NetIQ Security & Business Process Automation

(1)

NetIQ

Security & Business

Process Automation

Jason Smith

March 2012

(2)



Who we are



Control vs. Flexibility

−

Where do we draw the line?



Security Process vs. IT Operations Process

−

What’s the difference?



IT Operations Automation Use Cases



Security Automation Use Cases



Model, Monitor and Improve



Conclusion

Agenda

(3)

The Attachmate Group

(4)

NetIQ Portfolio

(5)

Process Automation

ITIL

Process

(macro)

Run

Books

(micro)

Automate

Model

Measure

Improve

5

(6)

Control

Flexibility

(7)

Security vs. IT Operations Processes



What’s the difference?



Can we automate Security and IT Operations

processes with the same process automation

technology?

(8)



It takes too long to process IT Service Requests!

−

IT Staff backlogged with repetitive, manual processes

−

Uncertain who should approve requests

−

Various attempts have been made to partially automate

−

Scripting, programming, scheduling without a consistent and

manageable approach to automation

Service Ticket Resolution Challenges

(9)

Event Handling without Aegis

Example: Low Disk Space Response

6. Admin assesses file system usage

2.

AppManager detects condition

1. Available disk space falls below

threshold

7. Admin cleans culprit files

8. Admin updates ticket

NetIQ NetIQ AppManager AppManager Ticketing Tool Ticketing Tool Admin Admin AppManager AppManager Agent Agent Archive

Archive TrashTrash

3. Helpdesk Operator creates ticket

4. Admin receives ticket notification

5. Admin connects to affected system

9. Helpdesk Operator closes ticket

Help Desk Help Desk Operator Operator

1

2

3

4

5

6

7

8

9

Manual Workload

Automated Workload

9

(10)

Event Handling with Aegis

90% reduction of manual labor

3. Aegis requests disk usage analysis from

AppManager

4. Aegis sends email to admin requesting

approval to clean up

2. AppManager detects condition

1. Available disk space falls below threshold

5. Administrator approves partial cleanup

through Aegis

6. Aegis commands AM to perform cleanup

7. Aegis sends confirmation email to admin

NetIQ NetIQ AppManager AppManager NetIQ Aegis NetIQ Aegis Admin Admin AppManager AppManager Agent Agent Archive

Archive TrashTrash

1

2

3

4

5

6

7

10

Manual Workload

Automated Workload

(11)

4. If there are any failures, NetIQ Aegis

collects information and notifies an

administrator via email and re-initiates

the transfer after approval or after a

designated amount of time

5. NetIQ Aegis continues to retry the

transfer and contact the admin a

designated number of times

2. NetIQ Aegis transfers 3000 files from

the customer download server to six

load-balanced application servers

1. NetIQ Aegis initiates the “Data

Replication”

process based on a daily

schedule

6. Once file transfer is completed NetIQ

Aegis initiates the processing of data on

each application server and waits for

completion

3. NetIQ Aegis confirms successful

transfer of all files after a designated

time period based on file size and

transfer rates

Run Business Jobs

And Replace Costly Job Scheduling Tools

1

2

4

5

6

7. NetIQ Aegis sends a completion email to

the designated administrator or a failure

email if not completed on time

_{Application Servers}_{Application Servers}

Customer Customer Download Download Server Server

7

Admin Admin Saved: 1 minutes Saved: 60 minutes Saved: 20 minutes Saved: 5 minutes Saved: 5 minutes Saved: 4 minutes

3

(12)

9. If results are positive, NetIQ Aegis closes the ticket. If not, NetIQ Aegis reinitiates the process beginning with step 2. 4. NetIQ Aegis receives approval from the

ticketing system, and waits for the current user session to end

5. NetIQ Aegis commands VMware vCenter to power down the virtual machine

3. Once identified, NetIQ Aegis submits a request to the ticketing system, assigns a business owner and send an email requesting approval for the change

1. NetIQ AppManager indicates a performance drop due to capacity change

6. NetIQ Aegis instructs VMware vCenter to reconfigure the virtual machine as approved

7. VMware vCenter brings the virtual machine back online

8. NetIQ Aegis commands NetIQ

AppManager to monitor the virtual machine and compares results to previous results, updates CMDB and SLA compliance

VMware

Virtual Center

Virtual Center _{Ticketing System}_{Ticketing System}

(Remedy, etc.) (Remedy, etc.) VMware VMware ESX Hosts ESX Hosts NetIQ NetIQ AppManager AppManager SLA-Governed Service

Dynamically manage the capacity for virtual

machines

1

4

5

6

7

CMDB CMDB

2. NetIQ Aegis identifies resources to allocate to

the virtual machine Business Business Owner Owner

4

Saved: 20 minutes Saved: 45 minutes Saved: 5 minutes Saved: 10 minutes Saved: 20 minutes Saved: 5 minutes Saved: 20 minutes Saved: 5 minutes

Total Time Saved: 130 Minutes

2

8

3

8

9

(13)

13

3. NetIQ Aegis triggers VMware vCenter to create a temporary placeholder virtual machine

4. Create & submit a change request in a ticketing system (e.g. Remedy) and assign business owner

2. NetIQ Aegis identifies clusters with sufficient spare capacity to house the requested virtual machines 1. Requestor visits NetIQ Aegis web console and

initiates a request for new virtual machines

5. When business owner approves, NetIQ Aegis notifies requestor of approval and VMware vCenter to delete temporary virtual machine and provision virtual machine from template

6. NetIQ Aegis commands NetIQ AppManager to deploy agents and NetIQ Secure Configuration Manager to confirm correct configuration

9. NetIQ Aegis updates the billing system for the newly created virtual machine

NetIQ Aegis NetIQ Aegis VM Requestors VM Requestors Billing Billing System System

2

5

6

Request, approve and provision

a new virtual machine

7. Notify virtual machine requestor of provisioning completion and ticketing system to close ticket

8. Virtual machine configuration report generated via NetIQ Secure Configuration Manager

7

LOB Owner LOB Owner VMware VMware Virtual Center Virtual Center CDB CDB NetIQ NetIQ AppManager AppManager Secure Secure Configuration Configuration Manager Manager Saved: 15 minutes Saved: 10 minutes Saved: 15 minutes Saved: 10 minutes Saved: 10 minutes Saved: 30 minutes Saved: 20 minutes Saved: 20 minutes Saved: 30 minutes

6

9

1

4

3

Ticketing Ticketing System System

8

(14)



Automate approval routing



Update ticket documentation



Update CMDB



Escalate based on business impact



Reduction of finger pointing



Getting right information to right people at the right

time

Improved Service Ticket Process

(15)



Continuous Compliance is difficult

−

Manual processes introduce errors

−

Inconsistencies become vulnerabilities

−

Who has access to what?

−

Rules in place, but very difficult to know if the rules are being

followed

−

Dynamic environments

−

Cloud & Virtualization

−

BYOD –

Bring your own device

Security Management Challenges

(16)

16 16

7. NetIQ Aegis instructs NetIQ Secure

Configuration Manager to include exception 3. NetIQ Aegis notifies business stakeholder of

non-compliance

1. NetIQ Secure Configuration Manager assesses system for compliance

5. NetIQ Aegis notifies security team of request for exception to policy

6. Security team approves (or rejects) exceptions (all or selectively)

NetIQ Aegis

2. Non-compliant configuration is identified

4. Stakeholder chooses from list of possible actions (remediate or exception) and the exception level (single check or template)

Identify and manage exceptions to security

configuration policies

1

2

4

5

6

7

8

Stakeholder Stakeholder

8. Optional –re-run scan to validate final results

3

Secure Secure Configuration Configuration Manager Manager

Saved: 10 minutes Saved: 10 minutes Saved: 15 minutes Saved: 5 minutes Saved: 5 minutes Saved: 15 minutes Saved: 10 minutes Security Team Security Team

(17)

Provision user entitlements with Active

Directory roles and groups

Resource Database

3. NetIQ Aegis emails asset owner or owners to approve or reject access request

2. NetIQ Aegis looks up business owners for resource

1. HR Department requests access to a resource for a user via email

5. Email to approve triggers NetIQ Directory Resource Administrator to modify AD groups to enable access NetIQ Aegis NetIQ Aegis Group Group Business Business Owners Owners End

End--useruser

1

17

6. NetIQ Aegis emails end-user and asset owner that the change has occurred 4. Email approval triggers lookup in asset

definition database, mapping asset to AD Groups. HR Dept. HR Dept.

2

Active Directory Active Directory

Total Time Saved: 75 Minutes

Saved: 5 minutes Saved: 5 minutes Saved: 25 minutes Saved: 30 minutes Saved: 10 minutes

4

3

5

6

(18)

End User Perspective - Attestation Review

(19)

End User Perspective - Attestation Review

(20)

Where to start depends on the process maturity



Bottom up micro process approach

−

No formal processes in place

−

Ad hoc –

individually tool dependent

−

Stakeholders: IT Operations



Top down macro process approach

−

ITIL Service Support processes in place

−

ITIL Service Delivery processes in place

−

Processes extends beyond IT Operations to Business Management

−

Stakeholders: Business Managers, IT Service Owners, Process

(21)

Getting Started



Get the Stakeholders in the same room.



Identify a small number of processes the Stakeholders

want to manage.



Model the processes using Aegis

−

Built in versioning (rollback)



Stakeholders will critique and make suggestions



Worst case scenario, you at least have your processes

documented!

(22)

Model

(23)

Monitor

(24)

Improve

(25)

Required Optional

F

ORRESTER®

* Determined using the Aegis ROI calculator developed by ForresterConsulting based on a

(26)



Process automation might be easier than you think!



Reduce finger pointing



Get the right information in the right hands at the right

time



Lower your costs in a measurable way



Reduce irritation caused by broken processes

Process Automation Summary

(27)

Worldwide Headquarters

1233 West Loop South, Suite 810 Houston, Texas 77027 USA Worldwide: 713.548.1700

N. America Toll Free: 1.888.323.6768 [email protected]

NetIQ.com

Follow NetIQ:

Jason Smith

Sales Engineer