Novell Privileged User Manager ® Product Overview Chase Jones Product Marketing Manager email@example.com Bruce Spooner Product Manager firstname.lastname@example.org Agenda 2 • Customer challenges • What is privileged user management? • Novell’s solution: Novell Privileged User Manager • What’s new in Novell Privileged User Manager 2.3 • Regulations addressed • Target customers • Demo • Q&A © Novell, Inc. All rights reserved. Enterprises Need Privileged Accounts • UNIX, Linux and Windows systems act as the backbone of many mission-critical services • System administrators, database administrators and application developers need special privileges to perform various operations on Linux, Unix and Windows servers • These users, sharing root credentials to perform privileged activities, have unrestricted access to systems IT Manager DBA Admin 3 © Novell, Inc. All rights reserved. System Admin App Dev DBA Security and Compliance Impact Average Cost of Breach: $US 6.6 Million 48% of breaches are internal! 4 © Novell, Inc. All rights reserved. Privileged User Management An Effective Approach to PUM Privileged User Management – Managing user access to root privileges to mitigate risk – Provide transparency for compliance Non-PUM controlled PUM controlled 6 Log in as root Log in as userid submit user: root runuser: root Command authorization database submit user: userid remote client remote shell runuser: root – User logs in with own non-privileged account – Commands authorized before being executed remotely – Known as ‘root delegation’ © Novell, Inc. All rights reserved. See Proprietary Statement on cover of this document - Who - What - Where - When The Novell Solution: Novell Privileged User Manager Novell Identity and Security Solutions ® Identity and Access Management Security Management Compliance Management User Provisioning and Management Log Management Compliance Assurance Security Monitoring and Remediation Continuous Compliance Simplified Secure Access User Activity Monitoring 8 © Novell, Inc. All rights reserved. Novell Privileged User Manager ® • • • • • • 9 © Novell, Inc. All rights reserved. Delegate access to root privileges Audit all user activity with 100% keystroke logging Analyze potential threats based on policy-based, smart risk ratings Centrally manage security policies from a single point Support for a broad range of UNIX, Linux and Windows platforms Continuously support compliance with internal policies and external regulations What’s New in 2.3 • 10 © Novell, Inc. All rights reserved. Support for Windows server 2003 and 2008: – Windows command execution – GUI-based session capture and replay – Credential vault – Windows user and group policy enforcement – AD and LDAP authentication – Remote command execution Privileged User Manager in Windows Environments 11 © Novell, Inc. All rights reserved. Regulations Addressed • Federal Financial Institutions Examination Council (FFIEC) Information Security • PCI-DSS* • PCI-SAQ* • ISOIEC* • Health Insurance Portability and Accountability Act (HIPAA) • DOD National Industrial Security Program (NISPOM) • National Institute of Standards and Technology (NIST) • Among others… *Denotes internationally applicable regulation 12 © Novell, Inc. All rights reserved. Customer Wins Target Customer • Large and very large enterprises – • • • • Large UNIX/ Linux infrastructure, moderately sized Windows infrastructure Facing security and compliance challenges Want a single product for securing a cross-platform server infrastructure Roles: – • 14 1,000 to more than 10,000 users Linux admins, IT auditors, security administrators, those responsible for compliance For example: – ING – Barclays – Servicio de Administración Tributaria (SAT) © Novell, Inc. All rights reserved. ING NDA Only 15 • Approximately 6,000 servers • Replaced BeyondTrust PowerBroker • Reduced audit time from 45 minutes to <5 minutes per session • Reduced policy complexity by over 70% • Chose Novell solution for its ease of administration and ability to meet new auditing and reporting requirements © Novell, Inc. All rights reserved. Barclays Bank NDA Only 16 • Large environment: >4,500 UNIX servers worldwide • Replaced Quest Privilege Manager • Rolled out Novell Privileged User Manager to all divisions worldwide • Reduced maintenance windows to 12% of original • Chose Novell solution for its scalability and ease of deployment and administration © Novell, Inc. All rights reserved. Servicio de Administración Tributaria (SAT) NDA Only 17 • Large environment: >3,000 UNIX/ Linux servers, 600 Windows boxes • Selecting Novell over competitive options • Want a single product for securing their UNIX, Linux and Windows infrastructure • Impressed by Novell Privileged User Manager’s scalability and ease of administration/ policy creation © Novell, Inc. All rights reserved. Architecture & Roadmap Underlying Modular Architecture UNIX and Linux Internet Audit databases can be placed in multiple locations for redundancy and security Multiple Managers provide fail-over capability and load-balancing. Port 80 (Optional) Audit DB Manager Audit DB Admin Interface Agent Agent Agent Port 29120 Port 29120 Manager Agent Agent Port 443 Web Browser (Administrative Access) Port 29120 Port 29120 Port 29120 Host to host communications Manager Agent Agent Agent Agent Agent Groups of agents can be added to logical domains for load-balancing, redundancy and traffic segregation Port 29120 Port 29120 Port 29120 Host to host communications 19 © Novell, Inc. All rights reserved. Port 29120 Port 29120 Underlying Modular Architecture Windows Audit DB Agent Manager Agent Agent Manager Agent Web Browser (Administrative Access) Audit DB Manager Command Control Admin Safe Host-to-host communications Agent RDP Tunnel to Endpoints Active Directory 20 © Novell, Inc. All rights reserved. Agent Agent Agent Novell Architectural Advantage ® 21 • Robust and scalable architecture with built-in redundancy to provide 100% availability of service • Modular components are deployed and updated through management console • Centralized management of multiple Unix/Linux security policies across multiple sites • Comprehensive audit capabilities for complete compliance management and forensic analysis • Novell Privileged User Manager delivers real-time security with Actionable Risk Management ® © Novell, Inc. All rights reserved. Roadmap FY 2010 FY 2011 FY 2012 PUM 2.5 • Virtual platforms and privileged user support • Privileged service support for IWM • Privileged access appliance PUM 2.4 PUM 2.3 • Privileged account access to Windows servers • Auditing privileged access to Windows servers • Linux users bridging to AD 22 © Novell, Inc. All rights reserved. • WorkloadIQ integration • Two-factor authentication support for privileged access • Edge Device support sans footprint • Application-level privileged access support • Fine-grained privileged control for Windows servers Why Novell? Differentiators • • • • • • • 24 Single interface for managing cross-platform server infrastructure Ease of implementation and administration Scalability Simple policy creation and management Cross-platform keystroke recording and playback Real-time risk analysis (anomaly detection) Integration – Novell Identity Manager – Novell Access Governance Suite – Novell Sentinel © Novell, Inc. All rights reserved. Novell Privileged User Manager EMEA Pricing Promotion Details • 25 Free 6-month subscription license of Novell Privileged User Manager (EMEA only) – Existing SLES customers with minimum of 10 servers – Existing RHEL customers with minimum of 10 servers – Up to 10 free subscriptions per customer • Available until October 29, 2011 • Partner landing page: www.novell.com/pumpromo (requires Novell login) • Customer landing page: www.novell.com/pumsubscription © Novell, Inc. All rights reserved. Supporting Materials 26 • Enablement Central for Partners: www.novell.com/site/partners/protected/enablement • Enablement Central for Employees: innerweb.novell.com/sme • Product Web site: www.novell.com/pum © Novell, Inc. All rights reserved. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.