Premierowy pokaz systemu Sentinel 7. Dariusz Leonarski Senior Consultant, Novell/NetIQ dleonarski@novell.com

Premierowy pokaz systemu Sentinel 7 Dariusz Leonarski Senior Consultant, Novell/NetIQ dleonarski@novell.com

NetIQ w Polsce Novell Sp. z o.o. krajowym reprezentantem interesów całego holdingu The Attachmate Group 2 W ramach holdingu działają niezależne jednostki biznesowe NetIQ Novell SUSE Attachmate Co zapewnia polskie biuro? Lokalna pomoc i konsultanci Konkurencyjność cenowa produktów i usług Dbałość o relacje i serwis

Emulacja terminali Modernizacja systemów Transfer zarządzanych plików Zapobieganie oszustwom w firmie Novell Sp. z o.o. ul. Postępu 21 02-676 Warszawa tel. 22 537 5000 infolinia 800 22 66 85 Praca grupowa Usługi sieciowe i plikowe Zarządzanie punktami końcowymi 3 Zarządzanie tożsamością, bezpieczeństwem i zgodnością Zarządzanie systemami Zarządzanie zasobami Serwery Linux dla firm Wirtualne urządzenia (software appliances) Linux na desktopie

Attachmate Reflection products Novell Identity Manager Novell GroupWise Novell Access Manager Novell Vibe OnPrem Attachmate EXTRA! products Novell Access Governance Suite Novell Vibe Cloud Attachmate INFOConnect products Novell Sentinel Attachmate DATABridge NetIQ Change Guardian products Attachmate FileXpress products Novell SecureLogin Attachmate Luminet Novell Cloud Security Service Attachmate Verastream products NetIQ Security Manager Novell File Management Suite Novell Data Synchronizer Novell ZENworks Configuration Management SUSE Linux Enterprise Server for System z SUSE Linux Enterprise High Availability Extension SUSE Linux Enterprise Real Time Extension Novell ZENworks Patch Management SUSE Linux Enterprise Point of Service Novell Cloud Manager Novell ZENworks Asset Management Novell Compliance Management Platform SUSE Linux Enterprise Server with Expanded Support Novell ZENworks Application Virtualization Novell Privileged User Manager Novell Operations Center NetIQ Directory and Resource Administrator Novell ZENworks Linux Management SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Desktop NetIQ Migration Suite Novell ZENworks Virtual Appliance SUSE Manager NetIQ Secure Configuration Manager Novell ZENworks Endpoint Security Management SUSE Studio NetIQ AppManager Suite Novell Service Desk NetIQ AppManager Performance Profiler LibreOffice Novell Open Workgroup Suite NetIQ Analysis Center NetIQ Aegis PlateSpin products 4 Novell Open Enterprise Server SUSE Linux Enterprise Server

Sentinel 7 Overview

Extensive Product Enhancements and Differentiation in Sentinel 7 Completely refreshed, web-based user interface Industry-first Security Intelligence/Anomaly Detection with advanced data analytics 6 Bundling of Log Management Features New correlation rule builder Single product that includes a soft appliance option Extensive public REST APIs to core components

New User Interface 7

What s Happening In My Environment? Anomaly Detection Discrepancy or deviation from an established rule, trend, or pattern Something I can t necessarily foresee but I want to monitor Correlation Relationship between two or more sets of data Something I can foresee and want to take immediate action 8

Security Intelligence Anomaly Detection Anomaly detection is more effective to discover new attacks and identify threats without building rules 9 Quickly detect anomalies by analyzing when the environment changes Correlation is extremely effective but you have to know what to look for ahead of time Security Intelligence delivers value day one, without building correlation rules Complements correlation rules

Security Intelligence Dashboards 10

Security Intelligence Dashboards 11

Correlation Overview Realizing the full value of the Sentinel correlation 12 Easily build, manage and maintain correlation rules without the complexities of writing RuleLG or understanding Sentinel taxonomy Build and update correlation rules from existing events Test new/modified rules before putting them into production Understand the impact on system performance for each individual correlation rules Overall performance monitoring and metrics of the Correlation engine Easily integrated with Security Intelligence

Correlation Rule Building 13

Correlation Rule Building 14

Correlation Rule Builder 15

Identity Integration Building on the strengths of Sentinel 6.1 16 Industry unique integration of identity details with security events collected from provisioned applications Basic out-of-the-box integration with Microsoft Active Directory Integration with Identity Manager with other Identity Management systems in the future User Activity Monitoring allows security and compliance managers to understand the what, when, how and who of Identity and Security

Identity Integration 17

Identity Integration - Activity What applications has this user been using? What actions have they been performing in those applications? What privilege changes has been? 18

New Identity Search 19

What s Come over From Sentinel Log Manager? An integrated Log Management and SIEM product Still two separate products each with different uses/use cases Distributed Search Search data across Sentinel and Log Manager servers Tagging Tagging has been incorporated into Anomaly Detection Users and Roles LDAP Authentication Data Retention Policies One-Click Reporting 20

Report White Labeling 21

Two-Tiered Storage Architecture 22

Data Synchronization Data Synchronization automatically or through policy moves event data from the file system store to the embedded or 3rd party database Data that is needed for reporting is automatically moved to the database Custom policies can be defined that allow data to be synchronized to the database 23 Data that is synchronized is based upon a Filter Query Sentinel 7 includes an embedded database Depending on customer needs, optional support for Microsoft SQL Server 2008 and Oracle 11g

Data Synchronization Policy 24

Summary of new features 25 Anomaly Detection - Create baselines of 'normal' behavior in your IT environment to allow for detection of anomalous activities Unified Single Solution - Log management and event management capabilities are combined in a single unified product High Performance Two-Tiered Storage - Efficient, file-based event storage tier is optimized with 10:1 compression for long-term archival of events while allowing the flexibility to sync events to a traditional relational database Graphical Rule-Builder - Quickly build and test event correlation rules using the events collected in your environment to deliver improved threat detection capabilities Distributed Search - Search events not only on local Sentinel servers but also on other Sentinel or Sentinel Log Manager servers from a single, centralized console Optional Ready-to-Run Software Appliance - Delivered as a VMWare, Xen or ISO image, and supported on the major hypervisors, including Hyper-V

Spojrzenie od strony handlowej...

Licencjonowanie systemu Sentinel 7 Enterprise Events Per Second (EPS) Licensing Model Liczymy wyłącznie liczbę zdarzeń w środowisku IT Nie ma oddzielnych licencji na serwer Sentinela, konektory czy moduły korelacji zdarzeń Szczegóły na www.novell.pl/promocje Infolinia handlowa 0800 22 66 85 infolinia@novell.pl Zamówienie indywidualnej oferty 27 500, 1.000, 2.500, 5.000, 10.000, 25.000, 50.000 EPS www.novell.pl/formularz.html

Nagrody za ankiety Zapraszamy na kolejne webinary 15 listopada ZENworks Config. Management SP2 24 listopada ZENworks Patch Management PL Rejestracja: www.novell.pl/whatsnew/kalendarium Podziel się opinią o dzisiejszym naszym seminarium 28 Link do formularza z ankietą prześlemy jeszcze dzisiaj razem z linkiem do nagrania webinaru Wśród respondentów rozlosujemy trzy praktyczne klucze USB 4GB Your Key to Security

29

Pytania? (zanim przejdziemy do pokazu...)

Demo

Adres centrali 1233 West Loop South Suite 810 Houston, TX 77027 USA 32 2011 NetIQ Corporation. All rights reserved. +1 713.548.1700 info@netiq.com NetIQ.com http://community.netiq.com

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright 2011 NetIQ Corporation. All rights reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States.