Server Advisor
NOW AVAILABLE: Server Advisor for UNIX
Server Advisor, SCM's patch assessment and verification module, ensures continuous enterprise security for Windows, Linux and UNIX platforms. SUM provides intelligent security patch assessment, remediation and verification.
Using a comprehensive Configuration Management Database (CMDB), Server Advisor instantly assesses entire networks to detect vulnerabilities and deploy required patches to all the target machines. By leveraging the vast repository of configuration information stored in the SCM database, users can quickly view the current configurations and patch status of the machines on their networks. Then, using remote patch distribution points, enterprises can update their entire infrastructure using minimal bandwidth to machines - even inside a firewall-protected DMZ.
Server Advisor for Windows supports delivery of security updates for over 100 Windows applications including Microsoft BackOffice, SQL Server, Exchange, Internet Explorer, and MDAC, to name a few. Also, Server Advisor provides security remediation for Spanish, French and Danish Windows operating systems.
Server Advisor Assessment
Server Advisor for UNIX delivers a cost-effective way to quickly, accurately and securely deliver and monitor system patches across your UNIX & Linux infrastructure. Along with Server Advisor for Windows, you can protect your entire
enterprise. Server Advisor for UNIX provides intelligent security patch assessment, delivery and
verification. Server Advisor for UNIX supports patch assessment, deployment and compliance across Solaris, AIX, RedHat and SUSE Linux environments.
Server Advisor's automated configuration change management and maintenance ensure that each machine conforms to the rigorous security and configuration settings defined by industry best practices and guidelines.
Patch Deployment is Just a Small Part of the Overall Compliance Process
Patching alone does not secure an enterprise – proper system configuration is the most effective way to lower risk.
By leveraging the vast repository of configuration information in the Server Configuration Manager's CMDB, organizations can quickly conduct a pre-deployment assessment to ensure machines are configured correctly and minimum requirements are met prior to installing patches. This approach dramatically increases patch success rates in large enterprises and reduces the network bandwidth required to secure machines across the enterprise. Through SCM/Server Advisor detailed assessment, exposure to enterprise vulnerability such as accounts without proper passwords, security services that are disabled or at the wrong version, and improper configuration settings are quickly identified and remediated. Once configured correctly, patches can be deployed natively with SCM/Server Advisor or through third party tools like SMS or WSUS.
Assessment and Verification are Key; It's Not Just About Pushing a Patch
To ensure first time success in patching Windows-based machines in your organization, Server Advisor for Windows leverages assessment helpers developed by the Center for Policy & Compliance. The Center researches and tests all Microsoft security packages prior to delivery and documents details on the actual files deployed and any configuration changes made to the system. Server Advisor leverages the assessment helpers not only to determine which machines require patching (and avoid pitfalls that may inhibit effective patch deployment) but also to conduct a post deployment audit to ensure full compliance.
Server Advisor Security Updates for Windows are generally available within 24 hours of Microsoft release and are automatically installed from the secure customer portal. After release, the Server Advisor assessment helpers continue to provide protection by ensuring servers and workstations remain within full compliance. If a problem on the machine occurs due to the patch, SCM/Server Advisor supports full patch rollback to the previous configuration state, thereby removing the risk associated with enterprise remediation.
Unix Patch Dashboard
Server Advisor Security Updates for UNIX platforms are available based on vendor defined criticality and customers can use Server Advisor for UNIX to deploy the downloaded patches to their environment. Server Advisor for UNIX supports a proven patch assurance process that checks that the patch is not already installed since last assessment, performs custom pre-deployment steps, deploys the patch, performs custom post-deployment steps and performs verification that the patch deployment was successful.
Supercharging Your Existing Patching Solution
The keys to a good security remediation tool are coverage, speed and accuracy. Using SCM/Server Advisor, enterprises can supercharge their existing patching solutions, improving performance in all three areas.
Using SCM/Server Advisor together, organizations can quickly discover machines without patch and anti-virus clients installed. Once found, SCM/Server Advisor can automatically install the missing service or application. If the client is found, it can quickly verify the service is at the correct version, that it is running and configured correctly.
SCM/Server Advisor supports right-click remediation from within compliance dashboards and charts, greatly simplifying the process between reporting and action. Server Advisor assessment helpers provide independent auditing and verification of patch success.
The Challenge
Virtualization platforms such as VMware ESX server delivers compelling benefits to organizations by enabling server consolidation, power/space savings in datacenter. To effectively manage and secure virtual environments, IT operations need enterprise level visibility into the entire environment. Organizations need to ensure that the rapid deployment does not turn into uncontrolled creation of new virtual servers resulting in a virtual server sprawl. Virtualized environments need to demonstrate compliance with government, industry and vendor standards. Gartner estimates that by 2009, 60% of production VMs will be less secure than their physical counterparts. Thus, hardening of virtual platforms against emerging threats becomes an important requirement for IT operations. To take full advantage of virtualization, IT operations need to revisit and refine their existing IT processes. Configuration, change and compliance management processes need to take into account the dependencies between host and guests in a virtual environment.
The Solution
SCM for Virtualization helps organizations address the complexities associated with security and compliance in virtualized environments. SCM for Virtualization provides
visibility, control and management across the VMware infrastructure from a central console by extending VMware VirtualCenter with compliance capabilities. Using SCM for Virtualization, customers can understand the security posture to comply with VMware™ hardening guidelines and other applicable regulations such as PCI-DSS, Sarbanes-Oxley, GLBA, HIPAA and ISO. SCM for Virtualization enables organizations to enforce VM build policy and gain control over virtual server sprawl.
Virtual Security Posture Dashboard |
Top 10 Non-Compliant Virtual Environments |
Change Management Dashboard |
Key Features
- Virtualization Visibility
- Includes graphical indicators of non-compliance issues across entire virtual environment. Dashboards provide a view of top 10 non compliant virtual environments, Host and Guest summaries, Virtual environment security posture.
- Extend VMware VirtualCenter for Compliance
- By using the VirtualCenter Compliance plug-in, you can view compliance of your VMware environment from within VMware VirtualCenter and launch SCM in context.
- Security Hardening and Compliance Toolkits
- Provides out-of-the-box templates that address vendor and
virtualization best practices, regulatory mandates and security hardening guidelines such as:
- CIS benchmarks for VMware ESX server
- VMware hardening guidelines for VMware ESX server and Virtual Center.
- HIPAA
- FISMA
- GLBA
- Sarbanes-Oxley(404)
- DISA STIG
- NERC/FERC
- Reporting
- Out-of-the-box reporting on virtual environment change log, virtual Host and Guest summary, storage
allocation, network configuration and more.
- Guest/Host Relationship Correlation
- Supports management and
security compliance of each Guest, Host and the associated relationships across the entire virtualized landscape.
- Visibility
Into Dormant VMs
- Assesses the security posture of dormant VMs before they can compromise the integrity of the overall
infrastructure. By knowing the security posture of VMs before they went dormant will help you determine if they are vulnerable.
- License Management
- Provides a summary of license usage in virtual environments to aid with license management.
Key Benefits
- Secure Enterprise Visibility
- A single pane of glass to view entire ESX server deployments, enabling you to control your entire ESX infrastructure.
- Ensure Continuous Compliance
- Proven approach ensures that hosts and guests remain in a continuous state of compliance. Make compliance
part of daily operational processes.
- Understand Security Posture
- Authoritative guidance that
your security posture not only complies with vendor-specific hardening guidelines, but also with relevant regulatory mandates affecting your
organization.
- Enforce VM Build Policy
- Detect and remedy guests that violate build policy such as minimum OS
version.
- Control Virtual Sprawl
- Visually map the virtual infrastructure
and track the life cycle of virtual hosts and guests.
SCM for Active Directory®
SCM (Enterprise Configuration Manager) for Microsoft® Active Directory® (AD) spans multiple domains and forests to collect
configuration data, objects and changes to simplify AD management and automate compliance. Administrators using the module can quickly ensure
role holder redundancy prior to server maintenance deactivation, receive alerts about changes to key AD groups, objects and attributes and
proactively assure compliance with Microsoft AD best practices for security and operations.
Visibility across the
entire Active Directory environment, not just by server
SCM for AD addresses one of the biggest challenges facing organizations administering tens, even hundreds of AD servers – enterprise
visibility. By consolidating and managing AD through SCM, this module simplifies troubleshooting by alleviating the need to traverse between
multiple native tools and login to multiple domain controllers. Administrators make better decisions and save significant time because all
relevant information is provided within a single report. Best of all, SCM for Active Directory's built-in tracking of directory changes assures
IT managers that changes delegated to Administrators are in compliance with corporate standards, resulting in an effective, efficient and secure
enterprise.
Enhanced Security
Management
SCM for Active Directory improves the overall integrity of your enterprise by providing continuous security assessment and change alerting on
AD. With SCM for Active Directory, Administrators can easily:
- Track Access Control Entry (ACE) or other critical security based changes that may not have been approved or occurred outside designated
change windows.
- View changes to group membership across AD servers within a single report.
Automated Compliance
Assessments
SCM for Active Directory assures the integrity of corporate information and lowers IT audit costs by providing automated compliance
assessments against Microsoft Security Best Practice Guides, industry best practices and corporate policies. SCM for Active Directory leverages
SCM's Compliance Toolkits, which contain rule-based templates, reports and dashboards that ensure compliance to security guidelines, regulatory
mandates and corporate policies.
AD Change Management
Dashboard |
AD Configuration Information Dashboard |
AD Compliance Results |
Automated Change Reconciliation Through SCM Service Desk Integration
SCM Service Desk Integration Solutions enable the automation of operational processes, linking change and configuration management, as well as
automating the intersecting transitions from the change approval processes to the implementation and verification processes, and closing the loop
back to the Service Desk to complete the entire change process.
- Automated discovery and creation of structured Requests for Change (RFCs)
- Delivery of accurate, actionable RFC decision support information
- Enterprise–wide, cross platform implementation of required RFC changes
- Rapid, comprehensive change audit verification
- Proactive reconciliation of planned from unplanned change (Delivered through SCM)
- Change management process effectiveness measurement
By linking configuration and change management processes, SCM Service Desk Integration Solutions delivers visibility and control of
unauthorized changes and improves overall enterprise and component systems availability, security, and policy compliance. It provides audit
verification the changes were made and most importantly, measures how well the internal change management process is working.
SCM Service Desk
Integration Solutions Features
- Connection to the leading Service Desk solutions by BMC, HP, CA, IBM, Oracle and others
- Flexible & extendable architecture delivers a workflow platform that quickly customizes the change management process to align with
your organization
