Heavy weighs the crown for today’s CIO. Continuously under the threat of hostile intentions from external sources immense resources have been expended in trying to secure the organizations perimeter only to find that business practices and productivity needs require more and more ingress and egress points that need to be defended. Yet even with the proper plan and resources allocated the realization has come to the security community that it is not the external threat that can do the most harm but that of the trusted individuals that has access to systems that have the ability to do greatest amount of harm to an organization. Through human error or in the case of malfeasance intellectual property, proprietary data, employee records and customer financial information are just a few of the assets that could become compromised and have the potential to cause financial ruin and at a minimum raise custodial and stewardship issues with your customers and business partners. These very real threats have compounded the strains on the organization by enacting compulsory standards such as Sarbanes Oxley, HIPPA, FISMA and PCI among others. These mandates and standards not only have data protection requirements, but also require formal policy implementation, and accurate auditing and reporting capabilities on both the policy and the systems that have been implemented.
The graphic above portrays a modern network overlaid with a ancient “Defense in Depth” fortification model. Ancient Fortification Design and its evolution through the modern day are very relevant in today’s IT infrastructure. Please click on the appropriate ICON within the critical points of the network to be taken to the proper page for information on how Hadrian’s solutions provide value to your organization and IT infrastructure.
To assure your organization adheres the principles of Security, Compliance and Productivity an aggressive use of the following principles is essential to meeting your firms goals:
The initial step in the process is to establish a baseline by identifying current network resource activity to gain visibility into which users are accessing the network resources, when they are being used and how those users are granted access. The solution is deployed inline and can be placed in front of a data center, at the entry point of a network segment, or at a remote location. There is virtually no network interruption or intrusion with the "Audit Mode" – which baselines user activity and creates a log of resource usage. The information collected form the basis of reports used to create network access policies for enforcement.
For those organizations that have multiple networks or the need to share data with partners or other organizations this phase specifically involves the consolidation of user identities across multiple identity stores and is bypassed by smaller organizations that have a single identity store. This phase creates a virtual identity mapping or normalization of user identities between multiple identity stores — without duplication of identity objects and attributes and without requiring changes to existing identity stores - drastically reducing operational costs and complexity.
The next step is the creation of access authorization to networked resources. Authorization policies are created leveraging data from the Network Activity Assessment reports and based upon roles or individual identities defined within existing identity stores. Hadrian will assist in policy creation and assignment.
Users are either granted or denied access based upon the policies assigned to their role or to them as an individual. Access policy is maintained for each user after they have been authenticated, regardless of endpoint device or how (LAN, WAN, remote/VPN, wireless) they are connecting to the network. As user identities are moved, added and changed as part of ongoing network operations, access policies are downloaded each time a user authenticates to assure up-to-date policies are applied. The authorization process is seamless to the end user. To further reduce risk of unauthorized access, each user is only provided with visibility to the networked resources for which they are granted access.
Assessment of user activity must be ongoing — for refinement of access policies, behavioral analysis, forensic analysis, as well as for audit of regulatory compliance related to control of user access to confidential data. Hadrian will provide the customer with a monthly report consisting of each user’s network activity by UserID, IP address, network resources accessed, and a time stamp. These reports will be the property of the customer and will be available to be sent to third-party applications for further analysis.
|
