In this webinar I’m taking a different approach by taking a step back and looking at the need for a bird’s eye view of security information across your entire organization including all of your security products. Some might feel like SIEM should do that but I often find that most implementations of SIEM (Security Information and Event Management) are heavy on the “E” and light on the “I” meaning that folks are getting logs but not all the other critical non-event security information in their organization. Examples of such information include:
• Identity and access entitlements
• Security configuration
• Relationship of objects
• Timeline of events
There’s nothing native to Windows or any other environment that’s going to solve this issue and so I’ve chosen Quest to help me. Quest Software is the longest and biggest sponsor of my real-training-for-free events going back 10 years almost. That’s for 2 reasons: 1) They “get it” in terms of the value of helping provide education and are always willing to sponsor great topics. 2) Quest has the largest stable of information security products out there. And their IT Security Search solution is one of the things they’ve been doing to create synergy between their products and help you get that bird’s eye view of security information across your entire organization. IT Security Search uses simple, natural search language to query IT data correlated from disparate systems and devices including:
• User accounts
• Groups and nested group membership
• System security configuration
• File permissions and other entitlements
• Change auditing
• Log data from systems and other security products
Google is the ubiquitous portal to the Internet and all of its information; Google does a great job finding desired information in a simple way. What we need is something similar for all the security information on our network. Please join me to see how Quest is working to do just that with IT Security Search.