deep dive deep - netwrix ... deep dive netwrix auditor deep dive insider threat detection. welcome

Download DEEP DIVE Deep - Netwrix ... DEEP DIVE Netwrix Auditor Deep Dive Insider Threat Detection. Welcome

Post on 21-May-2020

2 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Roy Lopez

    Systems Engineer

    Netwrix Auditor Risk Assessment

    DEEP DIVE Netwrix Auditor

    Deep Dive

    Insider Threat Detection

  • Welcome

    Account Executive, Netwrix Email: evgenia.izotova@netwrix.com

    Evgenia Izotova

    Project manager, Real Security d.o.o. Email: daniel.bednjicki@real-sec.com

    Daniel Bednjički

    Systems engineer, Real Security d.o.o. Email: dejan.bidovec@real-sec.com

    Dejan Bidovec

  • Type your question

    here

    Click “Send”

    Housekeeping

    § All attendees are on mute.

    § Ask your questions!

    § Questions will be answered during the session or in the Q&A at the end.

    § You will receive the slides and webinar recording in a follow-up email.

    § The webinar should take about 60 minutes.

    § Let’s get started!

  • Introduction:

    § About Netwrix

    § About Real Security

    § About Netwrix in Slovenia

    Deep Dive: Insider threat detection:

    § Key Factors

    § Briefly about Netwrix Auditor

    § Insider Threat Detection

    Q&A

    Agenda

  • About Netwrix Corporation

    Year of foundation: 2006

    Headquarters location: Irvine, California

    Global user base: over 10,000

    Recognition:

    7 years among the fastest growing software

    companies in the US

    More than 140 industry awards

  • Netwrix Worldwide Customers Financial Healthcare and Pharmaceutical

    Federal, State & Local Government Education

    Industrial and Technology Business Services

  • Netwrix Auditor Evolution

    2008 2018

    Standalone Change Auditing Tools

    Unified Platform for Change, Configuration

    and Access Auditing

    Visibility Platform for User Behavior Analysis

    and Risk Mitigation

    File Analysis

    Alerts on Threat Patterns

    Compliance Reports

    Virtual and Cloud Deployment

    RESTful APIInteractive Search

    Dashboards

    Predefined Change Auditing Reports

    Risk Assessment

    Behavior Anomaly Discovery

    Add-on Store

    Visibility and Governance Platform for

    Hybrid Cloud Security

    2013 2016 2017

    Data Discovery & Classification Edition

    2019

    User Profile

    Automated Response

    Agentless Data Security Platform

  • REAL Security- Value-add Distribution & Consulting Year of foundation: 2002

    Headquarters location: Maribor, Slovenia

    Portfolio: Security and networking products like Netwrix and many many more ( list of all vendors can be found here- https://www.real-sec.com/vendors/ Primary focus Ensuring secure and optimized IT environment Building loyal and trustworthy partnerships Territory Adriatic region

    Additional activities: annualy organizing the biggest IT Security conference RISK , issuing REAL INFO magazine

    https://www.real-sec.com/vendors/

  • REAL Security - Value-add Distribution & Consulting

    “Netwrix is not like any other vendor we have ever had. All the teams we work with are flexible, easy to get to, responsive and ready to help. Although we have partnered with Netwrix for just half a year, I can already see that the company is doing its best. It is not only about lead generation, but also about raising awareness on the market, supporting partners, and educating customers on how they can solve their problems more efficiently. That’s why I call Netwrix a fresh breeze in our portfolio.”

    Daniel Bednjički, Project Manager, REAL security.

  • Netwrix customers in Europe and in Slovenia

  • HBOR use case

    Netwrix solutions:

    Continuous control over activities

    around file storage

    Reduced time on monitoring and reporting

    Improved internal IT operations

    Challenges:

    Reduce workload of the IT team

    Gain better control over data access

    Simplify reporting to the management

  • Ključni dejavniki

    Tehnološki dejavniki

    Človeški dejavniki

    Organizacijski dejavniki

  • Ključni dejavniki

    Tehnološki dejavniki

    Človeški dejavniki

    Organizacijski dejavniki

  • Ključni dejavniki

    Tehnološki dejavniki

    Človeški dejavniki

    Organizacijski dejavniki

  • Ključni dejavniki

    Tehnološki dejavniki

    Človeški dejavniki

    Organizacijski dejavniki

  • O Netwrix Auditor-ju

    Netwrix Auditor je varnostna platforma, ki deluje brez agentov in omogoča podjetjem, da natančno identificirajo in odkrijejo občutljive, regulirane informacije in informacije, ki so kritičnega pomena ter ustrezno uveljavijo nadzor dostopa do teh informacij, ne glede na to, kje je informacija shranjena.

    Podjetjem omogoča, da zmanšajo riziko vdora v podatke in zagotavlja skaldnost s predpisi s tem, da aktivno zamanjšuje izpostavljenost občutljivih podatkov in hitro odkriva kakršnekoli kršitve in sumljivo obnašanje uporabnikov.

    Netwrix Auditor

  • Netwrix Podatkovni viri

    Netwrix Auditor for Active Directory

    Netwrix Auditor for Windows File Servers

    Netwrix Auditor for Oracle Database

    Netwrix Auditor for Azure AD

    Netwrix Auditor for EMC

    Netwrix Auditor for SQL Server

    Netwrix Auditor for Exchange

    Netwrix Auditor for NetApp

    Netwrix Auditor for Windows Server

    Netwrix Auditor for Office 365

    Netwrix Auditor for SharePoint

    Netwrix Auditor for VMware

    Netwrix Auditor for Network Devices

    Add-on for Amazon Web Services

    Add-on for Generic Linux Syslog

    Add-on for Splunk

    Add-on for ServiceNow ITSM

    Add-on for IBM QRadar

    Infrastructure Unstructured Data Structured Data Cloud Free Add-ons

    Data Discovery & Classification

  • Prikaz delovanja Netwrix Auditor

  • Netwrix Auditor Arhitektura

  • Netwrix Auditor za Active Directory • AD in Group policy spremembe

    • Informacije o nastavitvah v realnem času

    • Nadzor/spremljanje prijav

    • Spremljanje neaktivnih uporabnikov

    • Obveščanje o poteklih geslih

    • Rollback opcija sprememb

    Netwrix Auditor for Active Directory

    Netwrix Auditor for Windows File Servers

    Netwrix Auditor for Oracle Database

    Netwrix Auditor for Azure AD

    Netwrix Auditor for EMC

    Netwrix Auditor for SQL Server

    Netwrix Auditor for Exchange

    Netwrix Auditor for NetApp

    Netwrix Auditor for Windows Server

    Netwrix Auditor for Office 365

    Netwrix Auditor for SharePoint

    Netwrix Auditor for VMware

  • Netwrix Auditor za Windows File Servers • Spremembe datotek, datotečnih map, deljenih

    datotek in map ter pravic

    • Uspešni in neuspešni poskusi dostopa

    • Poročanje o analizi datotek

    • Informacije o nastavitvah v realnem času

    Netwrix Auditor for Active Directory

    Netwrix Auditor for Windows File Servers

    Netwrix Auditor for Oracle Database

    Netwrix Auditor for Azure AD

    Netwrix Auditor for EMC

    Netwrix Auditor for SQL Server

    Netwrix Auditor for Exchange

    Netwrix Auditor for NetApp

    Netwrix Auditor for Windows Server

    Netwrix Auditor for Office 365

    Netwrix Auditor for SharePoint

    Netwrix Auditor for VMware

  • Netwrix Auditor za Windows Server • Spremembe v konfiguraciji strežnikov,

    ki so na osnovi WIN strežnika

    • Dnevniški zapisi, IIS, DNS

    • Snemanje aktivnosti uporabnika

    Netwrix Auditor for Active Directory

    Netwrix Auditor for Windows File Servers

    Netwrix Auditor for Oracle Database

    Netwrix Auditor for Azure AD

    Netwrix Auditor for EMC

    Netwrix Auditor for SQL Server

    Netwrix Auditor for Exchange

    Netwrix Auditor for NetApp

    Netwrix Auditor for Windows Server

    Netwrix Auditor for Office 365

    Netwrix Auditor for SharePoint

    Netwrix Auditor for VMware

  • Netwrix Auditor za Office 365 • Exchange Online administrativen spremembe, spremembe v

    elektronskih predalih, uporabnikih elektronske pošte,

    skupinah, dovolilnicah, politiki in vlogah upravljanja

    • Spremljanje dostopov do poštnih predalov brez lastnika

    • SharePoint Online in OneDrive for Business konfiguracija,

    varnost in spremembe vsebine, in dogodki o dostopu do

    podatkov

    Netwrix Auditor for Active Directory

    Netwrix Auditor for Windows File Servers

    Netwrix Auditor for Oracle Database

    Netwrix Auditor for Azure AD

    Netwrix Auditor for EMC

    Netwrix Auditor for SQL Server

    Netwrix Auditor for Exchange

    Netwrix Auditor for NetApp

    Netwrix Auditor for Windows Server

    Netwrix Auditor for Office 365

    Netwrix Auditor for SharePoint

    Netwrix Auditor for VMware

  • Netwrix Auditor Konzola

  • Hiter pregled

  • Ocena tveganja

  • Nepravilnosti v obnašanju

  • Sumljive