One of the biggest challenges for organizations today is complying with numerous internal policies and government regulations. Ranging from payment card standards to patient privacy rules, achieving and proving compliance requires the right mix of processes, policies, and technology. And although there are many Best Practice guides available, many business owners and IT managers remain confused.
And it's no wonder. Determining technical requirements is challenging enough. Do you have the right mix of tools for managing accounts and privileged access? Monitoring and reporting on user activity? Or assessing the current state of your environment? When the auditors come knocking, can you prove compliance in your day to day operations?
Hi. My name is Thom Brainard, Product Marketing Manager at Dell Software. And today we'll be discussing some of the challenges faced by systems and security administrators, as you work to achieve and prove IT compliance and security. I've asked Alexey Korotich, Product Manager for Enterprise Reporter from Dell Software to join us today. Alexey, thanks for taking time to talk with us today.
Hello, Thom. It's my pleasure to be here.
So IT compliance is a rather large subject, so I'd like to limit our conversation today to assessment. And by assessment, I mean the collection, storing, and reporting of information about Windows environments, including Active Directory, Windows file servers, and SQL Servers. So, Alexey, what kind of upfront assessment do enterprises need to ensure security and compliance? Are there specific things our audience should know about their Windows Server environments?
Absolutely. Assessment, as you rightfully mentioned, is very important stage. So this is where you have to set the baseline for your current and historical configuration of servers across the entire environment. And the more precise, the more specific you will be, the more beneficial it will be for you in the long run.
OK, well, surely native tools provide this level of visibility. Or do they?
Some of them provide some level of visibility for particular systems, but not overall. So for example, you might want to get like very simple reports regarding your configuration of your services or the list of installed software, But unfortunately, when you try to embrace that, like in a bigger picture, there are no tools that will let you do that. So all the tools are fragmented. You have to go to various tools to achieve certain tasks. There's no one single tool that would let you do that.
And also they do not provide you the level of information sometimes that you're looking for. So you really have to be either an expert in, for example, Microsoft Exchange and its scripting languages to pool that information and know what it actually means. Or you have to just lose information that you might need in the future.
Good insight, Alexey. Thank you. Obviously Dell Software has a reporting solution ideal for compliance assessment, Enterprise Reporter. Alexey, can you tell us why Enterprise Reporter is such a critical tool for IT compliance?
Absolutely. Enterprise Reporter is a perfect tool that actually closes all those gaps which I just mentioned. So, you don't have to be an expert in scripting. You don't have to be an expert in all the underlying systems that you need to report on. So, for example, you don't have to be a developer or the low-level administrator to know all the specifics of Active Directory, Active Directory permissions, or Windows file servers, and how access is managed in those systems.
So Enterprise Reporter comes with a library of predefined reports, which contain knowledge that you can use right away. It also provides a great deal of automation, so you can literally just schedule your reports with a single click, and they will be delivered to all of the people that need access to them, according to schedule. It'll be delivered either by email or uploaded to file share. And you don't really have to care about that, because as long as Enterprise Reporter is running you get reports.
It also is a very scalable solution. So, if you have like thousands of servers or just 10 servers, it doesn't matter, because Enterprise Reporter can scale out as needed to match your particular needs.
OK, good stuff. So, of course, Enterprise Reporter is one part of Dell's larger solution for governance, risk, and compliance. Can you tell us a little bit about Dell Software solutions for auditing, alerting, and remediation?
Sure. Dell governance, risk, and compliance solution portfolio is made of several products. And they deliver on different aspects of this life cycle. So it starts with assessment. And assessment is where you set the baseline, where you take snapshots of the current configuration, and going to save it for later comparison. This is where Enterprise Reporter is really very important tool.
Then it continues into auditing and alerting phase. And this is where you see how access is used throughout your environment. You try to spot the deviations and some abnormal activity of your users. So this is work tools like ChangeAuditor, a really important that keeps an eye on of what's going on in the environment.
Then we go into the remediation phase of the cycle. And this is where you remediate from all the unwanted, unplanned, or malicious changes made by either internal people or even external people that managed to get access to your environment. This is where tools like InTrust and ChangeAuditor with its both proactive protection against changes, or reactive remediation from changes come into play.
And lastly, we end with the management component of this. And this is where you need to have tools to provide you automated management capabilities, tools like reporting, tools like management of permissions. So we have products like Security Explorer and Enterprise Reporter again, that really help you automate that part of the process.
Thanks, Alexey. Good stuff.
Thank you for having me, Thom.
So, Alexey, where can our viewers reach you if they have any questions or