ownyit csat + siem

Download OwnYIT CSAT + SIEM

Post on 28-Jan-2015




6 download

Embed Size (px)




  • 1. 1

2. Take control of your IT Infra-structure. OwnyIT is an easy to deploy and use IT Infrastructure Management system for: Cyber Security Audit, Desktops Monitoring, Policy enforcement , IT Inventory, Security Incident and Event Management, Remote Access and Management 2 3. ABOUT OWNYIT CSAT A simple system to address your complete IT infrastructure needs. Central Console for Monitoring Reporting Remote Access Manage applications Hardware & Software Inventory Monitoring system logs like event log and syslog 3 4. Benefits to your organization 4 Asset & Change Management Cyber Security Audit Desired Configuration Management Data leak Protection and Audit Software License Monitoring Policy Enforcement Application Management Network Access Control (NAC) System User Management Security Incident and Event Management (SIEM) System Log/Syslog Monitoring Secure Remote Audit and Management Rule based Monitoring and Controlling Service Level Agreement (SLA) Management Print Management Reports 5. Asset and Change Management Real time view of hardware and software assets . Allows you to know where the hardware assets are deployed and what these are being used for. Microsoft software with its license key information. Checks the actual software licenses installed against purchased. Identify assets which are not available or operational, due to: o Theft o Failure o Obsolescence 5 6. Assets Inventory 6 7. Change Management Detect the changes in Hardware Assets due to theft, failure or non availability, immediately. Detect the Changes in software (install/uninstall) immediately. Repository of the change available for the future. Typical Benefits: o Reduce the response time and hence the affect of the changes is reduced. o Immediate notification on authorized Hardware/Software installation/removal. 7 8. Change Management 8 9. Desired Configuration Management Define desired hardware/software configuration of Desktops/ Servers Allows authorized Hardware/ Software configured/installed on the machine. If unauthorized software/hardware found: o Make the machine to non-comply, o The machine will not communicate with other machines in the network. 9 10. Desired Configuration Management 10 11. Software License Monitoring Get exact information of where the licensed software is deployed and which systems are not registered. Licensing information (Product Key + CD Key) for the Microsofts softwares installed in the network. Typical Benefits: o Checks the actual software licenses installed in the network against purchased. o Reduce the cost through efficient software license usage and monitoring. 11 12. Software License Monitoring 12 13. Application Monitoring Monitor and Manage application usage on a single or a number of systems/servers. Provides location of installed applications. Identify and stop non-essential processes. Identify malicious processes. Typical Benefits: o Action can be taken based on the violation of the policy. 13 14. Application Monitoring 14 15. Data Leakage Protection Notification/Alert on the data communication happening with external storage devices/media. Get information about files (Not content) transferred to/from machine to/from external media. Blocking of USB Ports, external storage devices, CD Drives, Printer, Wi-Fi, Bluetooth devices, USB Modem/Data Card and etc to protect the data. On demand file enumeration report to get media files, photographs, Word/Excel/ PowerPoint files and other files exists in the machine. Typical Benefits: o Protect the data from spreading outside the organization. o Closely monitor data communication happening across organization. 15 16. Data Leakage Protection 16 17. Data Leakage Protection 17 USB Media usage Report 18. Policy Enforcement Enabling and disabling of external devices for protecting data like: o USB Ports/ Storage Devices/ Printer, o Dialup Modem, o Printer, o Floppy Drive, o CD/DVD Drive, o Bluetooth, o Wi-Fi, o Other external devices Policy for monitoring/managing authorized software installed on the machine. Restrict user from changing IP Address of the machine. 18 19. Policy Enforcement 19 20. Security Hardware blocking and set access permissions: o Blocking of USB modem for connecting to Internet. o Blocking of USB, CD and other external Media. Report of add/remove of media like USB, CD drive. Communication from/to Removal Media. Immediate alarm and report on usage of removable media. Facility to prohibit every removable media and set selective permission. Report of removable media used in machine including the file transferred with size, type, and etc without vision in to contents. 20 21. Security (Contd ) Anti Virus: o Status of Anti Virus upgrade like successful /failure. o Virus found with name of virus and other details. OS Patches information. Unauthorized access/attempt to OS utilities to be monitored and reported (e.g. Control Panel, System32 Folder, Registry access and etc) System Firewall Status (On/Off) 21 22. Security 22 23. Security 23 24. User Management Report on all Guest/ Normal /Administrator user accounts configured on each machine: o List of Users, which has administrative privileges. Policy for disabling/deleting users from the central console. Report of: o User wise Login-Logout details, o System Start-up shutdown details, o User Activities while network is off or machines goes out off network. 24 25. User Management (Contd ) Password Management: Provides report on weak password set by the user Provides information about Screen Saver password Report of unsuccessful login attempts by the user 25 26. User Management 26 27. Network Security Real time report on if a machine has accessed internet using modem, dial up connection, data card and etc. Generates notification/alert when a machine has connected/accessed unauthorized IP Address/machine. Block access of unauthorized IP Address and network port. History of all network operations like which application used/opened network ports and etc.. Reporting of offline violations immediately on connection. 27 28. Network Security 28 29. Network Access Control (NAC) Define network policy for only Group of PCs or selected PCs should communicate with each other. Newly added/discovered device/PC should not communicate with any other PC in the network, untill Admistrator authorized it. Facilities block/deny access of selected devices/PCs in the network. 29 30. Network Access Control (NAC) 30 31. System Events/Logs Monitoring Monitors various system events/logs like: o Application Events, o Security Events, o System Events Check whether any security incident/event is generated Incorporate the system logs, events and alerts into a single data store, so consolidated data analysis can be done later. 31 32. System Log/Event Monitoring 32 33. Security Incident/Event Monitoring (SIEM) System should take one or multiple security incidents or events from the multiple sources/devices. To generate a single Security Incident Event based on single/ multiple security incidents or events. The Security Incident Event will categories based on the categories/sub- categories defined in the organization. Automatically generates notification/service requests/ tickets when any security event/incident occurred. 33 34. Security Incident/Event Monitoring (SIEM) 34 35. Service Level Agreement Management (SLA) Define time period needed for Security Request/Tickets to be handled or closed by the engineer. If the Security Request/Ticket is not closed, then: o It will be automatically escalated to the next level of expert/engineer, o Suitable emails/SMS will be send to the Admin and the higher authorities (as defined by the Security incident handling policy). 35 36. Service Level Agreement Management (SLA) 36 37. Software/Patch Management Deploy software and software patches from central console. Any MSI based Software/Patch deployment, which does not required user interaction. Command line supported any EXE based software/patch deployment. Command line based Registry update/Script file execution. Typical Benefits: o Reduce the time of deploying software at scattered locations. 37 38. Software/Patch Management 38 39. Secure Power Management Apply network, group or PC wise following policies for those machines, which have been idle for specific time: o Turn OFF, o Hibernate, o Standby Single console for achieving the Green Computing needs of IT infrastructure. 39 40. Secure Power Management 40 41. Secure Remote Audit & Management Single console for comprehensive remote management. Secure remote access of Desktop/Servers for trouble-shooting, provisioning and management. Typical Benefits: o Faster problem identification and resolution, o Facility to record actions taken by the engineer, o Clear responsibility allocation and track of action taken by IT support staff. Resulting in less blame-game involving the IT Support Team, o Lower training time and cost for new IT Support Team members 41 42. Secure Remote Audit & Management 42 43. Secure Remote Audit & Management 43 44. Print Management Tracking of all files with name, size, path and etc being printed by the user. 44 45. Reports Inventory Reports like: o Desktop Assets like Hard disk ID, BIOS information, Motherboard, no. of HDD , RAM slot o Create and maintain Inventory of storage media, Laptops, Desktop and etc. o Report of hardware and software changes are made. o Detects and stores the make, model, serial number etc. of hardware assets. Reports of product keys of installed Microsofts software. 45 46. Reports (Contd ) Provides report: o Agent installation, o Shared Resources, o Printing information, o Processes and services running on the machine, o Activities performed by the User. All reports are provided on