SGCC has been a long-time user of NetIQ Identity Manager™ and NetIQ Access Manager™ to provide a unified identity solution for its 34,000 users. In recent years security has become a more serious issue, with criminals actively harvesting information from data breaches, leading to revenue losses.
Although SGCC had a security system in place to protect its business systems and unified identity systems, the solution wasn’t satisfactory, as Mr. Lu Shida, Director at SGCC, explains: “We couldn’t report on our data in a centralized manner, all the data was separated into different systems. That meant that when we found a security threat, our security administrators would need to examine the logs for each business system. This would take too much time; time in which a security breach could do untold damage to our business. This manual and time-consuming process meant we couldn’t meet our compliance regulations and were being charged penalties.”
SGCC needed a solution to help quickly identify data breaches and data theft. It also needed support in highlighting account password breaches and auditing so-called ‘zombie’ accounts; accounts which aren’t in active use, but which could pose a security risk. As an existing Micro Focus identity and access management customer, it was vital that the security solution integrates with the unified identity solution.
SGCC investigated the market to look for an agile, scalable, and high performance security solution which could be integrated with the Micro Focus identity and access system. SGCC evaluated NetIQ Sentinel, along with EMC eVision and IBM Qradar. EMC was discounted as the software is typically bundled in with EMC hardware; it doesn’t contain an auditing and reporting module, which was important to SGCC; and proved an expensive option. Though the IBM solution was of interest, SGCC was concerned about the lack of IBM support services in China and its ability to help deliver the project.
Mr. Lu Shida comments on the decision for Sentinel: “The native integration between Sentinel and our unified identity system allowed us to introduce many more security features without having to change our system architecture. The Sentinel components are scalable and can easily be extended to meet any future needs we might have. The Sentinel implementation was easy and we were quickly up and running.”
The solution creates daily reports for key application systems and it audits users who have bypassed the unified identity system so that alerts are sent to the security team. Quarterly, the system generates a report to highlight accounts which haven’t been used, so that these ‘zombie’ accounts can be closed down.
With 34,000 users to manage, understanding the “who, what, when, where, and how” of user system access is essential for controlling insider-based risks. Sentinel integrates security data with unique user identity information to help SGCC quickly identify risky access behaviors. To support SGCC’s compliance position, Sentinel simplifies the collection of security events to automate compliance audit and reporting functions and significantly reduce the complexity, time, and costs of locating and preparing data required by auditors.