Novell
Privileged User Manager
®
Product Overview
Chase Jones
Product Marketing Manager
chjones@novell.com
Bruce Spooner
Product Manager
bspooner@novell.com
Agenda
2
•
Customer challenges
•
What is privileged user management?
•
Novell’s solution: Novell Privileged User Manager
•
What’s new in Novell Privileged User Manager 2.3
•
Regulations addressed
•
Target customers
•
Demo
•
Q&A
© Novell, Inc. All rights reserved.
Enterprises Need Privileged Accounts
•
UNIX, Linux and Windows systems act as the backbone of many
mission-critical services
•
System administrators, database administrators and application
developers need special privileges to perform various operations
on Linux, Unix and Windows servers
•
These users, sharing root credentials to perform privileged
activities, have unrestricted access to systems
IT Manager
DBA
Admin
3
© Novell, Inc. All rights reserved.
System Admin
App Dev
DBA
Security and Compliance Impact
Average Cost of Breach:
$US 6.6 Million
48% of breaches are
internal!
4
© Novell, Inc. All rights reserved.
Privileged User Management
An Effective Approach to PUM
Privileged User Management
–
Managing user access to root privileges to mitigate risk
–
Provide transparency for compliance
Non-PUM
controlled
PUM
controlled
6
Log in as root
Log in as userid
submit user: root
runuser: root
Command
authorization
database
submit user: userid
remote client
remote shell
runuser: root
–
User logs in with own non-privileged account
–
Commands authorized before being executed remotely
–
Known as ‘root delegation’
© Novell, Inc. All rights reserved.
See Proprietary Statement on cover of this document
- Who
- What
- Where
- When
The Novell Solution:
Novell Privileged User Manager
Novell Identity and Security Solutions
®
Identity and Access
Management
Security
Management
Compliance
Management
User Provisioning
and Management
Log Management
Compliance Assurance
Security Monitoring
and Remediation
Continuous Compliance
Simplified Secure
Access
User Activity Monitoring
8
© Novell, Inc. All rights reserved.
Novell Privileged User Manager
®
•
•
•
•
•
•
9
© Novell, Inc. All rights reserved.
Delegate access to root privileges
Audit all user activity with 100%
keystroke logging
Analyze potential threats based
on policy-based, smart risk ratings
Centrally manage security policies
from a single point
Support for a broad range of
UNIX, Linux and Windows
platforms
Continuously support compliance
with internal policies and external
regulations
What’s New in 2.3
•
10
© Novell, Inc. All rights reserved.
Support for Windows server 2003 and
2008:
–
Windows command execution
–
GUI-based session capture and
replay
–
Credential vault
–
Windows user and group policy
enforcement
–
AD and LDAP authentication
–
Remote command execution
Privileged User Manager in Windows
Environments
11
© Novell, Inc. All rights reserved.
Regulations Addressed
•
Federal Financial Institutions Examination Council
(FFIEC) Information Security
•
PCI-DSS*
•
PCI-SAQ*
•
ISOIEC*
•
Health Insurance Portability and Accountability Act
(HIPAA)
•
DOD National Industrial Security Program (NISPOM)
•
National Institute of Standards and Technology (NIST)
•
Among others…
*Denotes internationally applicable regulation
12
© Novell, Inc. All rights reserved.
Customer Wins
Target Customer
•
Large and very large enterprises
–
•
•
•
•
Large UNIX/ Linux infrastructure, moderately sized
Windows infrastructure
Facing security and compliance challenges
Want a single product for securing a cross-platform
server infrastructure
Roles:
–
•
14
1,000 to more than 10,000 users
Linux admins, IT auditors, security administrators, those
responsible for compliance
For example:
–
ING
–
Barclays
–
Servicio de Administración Tributaria (SAT)
© Novell, Inc. All rights reserved.
ING
NDA Only
15
•
Approximately 6,000 servers
•
Replaced BeyondTrust PowerBroker
•
Reduced audit time from 45 minutes to <5
minutes per session
•
Reduced policy complexity by over 70%
•
Chose Novell solution for its ease of
administration and ability to meet new auditing
and reporting requirements
© Novell, Inc. All rights reserved.
Barclays Bank
NDA Only
16
•
Large environment: >4,500 UNIX servers
worldwide
•
Replaced Quest Privilege Manager
•
Rolled out Novell Privileged User Manager to all
divisions worldwide
•
Reduced maintenance windows to 12% of
original
•
Chose Novell solution for its scalability and ease
of deployment and administration
© Novell, Inc. All rights reserved.
Servicio de Administración Tributaria (SAT)
NDA Only
17
•
Large environment: >3,000 UNIX/ Linux servers,
600 Windows boxes
•
Selecting Novell over competitive options
•
Want a single product for securing their UNIX,
Linux and Windows infrastructure
•
Impressed by Novell Privileged User Manager’s
scalability and ease of administration/ policy
creation
© Novell, Inc. All rights reserved.
Architecture & Roadmap
Underlying Modular Architecture
UNIX and Linux
Internet
Audit databases can be placed in multiple
locations for redundancy and security
Multiple Managers provide fail-over
capability and load-balancing.
Port 80
(Optional)
Audit DB
Manager
Audit DB
Admin Interface
Agent
Agent
Agent
Port
29120
Port
29120
Manager
Agent
Agent
Port
443
Web Browser
(Administrative
Access)
Port
29120
Port
29120
Port
29120
Host to host communications
Manager
Agent
Agent
Agent
Agent
Agent
Groups of agents can be added to
logical domains for load-balancing,
redundancy and traffic segregation
Port
29120
Port
29120
Port
29120
Host to host communications
19
© Novell, Inc. All rights reserved.
Port
29120
Port
29120
Underlying Modular Architecture
Windows
Audit DB
Agent
Manager
Agent
Agent
Manager
Agent
Web Browser
(Administrative
Access)
Audit DB
Manager
Command
Control Admin
Safe
Host-to-host communications
Agent
RDP Tunnel to Endpoints
Active Directory
20
© Novell, Inc. All rights reserved.
Agent
Agent
Agent
Novell Architectural Advantage
®
21
•
Robust and scalable architecture with built-in
redundancy to provide 100% availability of service
•
Modular components are deployed and updated
through management console
•
Centralized management of multiple Unix/Linux
security policies across multiple sites
•
Comprehensive audit capabilities for complete
compliance management and forensic analysis
•
Novell Privileged User Manager delivers real-time
security with Actionable Risk Management
®
© Novell, Inc. All rights reserved.
Roadmap
FY 2010
FY 2011
FY 2012
PUM 2.5
• Virtual platforms and privileged
user support
• Privileged service support for IWM
• Privileged access appliance
PUM 2.4
PUM 2.3
• Privileged account access
to Windows servers
• Auditing privileged access
to Windows servers
• Linux users bridging to AD
22
© Novell, Inc. All rights reserved.
• WorkloadIQ integration
• Two-factor authentication support
for privileged access
• Edge Device support sans footprint
• Application-level privileged access
support
• Fine-grained privileged control for
Windows servers
Why Novell?
Differentiators
•
•
•
•
•
•
•
24
Single interface for managing cross-platform server
infrastructure
Ease of implementation and administration
Scalability
Simple policy creation and management
Cross-platform keystroke recording and playback
Real-time risk analysis (anomaly detection)
Integration
–
Novell Identity Manager
–
Novell Access Governance Suite
–
Novell Sentinel
© Novell, Inc. All rights reserved.
Novell Privileged User Manager
EMEA Pricing Promotion Details
•
25
Free 6-month subscription license of Novell
Privileged User Manager (EMEA only)
–
Existing SLES customers with minimum of 10 servers
–
Existing RHEL customers with minimum of 10 servers
–
Up to 10 free subscriptions per customer
•
Available until October 29, 2011
•
Partner landing page: www.novell.com/pumpromo
(requires Novell login)
•
Customer landing page:
www.novell.com/pumsubscription
© Novell, Inc. All rights reserved.
Supporting Materials
26
•
Enablement Central for Partners:
www.novell.com/site/partners/protected/enablement
•
Enablement Central for Employees:
innerweb.novell.com/sme
•
Product Web site: www.novell.com/pum
© Novell, Inc. All rights reserved.
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of
their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make
changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All
Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United
States and other countries. All third-party trademarks are the property of their respective owners.