NetResults Newsletter
Volume 11, Issue 6 | July 2008
Security Process Automation: NetIQ Leading Edge Technology
A message from Chris Pick, NetIQ Vice President of Products & Marketing
IT process automation responds to the burgeoning need to control IT costs. By providing an effective, cost-efficient alternative for human labor, IT organizations eliminate burdensome manual tasks that constantly dog them, and establish a path towards greater business process maturity over time. Until now, the focus of IT process automation has been on IT operations, with most use cases encompassing common operational processes such as server and account provisioning, change management and managing maintenance tasks. IT security has been ignored.
Security costs are rapidly increasing, as newly implemented procedures and point product purchases attempt to satisfy "check the box" compliance requirements. But pressures to contain costs are pushing customers—especially security officers—to seek alternative approaches such as turning over basic security tasks to IT operations teams. This introduces its own challenges, however, as IT operations has competing mandates from the business, such as maintaining service availability and resolving issues quickly.
Decreasing costs, without sacrificing service quality or introducing risk, is a constant challenge. How can any organization balance both of these desires and actually achieve meaningful results?
It's a tall order. But imagine if you could achieve this overall objective through process automation. You could eliminate manual steps within security processes such as incident management or security configuration management, while achieving faster incident resolution and vulnerability remediation. You ultimately would be able to fully integrate security with existing enterprise IT management processes. That means you would effectively eliminate independent and multiple views of security information, while integrating other IT event data sets and their functional capabilities.
Imagine still if you could automate shared processes between Security, Change and Configuration Management disciplines, while maintaining segregation of duties. You would be left with converged and automated control assessment and remediation processes for a much more streamlined compliance program.
These benefits are just the beginning of what is possible with Security Process Automation, the next frontier for Security and Compliance management. And NetIQ® is providing that path with NetIQ® Aegis™ and the NetIQ Aegis Adapters for both NetIQ® Security Manager™ and NetIQ Secure Configuration Manager™. These products revolutionize the way that IT costs, service quality, policy compliance and business alignment goals are met. With Aegis and the new adapters, security professionals can use their time for more important tasks, lower costs associated with security and compliance, and make improvements in overall organizational security.
Read more about our latest technology around Security Process Automation, along with Forrester Research's recent commentary and analysis on NetIQ's innovation around IT Process Automation in their research note, “NetIQ's Innovation Targets Diversity and Costs; SWOT Analysis: NetIQ, Q2 2008, by Jean-Pierre Garbani et al, June 26, 2008” discussed in the "What's New" section below.
Security Adapters for NetIQ Aegis
This month's release of the NetIQ® Aegis™ Adapters for both NetIQ® Security Manager™ and NetIQ® Secure Configuration Manager™ represent significant steps forward in ensuring our customers can achieve their security and compliance goals, while reducing the costs associated with many manual processes. The term "security operationalization" has been adopted by many security professionals to refer to the goal of leveraging the staffing and procedures of IT operations teams to manage day-to-day security tasks (e.g. incident response, vulnerability management). This enables security professionals to focus on defining policy, managing security architecture, and reacting to significant security events as third-level incident management, not first level. We've learned that true "operationalization" is difficult to achieve without formalizing and automating security processes, and that's exactly what Aegis delivers.
Using Aegis to automate the kind of security tasks normally triggered by our products, Security Manager and Secure Configuration Manager, will help ensure that security and compliance goals are achieved more easily and at less expense. The kinds of processes we're seeing automated include using Security Manager and Aegis to conduct first-line analysis of events automatically and to route additional information to security teams once a significant event has been detected. In some cases, security incident resolution can be predefined and handled by operational staff. For example, an automated process could detect a change to a critical system, check for an authorization with a ticketing system, enable privileged-user monitoring on that system, and then inform the business system owner, IT operations and the security teams that a probable unauthorized change has occurred.
Integrated with Secure Configuration Manager, Aegis can automate the handling of compliance exceptions, such as where a system is configured in violation of security configuration standards. For example, the automated process could routinely assess systems for compliance, detect violations, open trouble tickets to trigger remediation by operational staff, and handle the management of an exception. In some cases, exceptions are remediated; in others, they are accepted due to business or technical constraints. The automated process with Aegis can actually close the loop on this process, updating records for exception authorizations or validating the remediation.
This level of automation and integration really delivers on the promise of operationalizing security, streamlining compliance, and more closely aligning security with business goals. For more information about how to automate security and compliance processes, visit our NetIQ Aegis Adapters web page.
Independent Research Firm's Take on NetIQ and IT Process Automation: Innovation Targets Diversity and Costs
In a recently published note, Forrester Research identified NetIQ® as "a true innovator" in the IT Management market due to its delivery of NetIQ® Aegis™. NetIQ Aegis provides the ability to control IT costs, automate mundane IT and Security tasks and establish a foundation for ITIL adoption or cross-silo business process integration.
"Attachmate's acquisition of NetIQ has revived a company that was once considered too close to Microsoft to succeed in the long run. In fact, the privatization of the company provided the impetus to make it think outside the box and consider how it could actually make a difference in the IT management market. Instead of becoming another "me too" vendor of infrastructure and application management, NetIQ understood that to successfully introduce its management portfolio to enterprises and thus compete with larger vendors and other incumbents, it needed to design a solution that would adapt seamlessly to any enterprise management context while showing a rapid return on investment. IT process automation was the answer, and NetIQ Aegis is the solution that makes NetIQ a true innovator."¹
Read the Forrester Research note in its entirety.
¹NetIQ's Innovation Targets Diversity and Costs; SWOT Analysis: NetIQ, Q2 2008, by Jean-Pierre Garbani, with Thomas Mendel, Ph.D. and Reedwan Iqbal, June 26, 2008.
New NetIQ Releases
Systems Management
NetIQ® AppManager® for Avaya CM
NetIQ AppManager for CiscoCM
NetIQ AppManager for CiscoICM
NetIQ AppManager for Exchange 2007
NetIQ AppManager for HP Systems Insight Manager (Compaq Insight Manager)
NetIQ AppManager for Lotus Domino
NetIQ AppManager for Microsoft® Active Directory
NetIQ AppManager for Network Devices
NetIQ AppManager for Nortel BCMx
NetIQ AppManager for Nortel CS1000
NetIQ AppManager for VMware®
NetIQ AppManager for VoIP Quality
NetIQ AppManager for Microsoft® Windows® Server 2008
Enterprise Administration
NetIQ® Directory and Resource Administrator™ 8.1 SP1
NetIQ® Exchange Migrator 7.0 SP1
Configuration Control and Audit
NetIQ® Secure Configuration Manager™ 5.7 SP1
NetIQ Secure Configuration Manager Patch Updates for Windows & Unix
NetIQ Secure Configuration Manager Provider for Microsoft SQL Server 2005
NetIQ Secure Configuration Manager Provider for Oracle DB via Microsoft Windows
NetIQ Secure Configuration Manager Security Checks for Oracle
NetIQ Secure Configuration Manager Security Checks for SQL 2005
NetIQ Secure Configuration Manager Template for Microsoft Windows XP
NetIQ Secure Configuration Manager Vulnerability Updates (National Vulnerabilities Database)
NetIQ® VigilEnt™ Policy Center 5.5
Security Management
NetIQ® Security Manager™ 6.0 SP2
NetIQ Security Manager for Cisco Firewalls
NetIQ Security Manager for Cisco IOS
NetIQ Security Manager Self-Monitoring
FDCC: Learn about Cost Control from the Feds
If you're a Federal employee, you may already be well aware of the latest initiative to reduce costs and improve security for government computers. The Federal Desktop Core Configuration (FDCC) standard was introduced at the end of last year and defines a common configuration for PCs using the Microsoft® Windows® operating system. This initiative from the Office of Management and Budget (OMB) has caused significant changes in the way Federal departments manage their desktop systems. Additionally, this initiative promises long-term reductions in cost and fewer opportunities for systems to be attacked and breached.
The good news is that NetIQ has already been validated against this standard and the broader Security Content Automation Protocol (SCAP). SCAP, which is required for FDCC, includes a number of security content standards such as Common Vulnerability Enumeration (CVE) and Open Vulnerability and Assessment Language (OVAL), and NetIQ is one of only a handful of solution providers with a fully validated and operational solution.
NetIQ® Secure Configuration Manager™ provides a complete FDCC reporting solution that complies fully with the OMB mandate and enables our Federal customers to accomplish the reporting requirements easily and simply that OMB demands.
Beyond the Federal Government, however, the FDCC standard may have important implications for other sectors as well. Chan Yoon, Product Manager of Secure Configuration Manager, NetIQ's FDCC-validated solution said, "There already appears to be strong interest in both the security benefits and cost savings associated with a standard desktop configuration from the highly regulated industries of finance, healthcare and energy. The general feeling is that if the Federal government is pushing for these standards, then these industries may be able to get ahead of the game and receive the same level of benefits before regulations force them to comply. It's early in the game, but all the signs are there."
Want to learn more about FDCC standard desktop configuration? Join NetIQ at the FDCC / SCAP seminar in Washington, DC on July 29, 2008. Registration is now available.
Do you need to comply with FDCC regulations but are unsure of where to start? In this white paper, we discuss the development of the FDCC standard, the configuration categories involved in FDCC and how to automate scans and reports to ensure continued compliance. Download "Simplify, Automate and Accelerate FDCC Implementations" and learn how to simplify your implementation.
When You Need to Know More about Your Virtual Environment
Are you virtualizing your server environment with VMware® What approach are you taking to manage your virtualized applications? NetIQ® AppManager® provides applications performance management, including response time monitoring and enterprise reporting that extends across the physical and virtual data center. Utilizing data that AppManager collects today, customers are identifying mission-critical applications for virtualization more intelligently, and then are managing both the end-user experience and all service elements from hardware to business applications.
Learn more about NetIQ's solution for managing a hybrid environment of VMware-virtualized and non-virtualized applications. Download our white paper, "Managing VMware Doesn't End with Managing VMware" today and visit our Operational VMware Management web page.
EDS Equips Government Agency with NetIQ Security Solutions
Security is a key concern for every organization, but it is particularly essential for government agencies. EDS, a technology services provider, undertook a project for a German government agency with full understanding of the fact that effective and transparent security measures are a top priority. "Every activity, whether creating new users, loading new software or booting servers, must be one hundred percent reproducible and be able to hold up in an external or internal audit," said Joachim Konicke, a specialist for IT infrastructure at EDS in Ludwigsburg, explaining the client's high requirements.
Government Agency Requires Top-Notch Security Management
The outsourcing project EDS embarked upon for the German government agency encompasses 160 sites with 230 Microsoft® Windows® 2003 servers, 10,000 Windows XP users and hundreds of different business applications—some of which run applications for extremely sensitive data.
A Trusted Solution from NetIQ
Because EDS had already had exemplary experience with NetIQ® solutions, they decided to implement these tried-and-true tools in the government agency project as well. NetIQ® Security ManagerTM provides a fully integrated ability to manage several distinct elements of Security Management, including Intrusion Protection, Event Management, Log Archival and Log Analysis.
Incident Detection, Response and Archival
The NetIQ solutions detect any security incidents and provide the agency with protection against internal and external threats. NetIQ Security Manager saves EDS valuable time by distinguishing between events and alerts, with the former being system events that transmitters send from the event log to the collector. Depending on the particular processing rule in effect, certain events generate an alert, ensuring rapid detection and correction.
The volume of events that occurs for the agency is considerable. Approximately 35,000 events per day are fed into the Security Manager database—just one administration area. Yet despite these large quantities of data, storage and accessibility need to be reliably and securely maintained. With Security Manager's archiving capabilities, log data from the last 90 days is accessible at any given time, with older entries being archived for the duration of one year.
A Dynamic and Customizable Solution
As EDS understood, advanced security management as realized in this project cannot be implemented with off-the-rack solutions. To be truly successful, the environment and solution must be adapted and customized to the threat situation and organizational policies. As Mr. Konicke points out about NetIQ solutions, "On the one hand, being standard solutions, they already offer a wide range of pre-configured settings, analyses and reports to protect and monitor systems. On the other hand, NetIQ software solutions are modular, so we can dynamically attend to the security strategy of our client."
Principality Building Society Selects NetIQ Aegis to Control and Automate IT Processes
Principality Building Society, the tenth largest Building Society in the UK, has selected NetIQ® Aegis™ as its new process automation platform to model, automate, measure and improve IT operational run books and processes within the organization.
"The business case for deploying Aegis was straightforward; as with all organizations our challenge is to make the most efficient use of our resources," said Mark Jones, IT infrastructure support manager, Principality. "We were aware that our Service Desk teams were spending a considerable amount of time on mundane, repetitive tasks. For this reason, a management tool that could help automate tasks such as the creation of service desk incidents for critical system events generated by AppManager provides us with integration that reduces the complexity of our infrastructure. This not only helps us to improve IT operations efficiencies, but enables us to reallocate skills, time and resources toward more strategic areas where we can really add value."
Question:
What are the minimum account permissions and the areas of access that the GPA Export override account requires to function?
Answer:
In many enterprises, corporate policy is to remove all accounts from the Domain Admin and replace them with lower native permissions and restrictive access controls. You can use a non-Domain Admin account as the export override account by following the steps in NETIQKB41365. Using the attached procedure you can set-up an environment where the export override account is a domain user. The following steps are required to configure a Microsoft Windows 2003 environment where an export override account does not have Domain Admin or Group Policy Owner creator rights within Active Directory:
- Create an export override account for each managed Domain or One Single Account for the forest you want to export group policies to.
- Add this user/group to the Group Policy Administrator Repository.
- Use the security wizard in Group Policy Administrator to delegate the export operation to this proxy account/group on each Domain object in the Group Policy Administrator Repository. This ensures the export override account has the appropriate rights in Group Policy Administrator Repository to export group policies.
- In GPMC click on the Group Policy objects node and delegate the export override accountg/group to create GPOs in this domain.
- Place permissions on all GPOs out in AD by running the cscript GrantPermissionOnAllGPOs.wsf "<account name or Group name>" /Permission:FullEdit script to edit all GPO SACLs for the <account name or Group name> for example.
- SetGPOCreationPermissions.wsf "<account name or Group name>" This will grant the ability to create new GPOs. It basically sets the permission on the sysvol/policies container to be able to create GPO's.
- Now, the last thing to do is grant that user/group the right to link GPOs to OUs, site or the domain. SetSOMPermissions.wsf <SOM Name> <account name or Group name> /Permission:<PermissionLevel> [/Inherit] [/Domain:<DNSDomainName>]
- Check in Active Directory Users and Computers that the export override account/group has the correct permissions. Open Active Directory Users and Computers and right click on the domain node and go to properties – security – advanced security and delegate that the export override account/group has write permissions on the Gplink and gpoptions property.
- Import all GPOs out in your production environment into the Group Policy Administrator Repository by using the runofflinemirror import process.
- Assign the <account name or Group name> account as an exporter in the repository.
- Now, run the offline mirror for each domain to import all the group policy objects into the Group Policy Administrator Repository.
When will NetIQ Security Manager support Microsoft® Windows® 2008?
Answer:
NetIQ Security Manager 6.0 SP 3 will include support for Windows 2008 servers. SP 3 is releasing in July 2008.
How can I move the NetIQ Security Manager 6.0 databases to a new SQL server?
Answer:
Technical Support has a very in-depth process to move your NetIQ Security Manager databases to a new SQL server. Please contact Technical Support with any questions before beginning your migration.
To contact NetIQ Technical Support, e-mail support@netiq.com or call (713) 418-5555 with any technical questions you may have.
Webinars
July 29 |
Automating Security Event Management Would you like to improve your security incident response and reduce costs at the same time? With IT Process Automation, integrating SIEM tools into the larger security infrastructure and automating security event management is now possible. Register now. |
August 5 |
Living with PCI and Streamlining Your Compliance Efforts Join Dorian Cougias, CEO of Network Frontiers and member of the PCI Standards Council, and Geoff Webb, Senior Product Marketing Manager from NetIQ®, as they discuss the challenges of effectively managing your PCI compliance and how to manage PCI as an easily maintainable operational process that can be leveraged for other and future efforts. Register now. |
Seminars
July 29 |
Understanding What's around the Corner for SCAP and FDCC Washington, DC, USA Learn from security experts in the industry how FDCC and SCAP-validated tools help improve security and reduce risk. During this half-day session, talk directly to security industry expert, Drew Buttner with the MITRE Corporation to more fully understand the objectives of these new standards, how they were developed, and how to make them work for you. Hosted by NetIQ®, ThreatGuard and FedTek Register now. |
Seminar Series
| Be In Control: Secure your IT Environment How vulnerable are you to insider threats? How can you demonstrate compliance with government or industry regulations more easily? Attend this NetIQ seminar and learn how to take a more proactive approach to security in order to reduce risks to sensitive data, improve compliance, security event management and ensure security best practices within your organisation. Be In Control: Complete Management of Your Virtual Environment Virtualisation is inevitable in enterprise IT today. Are you planning to virtualise business critical applications? Is reporting critical to further investment in virtual technology or demonstrating service level metrics? Come and join us at this NetIQ seminar to learn how a comprehensive approach to virtualisation management will arm your IT organisation with solutions for successful IT operations. Select from the following locations and dates:
Register now. Or call +44 (0)1784 454500 for further information. |
Industry Conferences and Forums
July 28-30 |
CIO Summit 2008, Australia Sheraton Gold Coast, Queensland, Australia A highly acclaimed event, the 7th Annual Australian CIO Summit 2008 is a premium forum addressing the top priorities of the modern CIO: hosting over 100 of the top CIO's from around Australia. NetIQ will be holding one-on-one meetings with the CIO's of our choice and will be discussing how our solutions can help CIO's boost productivity and drive competitive advantage through innovation and growth. For more information | ||||||
August 19-21 |
LandWarNet Conference 2008 Greater Fort Lauderdale/Broward County Convention Center Fort Lauderdale, Florida, USA The LandWarNet Conference is the premier forum to bring Government and Industry together to openly communicate commercial best business practices and government implementations. Come visit NetIQ at booth 1302. Register now. | ||||||
August 25-27 |
Air Force Information Technology Conference (AFITC) Renaissance Montgomery Hotel & Spa at the Convention Center Montgomery, Alabama, USA This conference will focus on how information is created locally, shared globally through our vast communications capabilities, and used operationally in support of the war-fighting effort and cyberspace domain. This event will bring together government leaders and key figures in the field of information technology, allowing them to learn how to best apply the latest, cutting-edge technology to keep the Air Force the most advanced fighting force in the world. Come see us at booth 653. Register now. | ||||||
September 1-5 |
iSystem Briefing & Forum Los Cabos, Mexico This briefing and forum for iSeries is an educational event planned for all levels of professionals working with this platform. Attendees can expect activities around improving their management skills of this platform, while experiencing one-to-one contact with the iSeries experts. | ||||||
September 3 |
Technology & Innovation – the Future of Banking & Financial Services Conference New Zealand Hilton Hotel, Auckland, New Zealand This one-day conference will include a panel of CIOs from financial institutions that will discuss and pinpoint the key issues and challenges of implementing and executing technology in the financial services industry. The conference will also explore the latest technological innovations and how these innovations can lead to efficient business processes, customer management and competitive advantage. The event program will feature a combination of senior industry executives, keynote speeches from senior independent figures, sponsor case studies, and interactive panel discussions on key issues. NetIQ is an exhibition sponsor. For more information | ||||||
September 5-6 |
CIO100 "The Bold 100" Symposium & Awards Ceremony, India Sheraton Rajputana Palace Hotel, Jaipur, India The CIO100, run by IDG Communications, is the top awards event for the top 100 CIO's in India. This year's event theme is "The Bold 100" and will recognise CIOs who willingly embraced significant risk for the sake of: greater business revenue, business transformation or competitive advantage. The event will include CEO and CIO panel discussions, international IT speakers and leaders, and the annual awards ceremony. NetIQ is a major event sponsor. For more information | ||||||
September 16-18 |
VMworld® 2008 The Venetian Hotel Las Vegas, Nevada, USA VMware® hosts the fifth year of VMworld 2008, the leading virtualization event for IT professionals who are looking for innovative ideas, best-of-breed products and best practices for the virtualization industry. This year's show will include more hands-on labs, seven new tracks, more opportunities to network amongst your technology peers, and Expanded Solutions Exchange hours, with over 175 sponsors and exhibitors participating. Come visit NetIQ at booth 1408! For registration information | ||||||
September 16-18 |
Security in Government 2008 National Convention Centre, Canberra, Australia The 21st Security in Government Conference (SIG) 2008 is hosted by the Protective Security Coordination Centre (PSCC), as part of the ongoing security awareness program for all Australian Government Agencies. This event aims to expand the range of issues to include protective security, counter-terrorism and the impact of the current security environment on the Australian community. The conference includes an array of Australian and international speakers, plus a number of panel discussions, and highlights the latest developments in policy and technology in the protective security environment. NetIQ is a major sponsor of this event. For more information | ||||||
September 22-24 |
ISACA Fall Conference 2008 San Francisco, California, USA The 2008 SF ISACA Fall Conference is the premier education event for Information Systems Audit and Information Security professionals in the Northern California area. With a chapter membership of over 900, SF ISACA is represented by employees of over 300 companies, academic institutions and government entities throughout Northern California. Thanks in part to corporate and vendor sponsorship, this conference is the top educational value for IS Audit and Security professionals in the San Francisco area. For more information | ||||||
October 14-15 |
3rd Annual Technology & Innovation – the Future of Banking & Financial Services Conference Sydney Four Seasons Hotel, Sydney, Australia In its third year for Sydney, this one-day conference will include a panel of CIOs of financial institutions that will discuss and pinpoint the key issues and challenges to implementing and executing technology in the financial services industry. The conference will also explore latest technological innovations and how these innovations can lead to efficient business processes, customer management and competitive advantage. The event program will feature a combination of senior industry executives, keynote speeches from senior independent figures, sponsor case studies, and interactive panel discussions on key issues. NetIQ is an exhibition sponsor. For more information | ||||||
October / November |
VMware Virtualization Forums 2008 The VMware Virtualization Forum is a technology and solutions exhibition and conference that will be held across the Asia-Pacific (APAC) region between October and November in 2008. The APAC regional events will bring together more than 8,000 IT professionals and executives, technology providers, industry experts and researchers in these day-long sessions of networking and spirited, informative discussions. Look for specific discussions around the latest and greatest Virtualization technology and business solutions such as Virtual Infrastructure, Green Data Centers, Enterprise Desktop, Business Continuity and Disaster Recovery. NetIQ is a gold sponsor for both the Singapore and Mumbai events, with exhibition space and a speaking position. In Beijing, we have a silver sponsorship with exhibition space.
For more information | ||||||
November 10-12 |
itSMF Annual Conference and Exhibit Birmingham, UK The 17th itSMF Annual Conference and Exhibition is the premier service management event of the year! This is a must attend event for delegates who wish to expand their service management knowledge and network within the IT service management industry. The three-day event will also provide information on service management with the opportunity to see new products and services from leading vendors, plus the opportunity to talk face to face with over 1000 service management professionals. NetIQ will be on stand P23. For more information |
