NetResults Newsletter
Volume 9, Issue 4 | July 2007
NetIQ Security Manager 6.0™ – Comprehensive and Powerful Security Threat Protection
A message from Chris Pick
NetIQ Vice President of Products & Marketing
Just a little over a week ago, NetIQ Security Manager 6.0™ was released and we're extremely proud to say it is the most comprehensive security information and event management solution on the market. Our customers capture real time security data, securely and cost-effectively. They can manage their compliance and data protection requirement, and receive easy-to-read audit trails.
One of the many capabilities of Security Manager 6.0 is that it protects enterprise environments from security threats at the host platform where corporate data resides. No other solution combines security information and event management (SIEM) with robust user and access monitoring, real-time auditing of system changes, and powerful threat detection for the Microsoft Windows platform.
And now, customers of Security Manager 6.0 realize even more benefits from a new log archiving technology we've developed. Our Trend for Reporting, Analytics and Centralized Examination (TRACE™), utilizes proprietary, file-based distributed storage that radically improves log management over traditional relational database technology.
Don't forget to Save the Date for this year's NetConnect and check out the exclusive, new location for the event. You won't want to miss it.
NetIQ Change Guardian for Windows™ – Real-Time Change Monitoring Without Native Auditing
Monitoring for changes and user activity is often considered a best practice in IT, and is even mandated by requirements such as the Payment Card Industry Data Security Standard (PCI-DSS).
Unfortunately, current approaches such as native auditing, file integrity checking, or kernel shims often fail to meet the changing threat landscape, manage the proliferation of regulatory mandates, or map to the requirements of the business. Specifically:
- Native object-level auditing can degrade server performance to the extent that many end up disabling it!
- File integrity checkers often cause unacceptable spikes in system utilization.
- Kernel shims can introduce issues with system reliability, and are difficult to deploy on a large scale basis.
NetIQ Change Guardian for Windows™ provides an innovative approach that delivers powerful, real-time change monitoring across files, directories, shares, registry entries and system processes, all without the need to enable native auditing. Using a Microsoft-supported file system filter driver (FSFD) to capture and process activities, NetIQ Change Guardian for Windows overcomes the challenges of the monitoring approaches discussed above, and further processes the data to provide meaningful, simplified but powerful alerts and audit trails. This allows for rapid identification of potentially dangerous changes across your environment.
NetIQ Change Guardian for Windows is a module of NetIQ Security Manager™, which couples the solution with industry-leading security information and event management technology, including log management. Using the features provided through NetIQ Change Guardian for Windows, along with the functionality of NetIQ Security Manager, organizations will be able to take immediate advantage of the solution's capabilities, while realizing the following benefits:
- Powerful, real-time change monitoring – Monitors changes across files, directories, shares, registry entries and system processes, rapidly alerting you to potentially dangerous changes to your environment.
- Elimination of the need for native object-level auditing, drastically reducing server utilization – Uses a Microsoft-approved monitoring mechanism to avoid the performance degradation that native auditing can present, while providing a high fidelity of change information.
- Validation and enforcement of change control processes – Identifies "managed" changes made using an authorized control interface or via a prescribed manner, versus unmanaged changes that may indicate circumvention of change controls.
- Central recording and audit of changes – Compiles critical change information from across the organization for subsequent analysis, helping eliminate the complexities of aggregating change events for regulatory compliance and incident investigation.
- Comprehensive change and activity reporting – Captures before and after values for objects, enabling detailed change reports based on one or more users or computers, helping to quickly identify anomalies and allowing investigators to quickly drill down into more detailed information.
- Ability to work with a broader solution for Windows change control v Extends functionality of NetIQ Security Manager and augments NetIQ Change Administrator to provide a comprehensive solution for privilege delegation, privilege user monitoring and server security.
For more information on this powerful new solution, download our new whitepaper, "Detect System Changes and User Activity in Real Time".
NetIQ Positioned in the Leaders Quadrant of Leading Industry Analyst Firm's Security Information and Event Management Magic Quadrant
On May 14, 2007, NetIQ announced we have been positioned by Gartner, Inc. in the Leaders Quadrant in the '1Q07 Security Information and Event Management (SIEM) Magic Quadrant report. Gartner's Magic Quadrant report evaluates vendors on their ability to execute, as well as their completeness of vision.
In the "What's New" section above, we discuss the benefits of our new solution offering, NetIQ Change Guardian for Windows™. This white paper outlines how this unique security solution detects system changes and user activity in real-time.
Secure & Cost-Effective Log Management with NetIQ Security Manager 6.0™
Learn how NetIQ Security Manager 6.0™, the latest release of NetIQ's industry-leading Security Information and Event Management (SIEM) solution, provides a more cost-effective means for archiving and retrieving log data for large enterprises.
Question:
After changing the name or domain of a Security Manager agent, how can I get the agent to appear under infrastructure components?
Answer:
For Security Manager 5.5 and above: You will need to authorize the agent to communicate. To do this, go to the Security Manager Today page. Launch the Agent Administrator and then click on Agent Summary and then Agent Summary View. Check the "show hidden computers" box and then find the agent in the list. In the Authorized Status column, change the no to a yes. Check the Hidden column and if it shows yes, change it to no. Click on apply and then close. Check "Apply configuration changes now" if you want the changes to take effect immediately (otherwise it will happen in 5 minutes) and then click OK.
For Security Manager 5.1 and below: When an agent has been moved to a different domain, a new managed computer rule (MCR) reflecting the new naming information must be created. Otherwise, the Agent Manager will not be able to manage the agent and the consolidator will not be able to receive any event or alert information from the agent.
Can Group Policy Administrator export Group Policy Objects (GPOs) to non-trusted domains?
Answer:
NetIQ Group Policy Administrator (GPA) 5.0 introduced the ability to export GPOs to entrusted domains, placing the product as the only known Group Policy Management solution that can simultaneously manage GPOs across both trusted and non-trusted Active Directory domains. It achieves this using the new GPA Server component, introduced in GPA 5.0.
To configure the GPA Server component to export to a non-trusted domain, perform the following steps:
- Launch the GPA console and navigate to the GP Repository | Repository Server | YourDomain node.
- Highlight the non-trusted domain and select Action from the menu and then click Properties.
- Click the Export Override Account tab and place a check mark in the box labeled Use export override.
- Type the name of a user account that has permissions to export a GPO in the non-trusted domain in the User field.
- Type the password of the user account in the Password field.
- Type the same password again in the Confirm Password field.
- Click OK to close the properties sheet.
For more information on how to configure GPA 5.0 to export to non-trusted domains, see the NetIQ Knowledge Base article NETIQKB44875: "How do I configure the server piece of Group Policy Administrator to work in a non-trusted domain configuration?"
Blue Cross Blue Shield of Massachusetts Honored by Attachmate as 65,000th Customer
On April 23, 2007, Blue Cross Blue Shield, a NetIQ and Attachmate customer, was recognized during Attachmate's Global Sales Conference in Orlando, Florida. They were honored as a customer whose focus on providing the best healthcare for its customers has led the company to use information technology as its greatest resource.
"We are honored to be recognized as a milestone customer by Attachmate as we rely on the company's solutions for access to critical IT systems and complete IT service assurance," said Michael Ciano, director of Network and Desktop/LAN Services at Blue Cross Blue Shield of Massachusetts. "The combined power of Attachmate's solutions guarantees that we can manage the health, availability and security of our IT systems, provide the business services our teams need, and ultimately run our IT organization efficiently in order to provide the highest quality healthcare statewide."
 |
NetIQ Security Manager Captures Silver in TechTarget's Reader's Choice Awards Once again, NetIQ would like to thank you, our valued customers for your participation in TechTarget's Reader's Choice Awards. Announced in early April, NetIQ took a silver medal in the "Security Information Management" category based on customers' feedback highlighting NetIQ Security Manager's management interface and compatibility with existing systems! |
 |
Evolve Your Enterprise at NetConnect 2007, October 15-16!
Why not glance at the NetConnect conference agenda to see why this event will be one of the most content-rich, educational events you could attend this year?
Detect System Changes & User Activity in Real Time
Discover how NetIQ Change Guardian for Windows™ can help you meet your security monitoring requirements, such as those mandated in PCI-DSS Section 10; and assure the protection of your systems and data.
Automating AD Administration
Learn how the powerful task automation capabilities offered within NetIQ Directory and Resource Administrator (DRA) can help you and your team administer Active Directory more efficiently.
Introduction to DRA Automation: July 24 | 2:00pm Eastern
This advanced session will provide DRA customers deeper insight into the automation capabilities of DRA, including the use of triggers and policies to automate common tasks.
Entitlement Reporting in a Regulated World: July 25 | 2:00pm Eastern
Learn how to easily manage entitlement reports and electronically distribute them to management.
VMworld 2007: September 11 - 13, 2007 San Francisco, CA
Join thousands of IT professionals and executives, developers, technology providers, and industry experts from around the world on September 11-13 at the Moscone Center in scenic San Francisco. Come experience the latest and greatest in virtualization technology and business solutions. And visit NetIQ in the Expo hall!
itSMF USA Fusion 07: September 16 - 19, 2007 Charlotte, NC
The itSMF (Information Technology Service Management Forum) USA Fusion 07 conference and exposition brings together the best minds in the service management industry. This years inspirational keynote speakers include Cal Ripken, Jr. (Orioles Iron Man), John Foley, former lead solo pilot for the Blue Angels, and Erin Gruwell, agent for social change and author of the bestseller, The Freedom Writers Diary. Be sure to visit NetIQ in booth 623!
Visit our corporate events page to view all NetIQ events.
