Home

Akibia Spotlight

Check Point's Powerful SSL-VPN Capabilities Enhanced

Nokia Enhances Security Portfolio with IP390

Secure & Accelerate Your Business with Blue Coat

Your Reputation Precedes You: The Future of E-Mail Reputation Systems

Scaling Protection: The Network Now Plays a Roll in LAN Security

Compliance, NAC, VoIP & Others Require Next-Generation Network Infrastructure

The RSA Security PCI Solution

Solving the Entitlement Reporting Challenge

Case Study: Paragon Biomedical Secures Clinical Data via TippingPoint IPS

Achieving Compliance Nirvana

Voice on the Mobile Edge

Better Visibility for More Efficient Compliance

Best in Class HIPS Solutions for Best Practice Endpoint Security

Akibia News

Akibia Partners

Contact Akibia

 

 

Solving the Entitlement Reporting Challenge
By Bob Tesh, SENIOR MANAGER OF PRODUCT MARKETING - NETIQ

 

Ever-changing and increasingly complex regulations are sending IT security professionals scrambling to ensure that they have controls in place to satisfy auditors, managers and business executives.

A few of the regulations that require some type of entitlement reporting are Sarbanes-Oxley, Visa CISP / PCI DSS and HIPAA. In addition, both ISO 17799 (security standard) and NIST 800-53 (risk management guide) call out for entitlement reporting.

If performed properly and regularly, entitlement reporting - lists of who has access to what in your organization - enables both policy compliance and IT risk management.

With NetIQ, you can build entitlement reports to meet your particular need.

NetIQ's solutions not only provide the ability to run detailed entitlement reports across a variety of configurations, they offer help on the front end by enabling you to control who has access to the systems, files, or folders that you will be reporting on.

Access Control

Before you even run your first entitlement report, it is important to have a good access control policy in place. Employees not trained or approved for the permissions and access they possess can wreak havoc on your enterprise. Granular access controls, as well as the ability to define, delegate, audit, assess and report on privileges, help to control permissions and prevent the granting of excess privileges.

NetIQ's Security Administration Suite enables you to tightly control and audit the granting of access within your enterprise. With Security Administration Suite, you can secure your enterprise and manage risk by reducing the number of privileged accounts and the risk of power escalation and identity theft. In addition, it ensures segregation of duties is established and maintained within all internal IT staff.

Comprehensive Reporting

It's important that companies run a monthly report of accounts that have not been used in 90 days or more. This check for "stale accounts" enables you to eliminate unnecessary accounts for existing employees as well as find old accounts for consultants, contractors and temporary workers. In addition to these reports, every manager in the company should review and confirm standard authentication and authorization privileges of their direct reports at least once a year. Privileged accounts should be reviewed quarterly.

NetIQ Vulnerability Manager offers a number of checks and reports around entitlement reporting and enables you to:

  • Collect lists of users and system, file, and folder access privileges from multiple systems and platforms easily in to a single report
  • Schedule entitlement reports to automatically run at the correct intervals
  • Exclude known and allowed accounts from the list to quickly identify accounts that should be investigated
  • Distribute the entitlement reports automatically via e-mail
  • Disable stale and suspicious accounts

Conclusion

In a business environment where policies and technical standards come from various sources, both inside and outside of your company, maintaining an accurate record of entitlements can be an overwhelming task. With NetIQ's solutions, you can have an entitlement reporting system that enables you to comply with the various regulations that require entitlement reporting, but also effectively manage risk.