At the recent RSA Conference in San Francisco, Eric Chabrow, Executive Editor of GovInfoSecurity.com and InfoRiskToday.com interviewed NetIQ Senior Security Product Manager, Matt Mosley and Director of Security Product Management, Matt Ulery as part of GovInfoSecurity's extensive news and views coverage at the show. Below is a full transcript of that interview:
Providing Context to Data - Getting Visibility to Comply with Regulations
Chabrow: Hello, I’m Eric Chabrow of Information Security Media Group and I am speaking with two Matts from NetIQ. Matthew Ulery, who is Director of Product Management, and Matt Mosley, Senior Product Manager. Thank you, gentlemen.
Mosley & Ulery: Thank you, thank you.
Chabrow: First off, we will start with Matt Mosley; tell us about the company and what you do there.
Mosley: I’m a senior product manager, responsible for our security information event management portfolio, which includes our NetIQ Sentinel, Solution and Security Information and Event Management product and NetIQ Change Guardian which is a change audit technology. And Matt Ulery is responsible for our entire security portfolio which includes a number of other solutions as well.
Chabrow: And tell us a bit about NetIQ.
Mosley: NetIQ, we have been in the security space for a number of years, we have a product called NetIQ Security Manager, that’s extensively deployed both in commercial and government agencies, and with our merger with Novell, in this last year, we have expanded our security portfolio to include the Novell Identity Management, the Novell Identity Manager product, which is the Identity manager platform, as well as Novell Sentinel, and so during the past year following the merger of Novell and NetIQ we’ve brought together a lot of the really great and unique strengths of both NetIQ Security Manager and Novell Sentinel into a product that we are actually launching here at RSA , called NetIQ Sentinel 7. And that product is really the culmination of both of these technology platforms coming together in a solution that we believe
delivers unique value to the industry.
Chabrow: So what do you see are some of the major challenges that industry faces?
Ulery: The biggest challenge that we see right now, is the rate of change and the complexity that we see in the environment. The original security monitoring and the security tasks were pretty simple. You were focused on the perimeter and you managed the perimeter. But with the rate of change of just technology and the level of heterogeneity and technology in the environment, then IT delivery models, the increased use of outsourcing, cloud environments, mobile technology, consumerization. Just the rate and the expansion of the security technology and models that our security professionals need to be expert in, has just, expanded tremendously. Then you look at the rate of change with virtualization and cloud and just the pressure that the business is putting onto their security teams. The rate of change they are trying to adapt to is enormous. When you take this, along-side what is an industry shortage of experienced security professionals, and just the challenge of actually finding qualified people to actually man these solutions and to drive and be an expert in your security portfolio there is a critical kind of nexus. A nexus where the security solutions must be able to help the individual get from this huge amount of data and information, add to their knowledge, support their knowledge, allow them to quickly get to actual intelligence, rather than creating, having a complex toolkit of a solution or something that is so complex that by the time they get it deployed and start using it demands more time than they actually have and are not able to yield in end solution. So our focus is completely around how do we actually provide this additional end intelligence, provide context to that data, and yield the ability to have visibility and ease of response to the end customer rather than having them to man a tool nonstop.
Mosley: One of the biggest challenges right now, in government in particular, is around complying with some of the new mandates for continuous monitoring. The reason that is such a challenge is because the scope of what we are monitoring continuously changes. Not only does it change, the environments in which we are trying to implement these technologies change. With the growth of virtualization, even cloud computing now in government, it’s very difficult in many cases to identify whether an activity associated with a given user is good or bad. How do you know unless you have the context to understand not just what happened, but who was the actor associated with the event. When did it happen, where did it happen and why does it matter? And being able to bring together that intelligence of understanding identities and users and roles within an organization. Having rich integration with both the host platforms as well as the applications, databases, different components that impact the security infrastructure and the security posture is critical to being able to accurately identify and respond to security threats when they occur. The problem we have now is we have a lot of information but not a lot of context. So figuring out what it all means and identifying the threats when they occur is really a challenge and is a failure of many of the solutions that have been around in the market for a long time.
Chabrow: Who is the product intended for in the sense of within the organization? Is it strictly an IT person, an IT security person, is it a business owner of an application?
Ulery: The primary owner and stake holder and purchaser of the solution, is typically within the security group. So for security monitoring that’s the person who usually owns this problem set and is addressing these problems, but they have numerous stake holders within the organization. So, there are many people asking for context on what a particular person who may be under investigation has done during a period of time. There are people responsible for certain sets of data within the environment, there are people who are for responsible for instance in managing Active Directory. All of these are peripheral stake holders that all have a large stake in how successful this program is, but the traditional owner of this solution is within, say, the director of information protection or the director of security.
Chabrow: You mentioned earlier, a point about the staffing of IT security. So, your company, your competitors and others, are producing sophisticated tools. Is there a problem still, within the organization of being able to implement tools like yours, because, there is not sufficient number of IT security experts on staff?
Ulery: Absolutely, Eric. That’s a great question. And the challenge isn’t finding the most powerful tool that can solve the problem the best, or the tool that is easiest to use. It’s finding one that can solve the problems in a way that is actually usable. And that’s the challenge we’ve seen. There are some technologies that have very sophisticated correlation and other capabilities that can really narrow it down and find the root of the problem, but generally they require a lot of investment of both time and effort in configuring those technologies, constantly updating them with new information and you need a lot of dedicated resources to do that. Which many organizations just don’t have available today. On the other hand, products that are very easy to use, often don’t have that power and flexibility to adapt to change, adapt to new threats. And so what we have done with Sentinel 7 is really bring out a solution that we believe has the best of both worlds. It’s a solution that has a lot of power and can handle a lot of complex problems but we have really focused in this release on simplifying the product so that the user doesn’t have to be a technical expert. You can implement the product, configure it, and then the day to day use of the product can be by someone who may not necessarily have that deep level of subject matter expertise, and can still get the information they need and find the data they need when they need it.
Chabrow: We’re here at RSA 2012 in San Francisco, obviously a goal of your organization is to be able to sell your product. What would, besides more sales, what do you hope would be your take-away personally of knowledge or whatever from the conference? We’ll start with Matt Ulery.
Ulery: From this conference in particular it’s interesting seeing what the current trends are. We are speaking with a lot of customers here - not just people that come by the booth - but in various meetings, and seeing what are the major trends. You see a lot from vendors who are putting out a lot of messaging, a lot of new subjects, and trying to get the greatest amount of attention. But it’s interesting what the core themes are. Not just from the vendors, but from the consumers - the ones that are asking us for information, asking us to solve their problems. And what we are continually seeing is that, what Matt Mosley just mentioned, the idea of I’m challenged and I need to get this actual intelligence. I need to be able to get it readily and without a significant team in place all the time, constantly tinkering with the toys, and seeing if that is a consistent message at this show as well. So validating our direction and making sure that we respond appropriately.
Chabrow: Matt Mosley
Mosley: I am going to agree with what Matt said. I think the greatest benefit of RSA is to, really, listen not necessarily to the vendors, but listen to the attendees and listen to the themes as well. This is a very dynamic, changing industry and changing space that we are in. And you can see that over the years at RSA every year there are sort of different key themes that emerge and looking at how those themes are reacted to by the consumers at RSA will give you an idea of whether they're ’really forward looking ideas that maybe are a problem in the future but not now versus we are really focused on developing solutions to the problems that our customers have today and the challenges they are facing, right now.
Chabrow: Well, thank you Matts. I have been speaking with the two Matts, Matt Ulery and Matt Mosley of NetIQ. For Information Security Media Group, I’m Eric Chabrow, thanks for listening.
You can listen to the audio recording on this interview at InfoGovSecururity.com and other interviews undertaken with the likes of AppRiver, NIST, Booz Allen Hamilton and many more.
Mar 13 2012, 02:48 PM
Filed under: Virtualization, NetIQ, RSA Conference, Regulations, Consumerization, IT Security, Cloud, Mobile, Monitoring, Novell, outsourcing, Identity Manager, Government, Sentinel 7, Matt Ulery, Security Manager, Eric Chabrow, mandates, GovInfoSecurity.com, InfoRiskToday.com, Matt Mosley, David Shephard, Security Web