Novell Security Information & Event Management tied into Novell Identity Manager 4.
Novell ATT Live Round Up Part 2
Location: Vegas Baby!
So a team of IDMWorks folks ventured to a little known town of Las Vegas to attend the 4 day ATT Live Novell Training, Update and Marketing summit. So what did we learn? Much like the Vegas buffets we had our pick of many tools, overviews and information sessions. Each of the IDMWorks team members (there were 4 of us present) choose a little from column A and little from column B. As such I plan to speak to the sessions I attended and what I saw as well as my likes and dislikes.
This will be a multipart blog entry, as such I bring you Part 2: Novell ATT Live Roundup – Sentinel Security Information & Event Management!
The Novell sessions at ATT Live were interesting in that they weren’t full blown product training as much as bits and pieces specific to tasks within a product (such as Driver Packaging for Novell Identity Manager 4). The Novell Sentinel briefing I attended was “Identity Tracking for Novell Sentinel and Identity Manager” in which staff (preferably security) are alerted in real time of a breach in security allowing the staff to take immediate action to halt the user from being a bad, bad man (or woman). The key here is to know the old WHO, WHAT, WHERE and WHEN of the breach and having the means to not only identify but stop the malicious activity. Timing is of the essence here.
The lab revolved around tying the Novell Identity Manager 4 product into the Novell Sentinel product with ease. I won’t lie here and tell you that everything went uber smoothly or that there weren’t any glitches in the process but what I can tell you is that with a little elbow grease this is a completely doable proposition. The event monitoring can show us when an employee used their proximity card or badge to enter (who). When the user logged in to his/her laptop. What applications and databases they accessed. What policy they violated or breached and when they did it (in real time) and incident management and remediation. In the case of Novell Identity Manager 4 the action was used to trigger an immediate shutdown of all access rights including (but not limited to) Login ID suspension (works great if that account is SSO enabled for a one stop method), application access termination (if not SSO enabled), Badge credentials revocation (or CAC if you prefer), and immediate compliance audit and reporting to security staff members. Pretty…Frickin…Cool.
Now this has whet my appetite big time. It makes me want to see what other products are out there that also fit the bill and I see me taking a look at the Microsoft, Oracle, IBM and CA offerings that have a similar proposition soon to take a look at how they stack up. Feel free to sound off below on your experiences with Novell Sentinel or a similar vendor product.
As usual, questions, comments or needs, contact us here.
And Happy Holidays from the crew at IDMWorks!