Novell Home

Organizations are just beginning to understand the role that compliance plays and will continue to play in their security practices and organizational structures. You have to understand and facilitate the necessary regulatory controls that must be deployed within your organizational infrastructures. Over time, these controls will only continue to grow in number and scope, and getting a jumpstart on compliance is not only a solid business decision, but in many cases, a governmental requirement as well.

If your organization is looking to get a better handle on compliance like everyone else is, here's some good news: Novell recently completed the acquisition of e-Security, a leader in security information management and continuous compliance monitoring solutions. The e-Security solutions were recently rated by Gartner as the leader in the Magic Quadrant for Security Information and Event Management (SIEM), rated best in completeness of vision, among other awards.

"In the compliance area, customers want converged solutions that encompass system, identity, access and security event management. With the acquisition of e-Security, Novell is the only vendor with the potential to proactively address business needs for a real-time, comprehensive compliance solution that integrates people, systems and processes."
-Chris Christiansen IDC vice president of Security Products and Services

Through the acquisition of e-Security, Novell is integrating realtime monitoring and remediation of security, access management and compliance events into one solution. With the addition of the e-Security Sentinel family of products, Novell is the first to deliver a single view of security and compliance activities across the enterprise, combining the benefits of identity and systems management with real-time compliance monitoring. (See Figure 1.) With a comprehensive view of user, network and application events, you can now streamline a previously labor-intensive and error-prone process, cut costs through automation and build a more rigorous compliance program.

Let's take a closer look at Sentinel, and what it can do for you. Sentinel helps you manage risk more effectively, improve security metrics and automate compliance reporting, while reducing security and compliance costs by replacing manual processes with a continuous monitoring and reporting solution for IT controls. Sentinel enables real-time security and continuous compliance monitoring across all your systems and applications regardless of platform, providing security and compliance teams with an enterprise-wide real-time view of their security and compliance posture.

Sentinel enables you to collect, correlate, monitor and display data from thousands of events per second in real-time. You have alwayscurrent reports on the organization's security and compliance health instead of relying on stale reports generated for the last security or compliance audit. Sentinel's modules include:

  • Sentinel Control Center
  • Sentinel Reports
  • Sentinel Wizard
  • Sentinel Advisor (optional module)
  • Sentinel Mainframe Connect (optional module)

The Sentinel Control Center provides a central console for real-time monitoring, event correlation, incident management and reporting.

Active Views provide a comprehensive set of real-time visualization and analytical capabilities to detect and analyze threats and policy violations in one integrated, powerful security and compliance monitoring control center. (See Figure 2.) Intuitive displays enable analysts to quickly identify new trends, attacks or violations; manipulate and interact with real-time graphical information; and drill-down into historical details ranging from seconds to hours in the past. In effect, this functions as a real-time forensic research toolkit.

Comprehensive incident management capabilities enable you to create incidents manually (and attach relevant data and documents) or automatically through a comprehensive set of extensible correlation rules.

iTRAC workflow enables you to respond proactively to incidents by automating and enforcing incident identification and resolution processes providing the security organization a 'system of record' for tracking and reporting remediation of security or compliance incidents. (See Figure 3.)

With Sentinel Reports, a key module of Sentinel 5, you can:

  • demonstrate that you continuously monitor user activity on critical IT assets and that security and compliance incidents are identified
  • prove your organization tracks and resolves incidents and policy violations for more robust compliance attestation
  • gain the insight you need to effectively monitor, measure and improve your security posture
  • discover trends and anomalies you can't detect manually.

Sentinel Reports enables you to track and report all security-related activity on assets impacted by Sarbanes-Oxley, HIPAA, FISMA, PCI and other regulations, including user activity, incidents and policy violations.

Sentinel Reports provides valuable insight to executive management and internal and external auditors on policy adherence, violations and remedial actions, as well as how user activity affects critical assets. You can eliminate the time-consuming exercise of manually wading through system logs and other relevant data to prepare reports–reducing both operational risk and the time and money you would typically spend on audit preparation and review.

Sentinel 5's out-of-the-box reporting capabilities help your organization obtain critical security and compliance data quickly and efficiently–an essential benefit when inflexible audit dates, regulatory deadlines and other pressures drive project timelines. Sentinel Reports includes a comprehensive set of reports and dashboards, which you can easily configure. (See Figure 4.) You can also create your own reports using an industry-standard report builder to meet your organization's specific requirements. All departments will benefit from getting up-to-date information on the organization's compliance and security posture. Another operational strength of the reporting solution is its powerful flexibility in publishing the reports in so many various formats including prescheduled publishing to internal corporate intranet portals.

Make your Controls Reasonable, Enforceable and Auditable

Your Controls Must be Reasonable.
Your controls and the policy that governs them must fit the security requirements of not only the information, but also the organization and the regulation(s) themselves. This means that, if the information is highly sensitive, then it makes sense to protect it to the maximum levels possible. However, if the cost, rigor or complexity of such protection is greater than the organization can withstand, the policy is doomed to be circumvented by a myriad of levels within the organization.

Your Controls Must Be Enforceable.
Your policy and your controls must work together and support each other. The policy can say one thing, while setting the perception of management appropriately. If there is no way to implement and maintain controls to enforce the policy, then a major gap emerges between perception and reality. This gap is exposed each time an audit is performed utilizing the policy as a measuring stick against security practices. Many times a policy is implemented and enforced on a small scale, but over time, as systems mature and their use increases, the enforceability becomes unmanageable. Take event monitoring, for example. Most companies have policies or standards that state that they review event logs on a periodic basis looking for violations. The reality is that most event logs roll over on themselves several times before anyone reviews them.

Your Controls Must Be Auditable
A policy is worthless if it is enacted and enforcement controls are implemented, but there is no evidence that it is working. Once again, your policy and your controls must work together in harmony. Every security policy must have audit trails indicating and validating that the policy is in place and is being enforced on a consistent and ongoing basis. Once an acceptable information security policy is in place, the internal standards and controls are established.

The Sentinel Wizard delivers a richer event stream by injecting business-relevant data before events are correlated and analyzed. (See Figure 5.) A richer event stream means Sentinel is correlating data with the business context required to identify and remediate internal or external threats and policy violations. Sentinel Wizard's easy-touse, drag-and-drop interface allows you to create rules-based Collectors to gather, filter and normalize data from any source and securely communicate relevant information to the Sentinel Control Center. It enables users to quickly and efficiently develop and configure Collectors to monitor any source, and

  • quickly create, manage, and deploy collectors to all enterprise systems
  • connect any IT asset to the Sentinel Control Center
  • write and customize rules on the fly
  • embed best practices and business rules to address unique security management and compliance monitoring requirements.
Sentinel 5 comes with a comprehensive list of out-of-the-box configurable and extensible collectors for ultimate flexibility and quick deployment. (See Figure 6.)

The Sentinel Advisor provides centralized security intelligence for proactive resolution of new vulnerabilities. Sentinel Advisor contains a comprehensive and timely collection of known threats and vulnerabilities. Coupled with iTRAC, Sentinel Advisor provides unmatched real-time threat mitigation and policy violation prevention.

Sentinel Advisor cross-references Sentinel's real-time alert data with known vulnerabilities and automated remediation process, bridging the gap between incident detection and response. With Sentinel Advisor, organizations can determine if events exploit specific vulnerabilities and how these attacks impact their assets.

Automating IT Controls–get protective, detective and corrective.

Automating IT controls may sound like a burdensome process but in reality, it doesn't have to be one. The transition from manual to automated reporting can be done quickly and easily by following a few steps:

  • Get Organized
  • Understand control objectives
  • Put together a plan for success
  • Determine the appropriate control levels for your organization.

The appropriate level of controls for your organization are dependent on the regulations to which your organization are susceptible, the type of organization you are working with and its business requirements.

Appropriate controls come in several flavors: protective, detective and corrective.

Every company has information resources with inherent value that must be protected. Most companies have written policies stating their requirements to protect the company's information assets. Security controls are, therefore, installed to enforce this policy, based on the perceived value of a given company's information. Understanding each flavor of security control aids an organizations IT security team in determining when to implement which types of controls.

Protective Controls
Protective controls are the preventative measures taken to mitigate the risk of loss of value of information. These controls are intended to thwart attacks, through strong intervention and management. Permissions must be kept current and well-managed. Most protective controls are more expensive to implement and maintain than detective or corrective controls. However, over the course of time, their effective use will probably prevent a more significant loss in information value. Examples of protective controls include: authentication, access control systems, encryption, and firewalls (all of which are important facets of compliance).

Detective Controls
The posture of a detective control is one of postevent response. These controls are loss mitigation systems which function as burglar alarms, indicating something has happened, and information value may be lost. This is the type of control that is implemented to support the preventative controls already in effect. Generally, these controls are less costly to deploy, and will often complement existing preventative controls. Organizations which rely too heavily on the detective controls run a higher risk of actually experiencing a more significant loss of information value, as a direct result of the passive/reactive nature of the control.

Corrective Controls
The third type of control, a corrective control, is found in most organizations. Often times, these types of controls are deployed when just having a valid backup/restore program is sufficient. For most organizations, this is the strategy utilized for public access systems, like Web sites and anonymous FTP sites. The value of that information is usually found in its accessibility, and if something alters or deletes the information resource, then restoration to a prior state is sufficient. Obviously, this type of control is inexpensive to deploy, and should never be used for any valuable information resource. The real cost of corrective controls comes once an incident has occurred, and something valuable was either damaged or lost.

Sentinel Mainframe Connect captures security and compliance activities directly from mainframe computers and correlates the information with other IT security and compliance events across the enterprise, an unmatched capability unique in the industry. Sentinel Mainframe Connect provides a lower total cost of ownership and less maintenance headaches by eliminating the requirement to use thirdparty products to access mainframe security data.

For more great information on the Sentinel products and how they can help you in your Novell environment, visit N

© 2015 Micro Focus