Compliance dictates we need to log everything within scope, we must then review the reports of the logs. Can we really be trusted to look at all of these reports, and if so can we really get anything constructive out of them?
Most believe the answer is NO, most also do not believe anybody or even a team can look through hundreds of pages of reports daily and be able to categorically say there were no breaches to regulatory compliance.
I’m not saying we shouldn’t worry about being compliant and I’m certainly not saying we shouldn’t monitor what is happening on the network. What I’m saying is SIEM reporting doesn’t work, it never has and unless there is a new breed of super auditors it never will.
So what can we do to ensure we are compliant?
Well there are a number steps we can take to ensure that we are compliant. Here are my top 10:
- Create a useable and understandable security policy based on compliance and business needs
- Ensure that all employees and third parties, read, understand and agree to the security policy
- Enforce the policy, there is no point in having a policy if it’s not enforced
- Create a system of least privileged access
- Use workflows to ensure only authorised and approved access to critical data systems
- Monitor and record all sessions related to privileged data to critical systems
- Notify all users connecting to the monitored systems that they are being recorded and possibly watched (Four Eyes principle) in real time
- Systematically audit the connections of critical systems
- In case of a breach use the recording to understand if the breach was accidental or malicious
- Learn from any breaches and strengthen the policy and if needed reduce access further
I often get asked “how can we put all this together without rebuilding the network?"
The WAB Suite provides you with the ability to remove access to privileged data, record sessions, manage accounts and passwords, audit users, control access to specific applications and provide a message / warning at the start of each connection that the session is being monitored.
“My Admins won’t like that” is another point that I’m told again and again
WAB Suite isn’t there to stop them working, they can use their own tools such as Putty, WinSCP and other home grown products.
Our WAB Suite is there to help with their day to day regimes, it can help protect them with the recordings they can show exactly what work was done during change requests and emergency work
They no longer need to remember IP addresses or passwords as WAB Suite provides a point for single sign on and remote admin credentials for servers, network devices, data bases and applications to name but a few.
What about staff turnover, do I need to train new staff?
The WAB Suite is simple to administer; most users will have only 2 tabs Preferences and Authorisations.
Preferences are for changing passwords and email etc.
Authorisations allows the user to simply click on the device/devices they wish to connect to.
When an employee or contractor leaves there is just one place to disable there account therefore the Ex-Employee threat is reduced to a single point of audit.
Oh yes that word Audit, how does this help me with audits and my compliance requirements?
Simple, WAB is a single source of authentication, WAB connects to the remote devices and provides the credentials needed to authenticate and establish the session. The WAB Suite provides a full audit trail of the username, the remote account, the duration and protocol used.
As the user is authenticated with their own account, generic accounts can be used once more on the remote devices, this helps with cleaning up unused or old system accounts.
This all sounds very complex, do I need agents on every device?
WAB Suite uses NO AGENTS; the WAB is a guardian and therefore only connections established through the WAB are recorded and monitored, this helps reduce scope for compliance and issues with privacy regarding person email and internet usage.
Sounds too good to be true?
To find out more visit www.wallix.com/en or click below to know more about Wallix' privileged access management solution.