Organizations are just beginning to understand the role that compliance plays and will continue to play in their security practices and organizational structures. You have to understand and facilitate the necessary regulatory controls that must be deployed within your organizational infrastructures. Over time, these controls will only continue to grow in number and scope, and getting a jumpstart on compliance is not only a solid business decision, but in many cases, a governmental requirement as well.
If your organization is looking to get a better handle on compliance like everyone else is, here's some good news: Novell recently completed the acquisition of e-Security, a leader in security information management and continuous compliance monitoring solutions. The e-Security solutions were recently rated by Gartner as the leader in the Magic Quadrant for Security Information and Event Management (SIEM), rated best in completeness of vision, among other awards.
"In the compliance area, customers want converged solutions that encompass system, identity, access and security event management. With the acquisition of e-Security, Novell is the only vendor with the potential to proactively address business needs for a real-time, comprehensive compliance solution that integrates people, systems and processes."
-Chris Christiansen IDC vice president of Security Products and Services
Through the acquisition of e-Security, Novell is integrating realtime monitoring and remediation of security, access management and compliance events into one solution. With the addition of the e-Security Sentinel family of products, Novell is the first to deliver a single view of security and compliance activities across the enterprise, combining the benefits of identity and systems management with real-time compliance monitoring. (See Figure 1.) With a comprehensive view of user, network and application events, you can now streamline a previously labor-intensive and error-prone process, cut costs through automation and build a more rigorous compliance program.
Let's take a closer look at Sentinel, and what it can do for you. Sentinel helps you manage risk more effectively, improve security metrics and automate compliance reporting, while reducing security and compliance costs by replacing manual processes with a continuous monitoring and reporting solution for IT controls. Sentinel enables real-time security and continuous compliance monitoring across all your systems and applications regardless of platform, providing security and compliance teams with an enterprise-wide real-time view of their security and compliance posture.
Sentinel enables you to collect, correlate, monitor and display data from thousands of events per second in real-time. You have alwayscurrent reports on the organization's security and compliance health instead of relying on stale reports generated for the last security or compliance audit. Sentinel's modules include:
- Sentinel Control Center
- Sentinel Reports
- Sentinel Wizard
- Sentinel Advisor (optional module)
- Sentinel Mainframe Connect (optional module)
The Sentinel Control Center provides a central console for real-time monitoring, event correlation, incident management and reporting.
Active Views provide a comprehensive set of real-time visualization and analytical capabilities to detect and analyze threats and policy violations in one integrated, powerful security and compliance monitoring control center. (See Figure 2.) Intuitive displays enable analysts to quickly identify new trends, attacks or violations; manipulate and interact with real-time graphical information; and drill-down into historical details ranging from seconds to hours in the past. In effect, this functions as a real-time forensic research toolkit.
Comprehensive incident management capabilities enable you to create incidents manually (and attach relevant data and documents) or automatically through a comprehensive set of extensible correlation rules.
iTRAC workflow enables you to respond proactively to incidents by automating and enforcing incident identification and resolution processes providing the security organization a 'system of record' for tracking and reporting remediation of security or compliance incidents. (See Figure 3.)
With Sentinel Reports, a key module of Sentinel 5, you can:
- demonstrate that you continuously monitor user activity on critical IT assets and that security and compliance incidents are identified
- prove your organization tracks and resolves incidents and policy violations for more robust compliance attestation
- gain the insight you need to effectively monitor, measure and improve your security posture
- discover trends and anomalies you can't detect manually.
Sentinel Reports enables you to track and report all security-related activity on assets impacted by Sarbanes-Oxley, HIPAA, FISMA, PCI and other regulations, including user activity, incidents and policy violations.
Sentinel Reports provides valuable insight to executive management and internal and external auditors on policy adherence, violations and remedial actions, as well as how user activity affects critical assets. You can eliminate the time-consuming exercise of manually wading through system logs and other relevant data to prepare reports–reducing both operational risk and the time and money you would typically spend on audit preparation and review.
Sentinel 5's out-of-the-box reporting capabilities help your organization obtain critical security and compliance data quickly and efficiently–an essential benefit when inflexible audit dates, regulatory deadlines and other pressures drive project timelines. Sentinel Reports includes a comprehensive set of reports and dashboards, which you can easily configure. (See Figure 4.) You can also create your own reports using an industry-standard report builder to meet your organization's specific requirements. All departments will benefit from getting up-to-date information on the organization's compliance and security posture. Another operational strength of the reporting solution is its powerful flexibility in publishing the reports in so many various formats including prescheduled publishing to internal corporate intranet portals.
The Sentinel Wizard delivers a richer event stream by injecting business-relevant data before events are correlated and analyzed. (See Figure 5.) A richer event stream means Sentinel is correlating data with the business context required to identify and remediate internal or external threats and policy violations. Sentinel Wizard's easy-touse, drag-and-drop interface allows you to create rules-based Collectors to gather, filter and normalize data from any source and securely communicate relevant information to the Sentinel Control Center. It enables users to quickly and efficiently develop and configure Collectors to monitor any source, and
- quickly create, manage, and deploy collectors to all enterprise systems
- connect any IT asset to the Sentinel Control Center
- write and customize rules on the fly
- embed best practices and business rules to address unique security management and compliance monitoring requirements.
The Sentinel Advisor provides centralized security intelligence for proactive resolution of new vulnerabilities. Sentinel Advisor contains a comprehensive and timely collection of known threats and vulnerabilities. Coupled with iTRAC, Sentinel Advisor provides unmatched real-time threat mitigation and policy violation prevention.
Sentinel Advisor cross-references Sentinel's real-time alert data with known vulnerabilities and automated remediation process, bridging the gap between incident detection and response. With Sentinel Advisor, organizations can determine if events exploit specific vulnerabilities and how these attacks impact their assets.
Sentinel Mainframe Connect captures security and compliance activities directly from mainframe computers and correlates the information with other IT security and compliance events across the enterprise, an unmatched capability unique in the industry. Sentinel Mainframe Connect provides a lower total cost of ownership and less maintenance headaches by eliminating the requirement to use thirdparty products to access mainframe security data.
For more great information on the Sentinel products and how they can help you in your Novell environment, visit novell.com/sentinel.