NetVision has heard from its customers loud and clear that the holy grail of compliance reporting is enabling actual answers rather than just piles of data. In this SC Magazine article, titled Answers, Not Data: The Key to Access Security, NetVision CEO David Rowe explains how next generation compliance solutions will be focused on answers and continuous audit rather than periodic audits that generate confusing or obfuscated data sets.
NetVision is proud to introduce Access Rights Inspector.
Access Rights Inspector provides effective rights on Active Directory objects and Windows File System. It removes the complexity of rights assignments, nested group memberships, explicit rights granted directly to users, deny entries, and inherited permissions.
To get the basics, take a look at this 5 minute video presentation
Over at my other blog, I published a post titled:
I wanted to briefly describe what that means to us at NetVision and how we’ve incorporated that mantra into our design strategy.
When sorting through access audit information, many professionals feel like they have to jump through all sorts of hoops to get to the information they need. First, find hardware to host a solution, install software, perform never-ending configuration, maintain the environment, figure out how to collect the information, sift through mountains of log data, get training on what information is relevant, maintain proper training on the hardware, software, audit data, and requirements, and more. If all of that is required just to get a report on access rights, it’s no wonder so many people fail at adequately answering the question. (And 50% of IT execs say they can not adequately answer the question of Who Has Access to What.)
NetVision removes the hoops. We know that if you have to move mountains to reach your goal, you’ll be less likely to succeed. And if you do succeed, it’ll be at great expense and effort. So, we make it easy.
First, we provide an appliance that is engineered and optimized for a single purpose. We install all software and do all the configuration. We setup policies and reports based on your organization’s needs. All that’s left is for you to open the reports and get to the information you need. No hoops.
And the really amazing part is that having us do it actually costs less than doing it yourself.
In my other blog, I recently discussed how Actionable Intelligence seems to be the achilles heal of SIEM solutions. I promised to continue that discussion with a few words about NetVision’s approach to the problem. And it’s quite simple actually.
The SIEMs and enterprise log management vendors seemed to have started from a different viewpoint. They began by thinking about the dozens (or hundreds) of systems and applications that generate logs. They thought about how to best collect logs from heterogeneous sources and then attempted to correlate information across different types of data. For some organizations, these solutions must seem heaven-sent. How else would you deal with all that log information? How else would you collect, capture, and store those logs in case you need to look through them in the future?
Where they seem to fall short, though, is in providing actionable intelligence about what’s happening in the environment. How could they? They collect logs from hundreds of systems at once. Even if it’s possible to setup alerts or actions based on some activity, someone would need to figure out how to interpret the logs, understand what possible values would be in the logs, configure the appropriate response to each event type in each system, and constantly monitor and keep them all up to date. Doesn’t sound fun. Certainly not simple.
Our angle of sight is different. We see the core network directory (Microsoft Active Directory or Novell eDirectory) as the heart of the network. It grants network access (sometimes local access to the workstation) and is often used to authenticate requests from VPNs, portals, and other systems. A new account in the directory means a new identity to keep track of and a new potential threat on the network. So that’s where we’ve focused since 1995.
We are buried deep within the core network directory and related file systems. We don’t scrape logs and we’re not worried about what logs are being generated by some router or web server out in the network. Because of that focus, we have been able to build extensive tools that make it easy to filter on the types of events and information that are important to you. And we’ve taken it a step further.
With our SIMON managed service, you don’t have to know anything about creating policies or configuring filters. We do it all for you based on best-practices, years of experience, and your own personal needs.
The end result? Actionable Intelligence.
You get emails when you want them that tell you who made a change, what change they made, and the before- and after- values. Some events just write to the database, others kick out files, others generate alerts. Some decisions are based on the resource (domain admins group). Other decisions are based on the actor (employees scheduled to exit the company), the attribute changed, or even the time-of-day. Data is transformed immediately into information and then analyzed and re-routed as appropriate.
This isn’t some future reality either. We’ve been doing this a long time. And we keep getting better. I can’t wait to tell you what’s next for us.