
Auditing, Enforcement, and Synchronization
www.novell.com
Jim Allred
Vice President of Marketing
NetVision, Inc.
[email protected]
Todd Lawson
President and CTO
NetVision, Inc.
[email protected]
Novell Security Solutions Partner
• NetVision’s Policy Management Suite—security for
Novell eDirectory™, NetWare® OS/file system
 Real-time
monitoring, auditing and enforcement
 Automate policy enforcement
 Detect security breaches in real-time
 Trigger action to reverse the change, disable the user
account, and stop the perpetrator
 Automate the granting and revoking of access rights
Novell Security Solutions Partner
(cont.)
• NetVision has a seven-year history of delivering
solutions in Directory Management/Integration
and Security
 Currently
serves over 500 customers from Fortune
1000 to government and education
 NetVision recognized early on that security solutions
are not secure at all unless they are directory-based
and directory-enabled
 Focus on the authentication and authorization heart
of the enterprise—the directory—to safeguard digital
assets
Benefits of NetVision’s Policy
Management Suite
• Eliminates gaps in traditional Intrusion Detection
System (IDS)
• Leverages the directory to centralize and
streamline management of enterprise security
• Delivers real-time monitoring, real-time reporting,
and proactive security policy enforcement
Benefits of NetVision’s Policy
Management Suite (cont.)
• A turnkey solution which is non-intrusive, easy to
implement, and cost effective
• Addresses core needs right out of the box and is
fully customizable and extensible
• By filtering out non-critical events or activities, it
produces real-time auditing that doesn’t overload
network traffic
Benefits of NetVision’s Policy
Management Suite (cont.)
• Fortifies authentication and authorization
through password strengthening and password
synchronization across diverse platforms and
systems
• Automates granting and revoking of access
privileges and resources (provisioning)
• Lowers cost of security management through
automated policy enforcement
Directory-Enabled Intrusion Detection
• FBI/CSI 2000 Computer Crime
& Security Survey showed 90%
of survey respondents had
security breaches in last 12
months, even though 40% of
them had IDS systems in place
100
80
60
40
20
10
security breaches that led to
theft of confidential
information, financial fraud,
or sabotage
70
• 70% had experienced network
90
40
0
All Breaches
Damaging Breaches
No Breaches
IDS Systems
Three-Tiered Intrusion Detection—
Host-Based IDS
• Collect and analyze system logs
and events originating on host
computers like web servers or
application servers
• Watch for known security
violations that take place
• Focus on internal attacks, which
still make up over half of
business networks’ security
breaches
Directory-based
IDS
Network-based
IDS
Host-based
IDS
Three-Tiered Intrusion Detection—
Network-Based IDS
• Analyze data packets that travel
across the network and compare
them to known attack signatures
• Detect attempted security
breaches that originate outside
the firewall
• Two-tiered approach (host and
network) has been viewed as
solid, but both solution classes
have inherent weaknesses
Directory-based
IDS
Network-based
IDS
Host-based
IDS
Three-Tiered Intrusion Detection—
Directory-Based IDS
• Burton Group indicates:



OS resource managers (host-based
solutions) can’t impose
enterprise-wide policies over
resources
Perimeter products (network base
solutions) have no concept of user
identities, permissions, or profiles
These gaps have created the
demand for a new breed or
additional layer in IDS
Directory-based
IDS
Network-based
IDS
Host-based
IDS
The Directory-Enabled Control Layer
• The need for a third IDS level:
 “Unlike
the OS resource manager, the Control Layer
can implement centrally defined security policies in a
consistent manner across multiple platforms. Unlike
the perimeter layer, the Control Layer is aware of
user identities, user roles and privileges, and finegrained application functions.”
The Burton Group Network Strategy Report:
Directory Landscape 2002
The Directory-Enabled Control Layer
• The need for a third IDS level—the directoryenabled control layer
 Directory-based
IDS solutions allow centrally defined
security policies that are aware of user identities,
roles, and privileges
 NetVision leads the charge in the new IDS security
layer-delivers the first directory enabled IDS solution
with the NetVision Policy Management Suite
SANS Institute on IDS Solutions
“The intrusion detection community will
continue to move away from the simple
signature-based systems that are so prevalent.
Rule-and profile-base intrusion detection will
start to become more dominant”
Eugene Schultz, SANS NewsBites January 2002
Secure Audit Trail Technology
• Policy Management Suite securely automates the routine
collection of audit data
• Tracks and reports directory, data, and server activity
• Tells who instigated the actions, what the actions were,
when the actions occurred, and where the actions took
place
• Filtering and reporting occurs in real-time; does not tax
network resources with burden of large log files and
constant polling
Secure Audit Trail Technology
(cont.)
• Secure Audit Trail technology produces filtered
events
 Some
solutions yield an unwieldy amount of excess
data and logs, creating a disincentive to do auditing
 NetVision’s solution restricts reporting to information
that is pertinent to specific security concerns
 Delivers only critical event data—a manageable
amount to review and securely store
Secure Audit Trail Technology
(cont.)
• Variety of reporting methods
Ensures that security information remains secure
 Can be encrypted and sent to an ODBC database
 Can be sent to a secure web site
 Audit logs can be sent to and stored on any LDIF directory
 Reports and alerts can be sent via e-mail or pager to
security managers
 Audit data can be captured in SNMP traps for secure
integration with other network management systems

Authorization and Provisioning
• Automates and streamlines the provisioning of
new hires and the revocation of network access
rights as part of the termination process
• Manages the entire life cycle of user/group
management by:


Updating users new rights and revoking previous rights when
moving user from one group to another
When account is added to or removed from a particular group,
rights can be automatically granted or revoked from all other
applicable groups
Authorization and Provisioning
(cont.)
• Account additions, modifications, deletions (rights,
access) in one system (directory) are automatically
updated in other applicable systems (directories)
• Performs true cross-platform (bi-directional)
synchronization across:

eDirectory, Active Directory, NT, iPlanet, Exchange, Notes,
GroupWise®
• Provides automated Provisioning right out of the box
• Open architecture can be extended to additional systems
Password Synchronization
•
•
•
•
Simplifies users access to multiple platforms and systems
Eliminates multiple authentication points
Decreases user inconvenience and help desk requirements
Increases security by eliminating multiple passwords and
user names
• Flexible naming rules resolve differing user names a user
might have on different systems (John_doe and jdoe)
Password Management
• Automates enforcement of password policies
• Prevents weak, easily-hacked passwords
• Policies enforce minimum length, inclusion of
special characters, and scheduled password
resets
Policy-Based Security Enforcement
• Rather than simply monitoring, auditing, and reporting,
•
•
•
•
the NetVision solution leverages custom policies to
automatically respond to and act against potential
security threats—to prevent rather than just report
Provides tools to create and define security policies for
unique needs
Provides standard settings for common threats
Customize Visual Basic scripts to execute when
predetermined conditions occur
As far-reaching and creative as you want
Proactive Actions
• User accounts automatically terminated when
users engage in questionable activities or gain
inappropriate rights
• Blocks attempts to change a directory object’s
ACL list
• Prevents certain file types from being stored on
network servers ( .MPEG, .JPEG, .GIF, .MP3s)
Flexible Policy Execution Provides
Both Power and Flexibility
• Inherent filtering capabilities can set thresholds
• Determine when activity moves from innocent to
suspicious, to outright malicious
• Block user access only after a set number of
failed login attempts
• Audit but don’t initiate alerts for actions below
threshold
Solution Components
• Global Event Services (GES)
 Efficiently
gathers data from all areas of the network
 Event-driven service
 Tracks all changes (events) to eDirectory, NetWare,
and the file system in real-time
•
•
•
•
Who
What
Where
When
Policy Management Suite
• Fully integrated tools
• Patented technology providing real-time:
 Directory
integration
 Cross-platform policy enforcement
 Advanced auditing and reporting
Product Demonstration
• NetVision Policy Management Suite