Friday, January 11, 2013

Priority Based File Inetegrity

The WEVO Group’s File Integrity Process analyzes events generated by Symantec’s Critical System Protection, CSP. This solution is a full featured File Integrity Process that facilitates the discovery and review of all CSP Events greater than a specified priority level. The process automatically checks for active suppressions and change requests to determine if the event can be omitted with reason from further review. The process allows the security team reviewing the events to create Incidents for further investigation, suppressions, or ignore the events at the server level. The process creates a feedback structure where suppressions can be reviewed and we can determine if the CSP policy should be tweaked to weed out Business as Usual events.

This process adds true business value by helping to insure that you are getting maximum benefit from you CSP. It also provides your auditors with a clear and concise picture of how you are able to identify, investigate, and remediate high priority events helping to insure the integrity of your company’s data and brand.

Check out the video below for a quick look at the process:
As always we welcome any questions or comments below or feel free to contact WEVO directly.

Thanks,
WEVO Group

Friday, December 21, 2012

Server Event Count Monitor Process

A main purpose of security business process is to assist with using your current security tools to it's fullest extent. The fact is the most organizations generate an absorbent amount of events each day, therefore it's near impossible to have employees investigate each one. Implementing sound business process together with automation will allow organizations to investigate all events that should be investigated. 

The Server Event Count Monitor Process allows Security Administrators to monitor event counts by server generated by Symantec's Critical System Protection (CSP) .  The process looks at total event and high priority event counts to determine if a server needs to be reviewed.

The Server Event Count Monitor Process will:
  • Proactively monitor servers by CSP events and present them to an administrator in an intelligent grid.
  • Works with Enterprise ServiceDesk and can ignore file event count spikes caused by approved Change Windows
  • Allows for 1 click remediation of issues.
Here is a quick video highlighting the process:


As always we welcome any comments or questions below or feel free to reach out to WEVO directly.

Thanks,
WEVO Group

Friday, November 9, 2012

Active Directory Management

Very rarely are you able to find an active directory that can be confidently endorsed as being accurate and current. Typically this is because ongoing maintenance and management is left up to an overworked and understaffed group within IT. For example requests to be added to AD groups require submitting a help desk ticket. Now you have a help desk technician that probably has nothing to do with finance having to track down an approval and add a user to the finance group giving them access to applications, file folders, servers, reports, etc.There are also stories about user accounts remaining active for months or years after the person leaves the organization.

Why not give end users secure, limited access to AD through a web based, self service application to request access to groups and update personal information? Also why not have managers and group owners, again through secure limited access, to bare the brunt of the ongoing maintenance and management? Give them access to approve or deny access requests to the groups they own through a secure web form?

The Active Directory Management Portal showcased in the following video addresses these use cases. Through the portal end users can change personal information stored in active directory such as home phone, cell phone, and home address. Nothing company related, but information that you would like to have current. They can also request access to groups through a web form. The request gets routed to the group owner for approval. Once approved the user is added to the AD group automatically and is granted all the access rights offered by that group. The added value of this system is that administrators can schedule periodic maintenance (monthly, quarterly, annually, etc) where all group owners receive a task to review their group membership. Also managers get a task with a list of employees that report to them according to AD. From the portal they can remove group members that they deem don't require access or inform that an employee doesn't report to them or they are missing an employee. So what happens is that the workload gets distributed throughout the organization instead of being the sole burden of IT.

Check out the video and feel free to post questions in the comments or reach out directly.

Thanks!
WEVO Group

Thursday, January 26, 2012

Identity & Access Management

Here is a great article about Identity & Access Management and the importance to organizations to be managing this part of their business. "Identity and Access Management: A New, Less Excruciating Approach".

WEVO Group's Entitlements solution provides the best practice in the management of application access auditing to meet requirements for SOX, HIPAA, PCI, and other regulatory compliance. The process insures that all people that have access to any application can be attested to and removed if necessary. The process distributes the workload of this audit throughout the organization to insure a streamlined and quick process.

Please contact us for more information and as always comments/questions are welcome directly through the blog.

Thanks!

Wednesday, January 4, 2012

Welcome to the first posting of the Security Business Process Blog – sponsored by WEVO Group

WEVO Group is a Symantec Partner that specializes in Symantec Workflow. We are at the forefront of the Security Business Process movement.

A Security Business Process interacts directly with, or sits on top of, a security tool. It’s purpose is to evaluate the security event data that is being generated and to take pro-active action based on the risk associated to the enterprise.

The Security Business Process extends the capabilities of the security tool as it allows the tool to integrate into other systems in the environment within the organization, it can apply variable logic to events, and it closes the loop by notifying the appropriate team(s) when an issue has been discovered so it can be investigated and handled in a timely manner. By implementing Security Business Processes with your existing tools you are creating a complete Information Security Management solution.

To date we have built Security Business Processes that analyze file changes, quarantine files with sensitive information, and check the agent status on servers. We continue to develop more solutions through partnerships with our clients that drive due care security compliance.

This blog is dedicated to the discussion of Security Business Processes, we hope to discuss challenges that we are all facing from security threats and to discuss how Business Processes, not just related to the tools but to the organization as a whole, around security can positively affect an organization.

Please feel free to comment, ask a question, or add to the conversation in anyway. We enjoy reading the feedback.