NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading. This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.

1. Proven Practices to Protect Critical Data Matt Mosley Sr. Product Manager Matt Ulery Director, Product Management

3. Virtualization & capacity optimization

5. Mergers & acquisitions

8. The New Security Team Protection of sensitive data and mission-critical systems remains a key business objective. Regulatory compliance has provided funding but increased the workload. Compliance programs should (but don’t always) provide meaningful security benefits. 4

9. Supermarket Chains Hit By Data Theft Robert McMillan | IDG News Service| March 18, 2008 Data thieves broke into computers at supermarket chains Hannaford Brothers and Sweetbay, stealing an estimated 4.2 million credit and debit card numbers, Hannaford said Monday…. The Associated Press reported Monday that more than 1,800 cases of fraud had been linked to the theft, which affects 4.2 million credit and debit card numbers… Dai Nippon Printing reports client data theft Reuters | 12 March 2007 TOKYO, March 12 (Reuters) - Japan's Dai Nippon Printing Co. said on Monday a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients including Toyota Motor Corp. Dai Nippon, one of Japan's largest commercial printing companies, said the confidential information included names, addresses and credit card numbers intended for use in direct mailing and other printing services. Dai Nippon said the employee stole client data between May 2001 and March 2006 by copying information on to floppy disks and other recording media. Payment Processor Breach May Be Largest Ever By Brian Krebs | Washington Post | 20 January 2009 A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported. When It All Goes Wrong… “In filings for the Securities and Exchange Commission, Heartland said that it lost $2 million in the second quarter of this year, and that the 2008 data security breach cost it $32 million as of June 30 (2009)” – Credit Union Times 5

11. The best way to achieve compliance is to get the security basics right.

12. Use compliance programs to help focus security, refine processes, and document what’s done.

13. Relying simply on compliance to provide security leaves organizations open to attack.6

14. It’s a Brave New World Cloud computing, virtualization and the consumerization of IT have led us to ask: Who has access to our data? Where are they accessing it from? How do I monitor privileged activity? 7

15. Start by Understanding Risk What are we trying to protect? Identify and classify sensitive data and assets. Who or what are we protecting it from? Vulnerabilities can be technical or non-technical. Accidents or errors often cost more than malicious attacks. What would happen if we fail? Failure to meet regulatory mandates can be costly. Lost business opportunity or interruption of activity. 8

16. Identify and Protect Critical Data Finding the data Data may be in files, on physical media, in databases, or in the cloud. Most breaches involve data that the victim did not know was there. Categorizing data What data is sensitive and at risk? Monitoring access Can I identify abnormal access? Who is really accessing the information? 9

17. Monitor User and Resource Access “Out-of-date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organizations.” – IDC Insider Risk Management, August 2009 “Authorized” users are a major threat to data: Theft, fraud and abuse remain significant problems. Accidental exposure or loss of data. Privileged users represent the greatest risk: Can insert malicious code just about anywhere. Have the ability to override system controls without detection. 10

18. The Importance of User (De-)Provisioning Rajendrasinh Makwana, 35, of Frederick, Maryland, was indicted on January 27 for the attempted malware attack. “Despite Makwana’s termination, [his] computer access was not immediately terminated.” - FBI agent Jessica A. Nye stated in the affidavit. Makwana created a malicious script: - Designed to propagate to all 4,000 servers. - Damage would have cost millions of dollars to repair. Nearly 80% of terminated employees take data with them that they know is against company policy. – Dark Reading Tech Center – Insider Threat: March 2009 11

19. Control and Monitor Privileged Access Monitor system and file integrity Changes to key system files. Modification of rarely accessed data. Investigate unusual changes Changes to key system files. Modification of rarely accessed data. Audit individual actions Focus on privileged and “high risk” users/accounts. 12

20. Capture and Monitor Log Data Security and network devices generate lots of data OS, Network, Virtual, P&A, User Activity, DAM, IAM. Compliance mandates capture and review of logs Logs can often provide early warning signs 82% of the time, evidence was visible in logs beforehand. Failure to monitor is costly Breaches often go undiscovered and uncontained for weeks or months. 13

21. Physical, Virtual, Hybrid Virtualization brings its own challenges to maintaining compliance Maintain and extend security for critical system into the virtual environment Audit and configuration are just as important Log management is still required 14

22. Some Questions to Ask Yourself… How do I monitor privileged users? How do I detect changes? How can I see what has changed, and who changed it? How do I see when someone accesses sensitive information? How do I know if someone copies sensitive data? What about protecting Active Directory and Group Policy Objects? What about relational databases? 15

23. Summary Complexity is increasing; capacity is not. Criminals are having success exploiting weaknesses in process as much as technology. Hybrid service delivery models simply change the threat vector but do not reduce the risk. Focus on basic good practices to get ahead of the bad guys. 16

25. Track privileged user activity

26. Protect the integrity of key systems and files

27. Monitor access to sensitive information

28. Simplify compliance reporting

29. Monitor and manage heterogeneous environments including custom applications

30. IT Service validation and end-user performance monitoring

31. Dynamic provisioning of large-scale monitoring with exceptions

32. Functional and hierarchical incident escalation

33. Deliver and manage differentiated service levels

34. User Provisioning Lifecycle Management

35. Centralize Unix account management through Active Directory

36. Reduce number of privileged users

37. Secure delegated administration

38. Windows and Exchange migration17 © 2010 NetIQ Corporation. All rights reserved.

39. Learn More in Our Virtual Booth Complete our survey. For a chance to win one of two Apple iPads. Chat with our product experts. Download analyst research reports: “Build Security Into Your Network’s DNA: The Zero Trust Network Model” - Forrester View recent webinars with industry experts: “Combating the Insider Threat: Vulnerabilities and Countermeasures” with Ira Winkler Access informative whitepapers, including: “Address the Insider Threat of Privileged Users”, co-authored by Dr. Eric Cole 18

40. Thank You For Attending!