ACCESS INFORMER
Simplifying the analysis of user authorizations
Access Informer is a simple yet powerful solution to collect, analyze and monitor user authorizations across your key systems
Retake control of user authorizations across your key systems by improving:
KNOWLEDGE
Gain a comprehensive view of “who has access to what” across your key systems
Centrally collect, investigate and report on user authorizations
Get valuable insights and identify critical risks from excessive access
EFFICIENCY
Drastically reduce the effort and complexity in performing periodic reviews of user authorizations
Schedule extractions of user authorizations and automate analysis
Produce detailed analytics to redesign and simplify authorizations
GOVERNANCE
Maintain compliance ruleset within and across key systems
Visualize the status and evolution of risks and compliance violations
Provide key analytics to refine control objectives and set priorities on remediation activites
Average number of days to identify a breach in 2019
Source: IBM
%
Data breaches involving stolen credentials
Source: Verizon
Average total cost of a data breach is $3.86 million
Source: IBM
- Companies with 500+ accounts with non-expiring passwords 61%
- Companies with 1,000+ sensitive files not protected 58%
- Average number of stale user accounts 50%
Source: Varonis
Don’t become a statistic!
Next webinar
Day(s)
:
Hour(s)
:
Minute(s)
:
Second(s)
COLLECT AND CENTRALIZE
Capture snapshots of authorizations from SAP®, Active Directory® (AD), Network Shares, and SharePoint®
Schedule and automate the extractions and analysis of user authorizations
Requires only read access to collect user authorization information with no agent or code installed on the target systems
EXPLORE AND REPORT
Perform complex analysis off-line, without impacting the performance of production environments
Leverage built-in queries, intuitive drill-downs and 80+ predefined reports
Identify outliers, suspicious and excessive access
CLASSIFY AND PRIORITIZE
Centrally maintain criticality and tags of security assets
Maintain ownership and relationships between assets
Leverage the classification information in queries, ruleset and compliance reporting
MONITOR AND VISUALIZE
Maintain compliance rules, exceptions and mitigations
Monitor the status and evolution of the company user access risk and compliance posture
Compare snapshots of user authorizations within and across systems
ALERT AND RECOMMEND
Assign severity levels to security and compliance rules and security KPIs
Be notified of compliance violations after each extraction and analysis
CIO - Chief Information Officer
Reduce the risk from excessive user access to sensitive information and critical activities that could lead to fraud, data leakage or compliance issues
Extend the analysis and reporting capabilities of SAP GRC or implement an effective alternative solution at a reasonable cost
Achieve significant ROI by reducing the effort to perform complex analysis of user authorizations
Identify opportunities to reduce user license fees by identifying orphan/stale application accounts
CISO - Chief Information Security Officer
Regain control over ‘who has access to what’ by collecting and centralizing user authorizations across key systems
Apply a risk-based approach by enriching security assets with assigning criticality, tags and ownership information
Prevent incidents and frauds by timely identifying and remediating excessive or conflicting access to sensitive information and critical tasks
Safeguard sensitive security and vulnerability information by hosting the solution on-premise or on a private cloud
SAP Security Manager
Reduce compliance efforts by automating periodic analysis and reviews
Be able to assign the execution of complex analysis and controls to less experienced team members
Accelerate the compliance remediation effort by identifying the root cause for violations and evaluating possible corrective actions
Reduce the need for user testing during migrations/upgrades by identifying missing access
SAP Security Analyst
Perform highly complex analysis without impacting the performance of live environments
Gain significant time by leveraging an intuitive UI with predefined filters, reports, drill-downs, drag & drop, and contextual menus
Benefit from a highly scalable solution; built, tested and used by large companies with 50K+ user accounts
Evaluate the compliance impact from adding/removing roles to an SAP user account in real time
Audit Manager
Leverage predefined filters and custom reports to execute audit plans in a shorter time frame
Conduct audits without the need to gain access to the target systems and without performing time consumming manual downloads and analysis
Explore the user authorization information to identify possible concerns and recommendations
Compare snapshots to focus the audit on key changes to user authorizations since the previous review
Compliance Manager
Visualize the status and evolution of compliance violations
Review the quality of the compliance ruleset and identify incorrect or overly restrictive conditions
Restore snapshots of user authorizations to support investigations and eDiscovery activities
Facilitate the re-certification of user access by focusing on assets and activities flagged as most critical
Help Desk Manager
Accelerate the investigation of missing or excessive access without the need to access or logon to the target systems
Reduce the number of SAP roles or AD groups to maintain by identifying unused assets or opportunities to compress roles/groups
Assess the compliance impact from adding/removing SAP roles to a user during the provisioning process
IAM Project Manager
Support IAM implementations by providing key analytics to build the RBAC role based access model
Provide detailed reporting on the actual access rights, including the changes that may not have been processed through the IAM solution
Integrate a compliance check within the user provisioning process to ensure that the changes do not introduce additional risk that would need to be approved and/or mitigated
Access Informer brings significant added value to a number of key activities
PROVIDE GREATER ASSURANCE
That the access to sensitive information and activities is adequately restricted
That the access of employees that left the organization is timely removed across applications
That employees transferring to new positions within the company do not retain sensitive permissions
That segregation of duty conflicts are monitored within and across key applications
That user authorizations are timely modified to reflect and support organizational changes
ACCELERATE AD-HOC INVESTIGATIONS
Centrally investigate missing or excessive permissions without having to logon to the various target systems
Drill down and identify the root cause for excessive sensitive access and SOD conflicts and prioritize remediation
Simulate the compliance impact of modifying and removing specific SAP permissions
Leverage SAP User Transaction usage in analysis and reports to identify potential misuse of the access
REDUCE THE RISK OF FRAUD AND DATA LEAKAGE
Timely identify and remove excessive and unrequired access
Simplify the review of sensitive and conflicting access when employees change position within the organization
Identify and remove orphan application accounts, which are no longer linked to an active Active Directory account
Archive and restore snapshots of authorizations to support eDiscovery, audits and investigations
IMPROVE COMPLIANCE
Assess and improve compliance with SOX and GDPR
Demonstrate compliance to auditors with minimum effort
Perform quality reviews of compliance rules
Support re-certification of user authorizations
REDUCE OPERATIONAL COSTS
Identify opportunities to remove, merge and simplify authorization to lower maintenance cost
Assess the impact of removing authorizations and reduce the amount of testing required
Generate scripts to automate remediation activities
Review and optimize user licensing
SUPPORT CRITICAL PROJECTS
Provide detailed analytics on user authorizations to support key company projects and initiatives
Timely adjust authorizations with organizational changes, such as mergers, acquisitions, divestitures and outsourcing
Evaluate the risk of sensitive access and SOD conflicts throughout an implementation and prior to a cutover or go-live
SUBSCRIPTION
How is the pricing for the subscription determined?
- the number of user accounts being monitored
- the number of systems being extracted
- and the number of analysts using the Access Informer desktop application
Which type of companies is using Access Informer?
Who is the typical user of the solution within the company?
Can we conduct a trial of the solution in our environment?
INSTALLATION
Is the solution available on-premise?
Why is the solution not available as SaaS?
Does the extraction process requires any agents or code on the target systems?
How is the Access Informer Desktop deployed?
Installing and running the Access Informer desktop application onsly requires standard user rights on your workstation (i.e. no local administrator rights required).
Can the solution be deployed in Zero Trust environments?
Yes, the Access Informer solution can be deployed, and is currently used, in Zero Trust Environments.
The frontend can be accessed via a Citrix/VM environment.
Minimal network confirguration is required to enable the communication between the frontend and the SQL backend of the solution and between the backend and the target systems from which user authorization information is extracted.
Is the solution compatible with SAP S/4HANA?
Yes, the Access Informer solution can be used with most SAP releases from 4.6C to the latest S/4HANA version, with the exception of the Public Cloud edition of SAP S/4HANA.
The Public Cloud edition of SAP S/4HANA is currently restricted by SAP to only access the application through FIORI apps and does not provide any connectivity options such as RFC, SAP GUI or ODBC for integrations with in-house or third party applications.
Our mission is to help protect companies by providing unparalleled visibility over user authorizations and the timely identification of incorrect and excessive access to critical IT systems
SUBSCRIPTION
Annual or project-based subscription
Includes application installation, configuration, updates and support
Database configuration of MS SQL Server for hosting snapshots
Conduct initial training on Access Informer desktop application
Provide Managed Extraction Service (optional)
CONSULTING
Review the quality of GRC/compliance ruleset
Accelerate remediation effort for sensitive access and SOD conflicts
Development of custom connectors and .NET solutions integrated with SAP
Review and optimize SAP licensing
Provide training on SAP and AD Security and auditing
SECURITY ASSESSMENT
One week on-site security assessment, starting at CHF 12,000 all-inclusive
Produce additional reports and analytics to support any customer initiatives and projects
Conclude the week with a presentation of the key observations and recommendations
The cost of the assessment is deducted from the Access Informer annual subscription (if contracted within 6 months of the assessment)
DOWNLOAD
Company Presentation
Brochure
MAIN OFFICE
+41 (0) 41 588 07 32SALES OFFICE
CYRIL HAUPPERT
Founder / Director
15+ years of experience in IT Consulting, Audit and Security roles in large companies including Sun Microsystems, KPMG, Altria/Philip Morris and Kraft Foods
Combines Business Degree from ESCP Europe with IT Security expertise
Achieved key IT Security and Project Management certifications, including CISSP, CISA, CISM, CGEIT, CRISC, ABCP, and PMP
PIERRE-YVES CATTIN
Business Development Manager
Business Development and Innovation activities with 10+ years experience as Area Sales Manager in Multinational Listed Companies. 5 years as Project Manager.
B2B experience in technological sectors: Electrical equipment, sensors industry, rail, energy, automotive, process automation and power electronic sectors
ADAM KONIUSZEWSKI
Business Development Advisor
Fellow of Order of Chartered Professional Accountants of Quebec (Canada)
Chartered Financial Analyst (CFA)
Finance, risk management and audit/internal controls professional with fraud investigation experience and an international track record in Big Four / Fortune 100 and private-sector & non-profit board experience
MICHAEL FLÜHLER
Operations Advisor
Seasoned professional in the areas of management consulting and corporate finance
Extensive experience in management positions and leading strategic, international projects for renowned companies in the Financial Service, Consultancy and FMCG industries
Master in Economics and a master in advanced European Studies
ANTONIO FONTES
Technical Advisor
OWASP Geneva: Chapter leader
Web application threats and countermeasures
Secure development lifecycle
Penetration testing and vulnerability assessment
Software threat modelling and risk analysis
Access to technical resources for our customers and business partners
