Presentation is loading. Please wait.

Presentation is loading. Please wait.

NetVision’s Policy Management Suite: Security for eDirectory™, the NetWare® File System, Auditing, Enforcement, and Synchronization Jim Allred VP of Marketing.

Published byPeter Nicholas Carson Modified over 6 years ago

Similar presentations

Presentation on theme: "NetVision’s Policy Management Suite: Security for eDirectory™, the NetWare® File System, Auditing, Enforcement, and Synchronization Jim Allred VP of Marketing."— Presentation transcript:

1 NetVision’s Policy Management Suite: Security for eDirectory™, the NetWare® File System, Auditing, Enforcement, and Synchronization Jim Allred VP of Marketing NetVision, Inc. Todd Lawson President and CTO NetVision, Inc.

2 Novell Security Solutions Partner
NetVision’s Policy Management Suite—security for eDirectory™, NetWare® OS/file system Real-time monitoring, auditing and enforcement Automate policy enforcement Detect security breaches in real-time Trigger action to reverse the change, disable the user account and stop the perpetrator Automate the granting and revoking of access rights

3 Novell Security Solutions Partner (cont.)
NetVision has a seven-year history of delivering solutions in Directory Management/Integration and Security Currently serves over 500 customers from Fortune 1000 to Government and education NetVision recognized early on that security solutions are not secure at all unless they are directory based and directory enabled Focus on the Authentication and Authorization heart of the enterprise—the directory—to safeguard digital assets

4 Benefits of NetVision’s Policy Management Suite
Eliminates gaps in traditional IDS Leverages the directory to centralize and streamline management of enterprise security Delivers real-time monitoring, real-time reporting and proactive security policy enforcement

5 Benefits of NetVision’s Policy Management Suite (cont.)
A turnkey solution which is non-intrusive, easy to implement and cost effective Addresses core needs right out of the box and is fully customizable and extensible By filtering out non-critical events or activities Produces real-time auditing that doesn’t overload network traffic

6 Benefits of NetVision’s Policy Management Suite (cont.)
Fortifies authentication and authorization through password strengthening and password synchronization across diverse platforms and systems Automates granting and revoking of access privileges and resources (Provisioning) Lowers cost of security management through automated policy enforcement

7 Directory-Enabled Intrusion Detection
FBI/CSI 2000 Computer Crime & Security Survey showed 90% of survey respondents had security breaches in last 12 months, even though 40% of them had IDS systems in place 70% had experienced network security breaches that led to theft of confidential information, financial fraud or sabotage

8 Three-Tiered Intrusion Detection—Host-Based IDS
Collect and analyze system logs and events originating on host computers like web servers or application servers Watch for known security violations that take place Focus on internal attacks which still make up over half of business networks security breaches Directory-based IDS Network-based IDS Host-based IDS

9 Three-Tiered Intrusion Detection—Network-Based IDS
Analyze data packets that travel across the network and compare them to known attack signatures Detect attempted security breaches that originate outside the firewall Two-tiered approach (Host & Network) has been viewed as solid, but both solution classes have inherent weaknesses Directory-based IDS Network-based IDS Host-based IDS

10 Three-Tiered Intrusion Detection—Directory-Based IDS
Burton Group indicates: OS resource managers (host-based solutions) can’t impose enterprise-wide policies over resources Perimeter products (Network based solutions) have no concept of user identities, permissions, or profiles These gaps have created the demand for a new breed or additional layer in IDS Directory-based IDS Network-based IDS Host-based IDS

11 The Directory-Enabled Control Layer
The need for a third IDS level: “Unlike the OS resource manager, the Control Layer can implement centrally defined security policies in a consistent manner across multiple platforms. Unlike the perimeter layer, the Control Layer is aware of user identities, user roles and privileges, and fine-grained application functions.” The Burton Group Network Strategy Report: Directory Landscape 2002

12 The Directory-Enabled Control Layer
The need for a third IDS level—the directory-enabled control layer Directory-based IDS solutions allow centrally defined security policies that are aware of user identities, roles and privileges NetVision leads the charge in the new IDS security layer-delivers the first directory enabled IDS solution with the NetVision Policy Management Suite

13 SANS Institute on IDS Solutions
“The intrusion detection community will continue to move away from the simple signature-based systems that are so prevalent. Rule-and profile-based intrusion detection will start to become more dominant” Eugene Schultz, SANS NewsBites January 2002

14 Secure Audit Trail Technology
Policy Management Suite securely automates the routine collection of audit data Tracks and reports directory, data and server activity Tells who instigated the actions, what the actions were, when the actions occurred, and where the actions took place Filtering and reporting occurs in real-time; does not tax network resources with burden of large log files and constant polling

15 Secure Audit Trail Technology (cont.)
Secure Audit Trail technology produces filtered events Some solutions yield an unwieldy amount of excess data and logs creating a disincentive to do auditing NetVision’s solution restricts reporting to information that is pertinent to specific security concerns Delivers only critical event data-manageable amount to review and securely store

16 Secure Audit Trail Technology (cont.)
Variety of reporting methods Ensures security information remains secure Can be encrypted and sent to an ODBC database Can be sent to a secure web site Audit logs can be sent to and stored on any LDIF directory Reports and alerts can be sent via or pager to security managers Audit data can be captured in SNMP traps for secure integration with other network management systems

17 Authorization and Provisioning
Automates and streamlines the provisioning of new hires and the revocation of network access rights as part of the termination process Manages the entire life cycle of user/group management by: Updating users new rights and revoking previous rights when moving user from one group to another When account is added to or removed from a particular group, rights can be automatically granted or revoked from all other applicable groups

18 Authorization and Provisioning (cont.)
Account additions, modifications, deletions (rights, access) in one system (directory) are automatically updated in other applicable systems (directories) Performs true cross-platform (bi-directional) synchronization across: eDirectory, Active Directory, NT, iPlanet, Exchange, Notes, GroupWise® Provides automated Provisioning right out of the box Open architecture can be extended to additional systems Connectivity can be accomplished via Synchronicity or DirXML

19 Password Synchronization
Simplifies users access to multiple platforms and systems Eliminates multiple authentication points Decreases user inconvenience and help desk requirements Increases security by eliminating multiple passwords and user names Flexible naming rules resolve differing user names a user might have on different systems (John_doe and jdoe)

20 Password Management Automates enforcement of password policies
Prevents weak, easily hacked passwords Policies enforce minimum length, inclusion of special characters, and scheduled password resets

21 Policy-Based Security Enforcement
Rather than simply monitoring, auditing and reporting, NetVision solution leverages custom policies to automatically respond to and act against potential security threats—to prevent rather than just report Provides tools to create and define security policies for unique needs Provides standard settings for common threats Customize Visual Basic Scripts to execute when predetermined conditions occur As far-reaching and creative as you want

22 Proactive Actions Users account automatically terminated when users engage in questionable activities or gain inappropriate rights Block attempts to change a directory objects ACL list Prevent certain file types from being stored on network servers ( .MPEG, .JPEG, .GIF, .MP3s)

23 Flexible Policy Execution Provides Both Power and Flexibility
Inherent filtering capabilities can set thresholds Determine when activity moves from innocent, to suspicious, to outright malicious Block user access only after a set number of failed login attempts Audit but don’t initiate alerts for actions below threshold

24 Solution Components Global Event Services (GES)
Efficiently gathers data from all areas of the network Event driven Service Tracks all changes (events) to eDirectory, NetWare and the file system in real-time Who What Where When

25 Policy Management Suite
Fully integrated tools Patented technology providing real-time: Directory integration Cross-platform policy enforcement Advanced auditing and reporting

26 Policy Management Suite
Please attend follow-up session: Implementing and configuring a comprehensive security solution Reverse [Root] ACL changes. Capture information on Files being Opened. Delete Files that break company policy (MP3, JPG, AVI, ..) Reverse any change in the directory Expand reversal of changes to any directory enabled products Monitor ZenWorks, iFolder, iPrint, GroupWise, … Monitor DirXML (*.TAO, Certificate exports, Publisher, …) Tuesday 1:30pm rm. 251B Thursday 12:00pm rm. 251D

27 Product Demonstration
NetVision Policy Management Suite

28

29 Contact Information Please visit NetVision booth #C105. Get a product CD, See additional demonstration, get spiffs End-user customers- ask for a sales representative Novell staff- ask for Jon Duffy (Novell partner relations) Reseller/channel partners-ask for Dan Payton or Cleve Wright (Channel Managers) Phone:

Download ppt "NetVision’s Policy Management Suite: Security for eDirectory™, the NetWare® File System, Auditing, Enforcement, and Synchronization Jim Allred VP of Marketing."

Similar presentations

Tivoli Software from IBM Storage Resource Management Webcast

Tivoli Software from IBM Storage Resource Management Webcast
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Chapter 12 Network Security.

Chapter 12 Network Security.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Similar presentations

Ads by Google