Integrating QRadar DSM with Secret Server

Leveraging Secret Server event data with IBM’s QRadar Security Intelligence Platform can give organizations deep insight into the use of privileged accounts (such as Windows local administrator, service or application accounts, UNIX root accounts, Cisco enabled passwords, and more). Used together, these tools provide a secure access for privileged accounts and a greater visibility to meet compliance mandates and detect internal network threats.

Privileged Account Management

Many environments with strict Information Security policies also require methods to control and monitor access to privileged accounts. Enterprises often apply security policies such as physical access restrictions to hardware, network firewalls, appropriate-use guidelines, and user account restrictions. In the case of privileged accounts, access is more difficult to track and verify. Implementing privileged account management software, enables the organizations to control and track access.

Enterprises that implement Secret Servers gain the ability to grant or deny granular access to critical systems. Once access is granted, it is tracked based on a wide range of events. While alerting is a core functionality within the Secret Server, managing real-time events on the aggregate can be cumbersome. Leveraging QRadar to manage these real-time events allows users to build customized risk analysis into their privileged account management policies. Mitigating internal privilege account threats helps organizations meet compliance requirements with the Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security Management Act (FISMA).

Risks and Benefits

Unmanaged privileged accounts often enjoy unchecked access across a wide array of systems, networks, and databases. Unmitigated top-level access, in the wrong hands, can be devastating to an organization. The potential for liability is not limited to internal data and productivity loss but can include criminal and civil penalties for unauthorized disclosure of private or regulated information. Implementing an enterprise-level privileged account management system (Secret Server) with a real-time event management system (QRadar Security Intelligence Platform) allows organizations to mitigate risk. Critical systems can only be accessed by pre-defined users. IT Security Auditors can track access based on the needs of the enterprise.