Monday, November 9, 2009

Oracle / ArcSight – Providing Real Time Oversight of User Behavior

When IT infrastructure generates millions of events/logs daily, how do you do you know if there is an issue and who is causing it?


Traditionally SIEM (System Information & Event Management) products track events by what resources are employed, when, by whom and for what result. Unfortunately the “who” part changes in real time based on the process being used and for what purpose. But with IdentityView, ArcSight transfers identity and role information from Oracle Identity Manager into its Enterprise Security Manager so that it can correlate all the identity markers and privileges of a specific user.


Armed with this proverbial identity matrix, ArcSight ESM can then associate events with a specific person, independent of the various identities that he or she employs.


So why do we need this?

  • To automate the correlation of compliance and policy violations with specific users

  • To understand how your key users (admins to accountants) are using IT infrastructure

  • Increase accuracy/productivity of your role engineering and provisioning process

  • Respond to security and compliance issues before they damage the organization

  • Provide business owners with information about policy and security violations in terms that they understand and can act on

  • Provide visibility and assurance to C-level executives that policies are being enforced to conform with compliance regulations such as Sarbanes-Oxley, PCI, HIPAA, etc.


What are the benefits?

  • Leverages the investment in OIM by linking users and roles to security problems, compliance violations, etc.

  • Faster identification of security and compliance issues resulting in more rapid response and remediation

  • Control/monitor access rights & IT usage (services, apps, data, etc.) requires correlating millions of real time alerts and logs with specific user activity

  • Provide auditors with proof that controls are in place and effective

  • Visibility into violations of corporate policies covering customer, employee and business-sensitive data

  • Improved productivity via automation of required reports, summaries and auditor requests for information






So why now?

    You already have this covered

  • Many organizations have invested in home-grown event monitoring solutions, but the challenge is that problem continues to get bigger, with every new system (applications, devices, Cloud/SaaS solutions) added to the environment.

  • ArcSight cleanly replaces those solutions and delivers more functionality at a lower cost.

    You can't face this now, maybe in the future

  • SIEM solutions are now considered standard “due care” for auditors concerned with SOX compliance.

  • PCI DSS #10 explicitly requires monitoring of the relevant IT infrastructure.

    You don't have the resources

  • Budgeting for security and compliance is difficult but by combining ArcSight with Oracle Identity Manager, organizations can “double up” on their return on investment based on the synergy between the products.

  • SIEM alone provides multiple solutions for the security group, compliance group, risk management, etc.



To learn more:

http://www.arcsight.com/products/products-identity/



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)