from Kristen Palazzolo (CA) to Everyone:
Hi! Welcome!
from Kristen Palazzolo (CA) to Everyone:
We'll get started in a couple minutes.
from Kristen Palazzolo (CA) to Everyone:
Let's get started!
from Kristen Palazzolo (CA) to Everyone:
Hi everyone - my name is Kristen Palazzolo and am the Community Manager for CA Security.
from Steven McCullar to Everyone:
Hi @Bill Alger
from Kristen Palazzolo (CA) to Everyone:
Today's Office Hours sessions covers CA Privileged Identity Manager, CA Privileged Access Manager (formerly XSuite by Xceedium) and CA Shared Account Manager.
from Kristen Palazzolo (CA) to Everyone:
If you've got a question - any question - about one of these products, ask away right here in the chat window.
from Kristen Palazzolo (CA) to Everyone:
Please RT to invite others to join -> https://twitter.com/CA_Community/status/741267513464508417
from Kristen Palazzolo (CA) to Everyone:
@Bill Hi there! Thanks for joining today!
from Kristen Palazzolo (CA) to Everyone:
@Bill Do you have a question for our product team?
from Kristen Palazzolo (CA) to Everyone:
@Santiago Hi! Thanks for joining today!
from Bill Alger to Everyone:
@Kristen Not really. I was hoping to see what problems others are running into and learn from them. My only item would be an enhancement that would not go through this channel.
from Kristen Palazzolo (CA) to Everyone:
@Bill - Are you referring to this idea? https://communities.ca.com/ideas/235729583
from santiago to Everyone:
Even if it is probably a question on another product, let me know if our identity management solutions can solve a problem of management of digital certificates that will be used to encrypt PDFs client files.
In the past we had a solution called signfort but was discontinued.
from Bill Alger to Everyone:
Actually it is a different one. Control Minder can do HIPS/HIDS functions easily. Itcan also do some FIM functions that are required for PCI, FFIEC, SOX, and GLBA.
from Kristen Palazzolo (CA) to Everyone:
@Bill - If you have a new idea, please submit it in the Community and we will review it.
from Bill Alger to Everyone:
I will.
from Shahn Soomro (CA) to Everyone:
@Santiago..you are correct..signFort was discontinued ..and presently we do not have a solution/product that addresses the Certificate Management functionality
from Steven McCullar to Everyone:
@Bill, what is the idea?
from Kristen Palazzolo (CA) to Everyone:
@Santiago - We're looking for new solution ideas in the Innovation Exchange which is being run by our CTO, Otto Berkes. Please post your idea here:
from santiago to Everyone:
thanks
from Bill Alger to Everyone:
So PIM can do HIPS/HIDS really well. It does some FIM functions that are required for PCI, FFIEC, SOX, GLBA, etc. The one thing needed in FIM that it doesn't do is report what changed within the file.
from Bill Alger to Everyone:
What I would like to see is a function where, if you set up a file monitor for FIM, build in an option backup function for text files, and have it do a side by side diff of the files.
from Bill Alger to Everyone:
When a file changes, you can not only see the sha, hash, permission changes, but now can see what they changed.
from Steven McCullar to Everyone:
@Bill, got it thanks
from Bill Alger to Everyone:
This could replace much of the FIM functions Tripwire does and place this tool into a new market share.
from Bill Alger to Everyone:
@Steven. Thanks.
from santiago to Everyone:
returning to PAM, is there a best practice or recommendation for the minimal architecture design (2 gateways as example) for when the customer want a hybrid implementation,
It´s say when the regular admin access directly to servers but other user (like 3rd partys) need access, but does it thru PAM,
I thinking in small customers.
from Shahn Soomro (CA) to Everyone:
@Santiago.. The scenario you describe can be implemeted easily by having two different policies. Where regular admins group is given access to accounts passwords via PVP and external admins are provided federated SSO (without sharing password). Does that address your scenario
from Shahn Soomro (CA) to Everyone:
@Santiago.. in the above solution.. regular admins can go directly to endpoint after checking out password from PAM.. but they still have to get password frm credential vault ..because we are securing it there.
from santiago to Everyone:
Ok, so now I understand.
Some customers are worried because PAM becomes a single point of failure, but being small businesses consider scenarios that do not involve several gateways.
We understand that it is not ideal, but I wanted to know his position.
from santiago to Everyone:
So, we could put HA for the vault without need severals getaways,
That is possible?
from Shahn Soomro (CA) to Everyone:
@ Santiago.. PAM provides SUPERB high availability with built-inactive/active clustering, in place backup/restore etc so even with just two appliances you can created a VERY highly available system, that is one of the key advantage you have with us vs. the competetion.
from Kristen Palazzolo (CA) to Everyone:
10 minutes left! Get your final questions in now!
from Kristen Palazzolo (CA) to Everyone:
Thank you for joining Office Hours today!
from Kristen Palazzolo (CA) to Everyone:
See you again next month. I'll be posting the date and time in the CA Security Community soon.