Fortifying Your Agency with Security Management

WHITE PAPER: SECURITY MANAGEMENT Fortifying Your Agency with Security Management AUGUST 2007 Sumner Blount CA S EC U R I T Y M A N AG E M E N T Table of Contents Executive Summary SECTION 1 2 The Agency Security Challenge Managing Security Risks While Improving IT Efficiency SECTION 2 3 What Agency Security Must Deliver SECTION 3 4 How CA Helps You Make It Happen CA Identity and Access Management CA Threat Management CA Security Information Management SECTION 4 7 CA: Your Partner for Security Management CA Security Past Performance Customer Success SECTION 5 8 CA Core Security Management Solutions SECTION 6 9 Conclusion SECTION 7 9 About the Author ABOUT CA Back Cover Copyright © 2007 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “As Is” without warranty of any kind, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. Executive Summary Challenge Federal agencies understand the critical importance of protecting mission-critical data (including confidential citizen information), applications and systems. But resource conflicts and complexity hinder them in adopting a flexible security posture that prioritizes their risks, assures alignment with their missions and streamlines compliance. Opportunity Federal agencies are increasingly concerned about the damage that threats of all kinds can cause. In addition, managing users and their access privileges is straining the administrative capability of most agencies, as well as challenging their existing security mechanisms. For agencies, opportunity lies in understanding the scope of these issues and deploying industry leading security management solutions that give IT the upper hand in identifying and defeating these threats as they occur, and in effectively managing their expanding user population. Benefits The benefits of an effective, well-designed security management system extend to the foundations of the agency itself. Protecting citizen personal information and securing confidential agency data from unauthorized access means protecting an agency’s most vital assets. The benefits of a strong security management platform are profound — reduced IT risk, improved client satisfaction and confidence and increased service availability. A successful security management strategy helps ensure continuous agency operations by minimizing risk at virtually every level of the organization. Because IT budgets are always tight, a successful security management system can also help IT stay within budgetary constraints and increase operational efficiencies. WHITE PAPER: SECURITY MANAGEMENT 1 SECTION 1 The Agency Security Challenge Managing Security Risks While Improving IT Efficiency Sustaining the security of your agency isn’t just a priority. It’s a prerequisite for everything else you do. You absolutely cannot permit any risk to threaten your organization and mission by: • Damaging assets and resources • Degrading performance • Compromising mission capabilities • Damaging critical information • Improperly sharing sensitive data • Having major breeches of fiduciary responsibilities • Harming the health or well being of employees and citizens You must constantly detect and respond to real threats, maintain a complex security infrastructure that spans wired and wireless capabilities, sort through massive amounts of security information and support all of your users. Meanwhile, who knows what other types of contingencies may arise? Of course, managing such day-to-day concerns is just one of your full-time jobs. The other is addressing longer-term issues — such as emerging risks, accelerating threats and evolving mission requirements — while figuring out how you’re still going to reduce costs, maintain controls and factor in the impact of national security issues and conflicts. Any one of these issues would make security a relentless challenge for your agency. Together, they cloud the big picture, hinder your options and obscure your wisest course of action. At CA, we can help you cut through the fog of operations, gain visibility and determine once and for all: • Who can access your systems and resources • What’s happening across your agency right now • What your vulnerabilities are • What you must plan for in the future • If you are complying fully with all security requirements 2 WHITE PAPER: SECURITY MANAGEMENT SECTION 2 What Agency Security Must Deliver The long list of security issues you face adds up to two goals: maintaining alignment with your mission and reducing your risk. This is becoming increasingly difficult as your operational tempo approaches real-time. There’s only one way to make it work — with planning, anticipation and pre-emptive decision making that allows you to: • Overcome the distractions of day-to-day operations • Discern how all the details add up to the big picture • Respond to the real threats occurring right now • Ensure you can respond to new threats as they emerge An amalgam of separate point solutions can’t help you do these things. They’d just snow you in under a blizzard of information and false alerts. But what if a series of carefully matched solutions could function together as the essential components of a fully-integrated security management platform? Then you’d have a comprehensive and capable command and control center enabling you to: • Know what’s happening everywhere, right now • Sift through huge amounts of security information • Detect and respond to what’s truly important • Set and consistently enforce your policies • Maintain readiness for future requirements • Comply with FISMA, HSPD-12 and other mandates • Adhere to the standards in your security reference model With such a platform in place you can ensure your agency and its resources are secure, available and aligned. You can assess and mitigate risk as you enable new applications, services and capabilities. Best of all, you can do all of this even as you reduce costs by: • Increasing utilization • Boosting productivity • Eliminating downtime • Preventing expensive and embarrassing events • Building compliance directly into operations WHITE PAPER: SECURITY MANAGEMENT 3 SECTION 3 How CA Helps You Make It Happen CA creates software for managing the different components of your agency’s enterprise, unifying them, simplifying them and securing them — according to your mission and the requirements that govern it. We have a new approach to eliminating all barriers to partnership with IT. We call this approach Enterprise IT Management (EITM). It’s our vision for how you can proactively and dynamically manage systems, network, storage, applications, databases and everything else, all through one integrated framework. Instead of point-by-point security tools that just add to the complexity, CA provides a framework of solutions that work together to let you harmoniously manage your enterprise, even as those tools work independently to support specific security functions. CA security management solutions serve as a central command-and-control platform that gives you proactive knowledge and control over: • Who can do what within your enterprise environment • What is happening across that environment • What to respond to first and how to respond to it They help you transform security from an expensive, cumbersome burden into a missionenabling function with three integrated components: 1. 2. 3. Identity and access management for consistently enforcing security policies Threat management for preventing malicious code and content from infiltrating your enterprise Security information management for integrating, prioritizing and acting on security event data The threats you face are complex and tightly intertwined. Working together, the three components of CA security management give you a security solution that is equally comprehensive and focused on your priorities. CA Identity and Access Management CA is a clear market leader in providing Identity and Access Management (IAM) solutions. Our IAM products enable you to proactively manage the access and privileges of your employees, contractors and vendors, those you serve and anyone else who needs to use your systems, applications or data. They allow you to set and tailor policies for access to all of your assets, including: • Host systems • Files, databases, and system services • Granular superuser access privileges • Web applications • Web services • Sensitive information and personal data 4 WHITE PAPER: SECURITY MANAGEMENT And, they make sure you can answer such essential questions as: • Who are your users? • What can they access? • What can they do with that access? • Does that access match their role and your policies? • What was the result of a given access event? CA’s IAM solutions work in concert, allowing you to manage identities and access as an integrated whole by supporting such functions as: • Process management, including proofing registration and entitlement required by FIPS PUB 201 under HSPD-12 • Provisioning access rights to all systems and assets • Enabling strong policy-based authentication, according to user roles • Enforcing access controls across your agency’s enterprise and computing facilities • Auditing IAM data in compliance with FISMA and for post-event forensic analysis CA’s IAM solutions also work separately, allowing you to implement these functions in a modular fashion. You can deploy them as needed in specific offices and departments. Or, you can implement them across your agency to integrate enterprise-wide security. CA Threat Management CA helps you build a robust, open infrastructure for threat management that serves as an integrated platform for proactively detecting and preventing threats. Our threat management family of products, in combination, support all essential threat functions, including: • Detecting, correlating and analyzing events • Working automatically to issue alerts and respond in real-time • Capturing event data for forensic investigation and remediation With these strong, centralized capabilities, CA threat management helps you take quick and confident action as an attack is occurring, learn from what is happening and adapt your policies to prevent future incidents. That gives you the strategic ability to: • Meet and defeat a comprehensive range of attacks • Enable preventative and rapid response approaches • Improve your security posture • Reduce your exposure to serious incidents WHITE PAPER: SECURITY MANAGEMENT 5 It also gives you the tactical capability to: • Stop viruses, spyware and other malicious code before they can do harm • Filter inbound and outbound Internet content • Prevent malicious content from infiltrating your systems and information • Block spam from clogging your e-mail systems • Assess vulnerabilities and close them before they can be exploited • Prioritize remediation according to the risks you face • Measure your systems against benchmarks for policies and regulations CA threat management helps you visualize the big picture, putting you in control with a common interface that lets you prevent rather than merely react to events. CA Security Information Management What’s the right amount of security information? Clearly, it’s what you can use, not the overwhelming mass of raw data generated by all of your devices. CA security information management helps you refine essential knowledge from all those alerts, logs and reports. It automates your critical monitoring, tracking and reporting for: • Real-time event management • Incident management • Investigative analysis • Vulnerability management • Compliance and audits CA security information management solutions work by filtering, aggregating, correlating, prioritizing and presenting security data from heterogeneous sources. They’re based on an open and flexible architecture. They integrate seamlessly with a wide range of enterprise management solutions. And, they offer superior visualization and analysis capabilities with customized operational views and a consolidated dashboard interface that enables you to: • Quickly identify unusual activity • Determine what assets may be at risk • Take proactive steps to prevent or curtail events • Precisely determine the nature of any events that occur • Capture that experience to better enable future decisions • Generate audit — or compliance-ready reports CA makes sure you’re never blinded by the sheer volume of your security data. Rather, you can use it to meet your management requirements and make compliance an ongoing, integrated component of your security operations. 6 WHITE PAPER: SECURITY MANAGEMENT SECTION 4 CA: Your Partner for Security Management Why choose CA as your security partner? Here are five good reasons: 1. 2. 3. 4. 5. CA gives you a complete set of integrated and modular solutions that address your security requirements at all levels, across your entire agency. CA IAM solutions enable to protect a wide range of IT resources, across all environments from the Web to mainframe. CA security solutions can be implemented in a modular fashion, so that your current and emerging needs can always be met cost-effectively. CA offers flexible licensing and pricing that gives you financial control. Unlike its competitors, CA does NOT require extensive and expensive consulting services to make its solutions work properly. If the need for deployment services arises, CA has extensive and proven expertise in successful security solution deployments in some of the largest and most complex IT environments in the world. And 10 critical benefits—CA’s security management solutions help you: 1. 2. 3. Ensure compliance with FISMA, HSPD-12 and other mandates by streamlining data capture, storage, availability and audit-ready reporting. Cut costs by preventing expensive downtime, increasing productivity, reducing support requests and automating threat/vulnerability management. Manage risk by giving you a complete view of your security operations, providing an integrated management platform, improving security awareness, quantifying threats and accelerating response. Translate experience into more robust defense by determining the real cause of events and mitigating the risk of reoccurrence. Streamline security operations and gain efficiencies by automating threat management, freeing staff to focus on strategic priorities and maximizing the value of your investments in security technology. Scale as your security requirements evolve. Manage your entire IT infrastructure on one platform by integrating with CA network and security management solutions. Prioritize management and protection of your data, assets and resources according to their mission value. Derive more value from a multi-vendor environment, preserve your options and prevent lock-in. 4. 5. 6. 7. 8. 9. 10. Boost productivity, enabling you to be more responsive and deliver better service. This is how CA enables you to integrate security across your enterprise, protect the value of new capabilities and address the real risks you face, even as you reduce the cost of assuring your mission. WHITE PAPER: SECURITY MANAGEMENT 7 “As one of the largest Air Force bases in the western United States, we are a target for spyware attacks. In just one year, CA PestPatrol has protected our businesscritical computer systems from over 500,000 dangerous pests.” Robin Carlisle Program Manager, Hill Air Force Base CA Security Past Performance Theory is all well and good, but the only thing that counts for our security customers is results. Here is one example of how CA has partnered with agencies across government to govern access to mission-critical assets, manage threats and maximize the value of security information. Customer Success HILL AIR FORCE BASE Hill Air Force Base (AFB) could not risk letting spyware compromise the highly confidential information on which its operations depend. It needed an enterprise anti-spyware solution that could be rapidly deployed yet handle the scope and scale of Hill’s infrastructure. After extensive testing and research Hill AFB selected CA Anti-Spyware. Deployment to 20,000 Hill users took just two weeks. During its first year in service at Hill, CA Anti-Spyware eliminated over 585,000 pests. In addition to that depth of detection, Hill AFB uses CA Anti-Spyware central management console and reporting capabilities to streamline compliance with FISMA and other security requirements. SECTION 5 CA Core Security Management Solutions IDENTITY AND ACCESS MANAGEMENT THREAT MANAGEMENT SECURITY INFORMATION MANAGEMENT • Identity management and provisioning • Web access management • Host System access management • Directory • Federation • Transaction access management • Single sign-on • Integrated threat management • Anti-virus • Auditing • Secure content management • Anti-spyware • Security command center • Network forensics • Vulnerability management 8 WHITE PAPER: SECURITY MANAGEMENT SECTION 6 Conclusion CA is one of the world’s largest IT management software providers. Our software and expertise unify and simplify complex IT environments in a secure way across the enterprise for greater mission results. We call this Enterprise IT Management (EITM)—our vision for how you can securely and dynamically manage systems, networks, security, storage, applications and databases. EITM lets you build at your own pace on your IT investments, rather than replacing them, thereby maximizing your value and reducing your risk. SECTION 7 About the Author Sumner Blount is the Director of Security Solutions at CA. WHITE PAPER: SECURITY MANAGEMENT 9 CA, one of the world’s largest information technology (IT) management software companies, unifies and simplifies complex IT management across the enterprise for greater business results. With our Enterprise IT Management vision, solutions and expertise, we help customers effectively govern, manage and secure IT. WP05FORTSEC01E MP319170807