Tuesday, August 15

Security & Compliance: Microsoft's Acquisition of Whale Communications

I've been trying to keep one eye on the products vendors are introducing to address the growing IT problem of managing security and compliance, and the recent acquisition of Whale Communications by Microsoft is certainly interesting. Here's what I've learned.

The Whale Communications products are essentially remote access solutions that are designed to provide high levels of security. The company has an excellent technical pedigree, and will probably become a profitable subsidiary in this arena. That said, this acquisition in no way moves Microsoft towards a role as a security and compliance vendor--the Whale suite are merely alternative access methodologies for the huge base of Windows applications and servers, especially the ISA 2006 server.

Here's Microsoft's own statement on their strategic direction, from a June 12 "Press Pass" interview with Ted Kummert, VP of Microsoft's Security, Access and Solutions Division (SASD):

Press Pass: What are the key customer pain points Forefront products seek to address?
Kummert: Customers are facing a broader, more complex and diversely motivated threat landscape. Attacks are increasingly advanced, more carefully targeted and often aimed at specific applications. In protecting themselves from these threats, customers are faced with a vast array of solutions, each of which will protect a given point against a specific threat. However, implementing such a combined collection of security solutions can provoke configuration and integration difficulties, making it more costly and complex to manage, control and report on the security of their environment.
By equipping customers with the ability to effectively secure their environment and securely enable the access scenarios their businesses require, Forefront products will help them unlock the full business value of IT applications and infrastructure.

See the full interview at http://www.microsoft.com/presspass/features/2006/jun06/06-12Security.mspx

In conclusion, IT managers are increasingly pressured to ensure that every system and application is secure from attack on the one hand, and in compliance with increasingly onerous governamental regulations on the other. Truly helpful solutions will continue to come from those vendors who are automating these concerns directly, as opposed to reducing the threat surface of individual applications and protocols. JMACINC will continue to study the NetIQ (now Attachmate) Security & Compliance Suite of products as a feasible and cost-effective approach. See http://www.netiq.com/solutions/regulatory and http://www.netiq.com/solutions/security for the full details.

Refer to www.JMACINC.com for the rest of the story.

Thursday, June 29

Netconnect 2006

I attended the 6th annual NetIQ Global Users conference in May, held in Orlando, FL. It was a wonderful chance to meet a lot of the people that I have worked with over the past 6 years as a NetIQ employee in the Technical Support and the Professional Services departments. I was also flattered by the fact that several customers remembered me from my days in Technical Support. Staying on after the conclusion of the conference, I attended two days of training on NetIQ's Security Manager product.

Netconnect 2006 was organized into five product demonstration and education tracks, including:

IT Automation
This track covered customizing, automating and tuning the AppManager (AM) Suite, including threshold automation and workload management with AppManager Performance Profiler (AMPP).

IT Service Management
This track focused on the convergence of security management with service level management, and how to transition your IT services from event management to service management. Products covered within this track included AM, VigilEnt Policy Center (VPC) and Analysis Center (AC).

Compliance and Risk Management
This track reviewed the impact of governmental regulations on IT from many perspectives, including preparing for audits, rules of evidence, organizational policy management, etc. Products examined were the Security Compliance Suite and the Risk and Compliance Center.

Security Management
This track presented NetIQ's broad coverage of security monitoring, automated response and reporting. Products presented were Security Manager (SM) and the Security Compliance Suite.

Change Control and Windows Administration
This track reviewed issues of managing operational changes and enforcing IT policies for Windows systems in a cost-effective manner. NetIQ's product lineup in this area recently expanded with the introduction of Change Administrator for Windows. Additional products covered included NetIQ Change Guardian for Active Directory (CGAD), Directory & Resource Administrator (DRA) and Group Policy Guardian (GPG).

As my personal goal in attending NetConnect was to broaden my awareness of NetIQ’s security and policy compliance solutions, I focused on the Security Management track, specifically SM. Workshops I attended included an overview of new features in SM 5.5; using the Security Compliance Suite to ensure compliance; integrating SM with AM, and the SM Essentials class. Here are some quick highlights.

SM is made up of three major components – Event Manager, Intrusion Manager and Log Manager.

-- Event Manager monitors the Windows event logs for security related incidents and executes responses and notifications based on best-practices rules. All incidents and responses are collected into a backend SQL database. This is the first phase of the complete event management life-cycle.

-- Intrusion Manager builds on Event Manager to help secure systems from internal/external, malicious/benign, or accidental/policy-based violations. For example, Intrusion Manager lets you monitor root and administrator logon failures, security configuration changes, or possible buffer overflow attacks. The monitoring rules are based on security industry best practices, and can be extended to custom configurations.

-- Log Manager copies all the information collected by Event Manager and Intrusion Manager to a separate SQL Server database designed for the analysis and reporting of security status across the enterprise. Log manager exposes knowledge articles on the analyzed events to supplement the administrator's understanding of each security scenario.

A core feature of SM is its ability to monitor with "event correlation", in which rules are configured to cover sequences of events filtered for various attributes such as criticality, time and number of occurrences.

Some of the new features in SM version 5.5 include:

AutoSync Technology
NetIQ provides new modules and module updates based on requested features or newly discovered security vulnerabilities. These updates are posted to the AutoSync Server. In the SM administrator console, these updates can be obtained by running the Module Installer. The Module Installer queries the AutoSync Server and distributes any updates available to the deployed agents as required.

Agentless Monitored Computer
The newest version of SM now supports agentless monitoring. An agentless computer is monitored by a proxy agent on another computer.

Protection for Oracle Database Servers
Security Manager now offers monitoring for Oracle database servers. Changes to security roles and user accounts can be monitored, along with the status of the audit subsystem.

The value of NetConnect was certainly worth the time and money to attend. I plan to release more detailed reports on the Security Compliance Suite in the months ahead.

Friday, April 28

OIS 5.0

I'll be working on a review of Opalis Integration Server version 5.0, specifically covering the product value and how it integrates with other Systems Management platforms, namely NetIQ AppManager and Microsoft Operations Manager.

Refer to www.JMACINC.com for the rest of the story.

Friday, January 13

itSMF USA 2006 Conference & Expo -- Call for Presentations

This is the outline of the topics for which the IT Service Management Forum is seeking proposals around the following suggested topics or others you believe would be of interest to. I post their outines here as it is an excellent summary of the current areas of interest to the Systems Management industry.

Metrics and Measurements
- Performance Management
- Score Card, making metrics useful and practical, etc.
- Critical Success Factors when implementing the processes
Financial Management
- Budgeting
- Costing of Services
- Activity Based Costing
- BS 15000/ISO 20000
Configuration Management
- CMDB – how to plan and implement in a multiple authoritative database environment
- Auto discovery versus manual population of Configuration Items using CI attributes
- Success stories
- Web-based products
- Lifecycle model
Service Level Management
- User Satisfaction measures
- Reliability of IT (Availability/Capacity)
- Service Level Management (SLAs)
- Writing and Negotiating OLAs
- Where to start with SLOs
- How to gather requirements
- Approaching the business partner
- How to measure and report
- Service Catalog
- How to find/define the services
- What should a catalog look like
- Who is the audience
IT Service Continuity
- Lessons/success stories learned from 2005
Maturity Models (CMM, Service, Asset Management)
- Making sense of them all

Refer to www.JMACINC.com for the rest of the story.