ECM Modules

Security Update Manager (SUM)

	Datasheet: Security Update Manager (SUM)
	Datasheet: ECM for Active Directory

Security Update Manager (SUM), ECM's patch assessment and verification module, ensures continuous enterprise security for Windows platforms. SUM provides intelligent security patch assessment, remediation and verification and automatically alerts enterprises to security bulletins issued by Microsoft.

Using a comprehensive Configuration Management Database (CMDB), SUM instantly assesses entire networks to detect vulnerabilities and deploy required patches to all the target machines. By leveraging the vast repository of configuration information stored in the ECM database, users can quickly view the current configurations and patch status of the machines on their networks. Then, using remote patch distribution points and network administrative groups, enterprises can update their entire infrastructure using minimal bandwidth to machines - even inside a firewall-protected DMZ.

SUM supports delivery of security updates for over 100 Windows applications including Microsoft BackOffice, SQL Server, Exchange, Internet Explorer, and MDAC, to name a few. Also, SUM provides security remediation for Spanish, French and Danish Windows operating systems.

SUM

SUM's automated configuration change management and maintenance ensure that each machine conforms to the rigorous security and configuration settings defined by industry best practices and guidelines.

Patch Deployment is Just a Small Part of the Overall Compliance Process. Patching alone does not secure an enterprise – proper system configuration is the most effective way to lower risk.

By leveraging the vast repository of configuration information in Configuresoft's ECM CMDB, organizations can quickly conduct a pre-deployment assessment to ensure machines are configured correctly and minimum requirements are met prior to installing patches. This approach dramatically increases patch success rates in large enterprises and reduces the network bandwidth required to secure machines across the enterprise. Through ECM/SUM detailed assessment, exposure to enterprise vulnerability such as accounts without proper passwords, security services that are disabled or at the wrong version, and improper configuration settings are quickly identified and remediated. Once configured correctly, patches can be deployed natively with ECM/SUM or through third party tools like SMS or WSUS.

Assessment and Verification are Key; It’s Not Just About Pushing a Patch
To ensure first time success in patching Windows-based machines in your organization, SUM leverages assessment helpers developed by Configuresoft’s Center for Policy & Compliance. The Center researches and tests all Microsoft security packages prior to delivery and documents details on the actual files deployed and any configuration changes made to the system. SUM leverages the assessment helpers not only to determine which machines require patching (and avoid pitfalls that may inhibit effective patch deployment) but also to conduct a post deployment audit to ensure full compliance.

SUM Security Updates are generally available within 24 hours of Microsoft release and are automatically installed from the Configuresoft secure customer portal. After release, the SUM assessment helpers continue to provide protection by ensuring servers and workstations remain within full compliance. If a problem on the machine occurs due to the patch, ECM/SUM supports full patch rollback to the previous configuration state, thereby removing the risk associated with enterprise remediation.

Supercharging Your Existing Patching Solution
The keys to a good security remediation tool are coverage, speed and accuracy. Using ECM/SUM, enterprises can supercharge their existing patching solutions, improving performance in all three areas.

Using ECM/SUM together, organizations can quickly discover machines without patch and anti-virus clients installed. Once found, ECM/SUM can automatically install the missing service or application. If the client is found, it can quickly verify the service is at the correct version, that it is running and configured correctly.

ECM/SUM supports One-Click remediation from within compliance dashboards and charts, greatly simplifying the process between reporting and action. SUM assessment helpers provide independent auditing and verification of patch success.

 Related SUM Resources

Keeping the state of your enterprise known and configured correctly over time is not a trivial task. The dynamic nature of enterprises and the constant emergence of new vulnerabilities require the ability to balance IT Security and Operations compliance initiatives. The cost of failing to ensure the proper controls and patches are well known. For instance, it is estimated that the 'Code Red' virus cost organizations across the world $2.6 billion to control and remediate.

Why was 'Code Red' so successful in decimating over a quarter million servers, particularly when Microsoft pinpointed the potentially devastating effects of the virus and produced a patch for it more than a month before the first infections?

It's simple: IT departments just DO NOT have the tools and resources to immediately ensure every single application server in their enterprise is located, assessed and protected.

The Challenge

	Download: Compliance Checker
	Datasheet: ECM for Virtualization
	White Paper: EMA™ Advisory Note: Virtualization and Management
	Webinar Archive: Virtualization: Security and Compliance Considerations
	Podcast: Virtualization Does Have a Downside
	Podcast: Virtualization: Manage the Complexity

Virtualization platforms such as VMware ESX server delivers compelling benefits to organizations by enabling server consolidation, power/space savings in datacenter. To effectively manage and secure virtual environments, IT operations need enterprise level visibility into the entire environment. Organizations need to ensure that the rapid deployment does not turn into uncontrolled creation of new virtual servers resulting in a virtual server sprawl. Virtualized environments need to demonstrate compliance with government, industry and vendor standards. Gartner estimates that by 2009, 60% of production VMs will be less secure than their physical counterparts. Thus, hardening of virtual platforms against emerging threats becomes an important requirement for IT operations. To take full advantage of virtualization, IT operations need to revisit and refine their existing IT processes. Configuration, change and compliance management processes need to take into account the dependencies between host and guests in a virtual environment.

 The Solution

ECM for Virtualization extends the value of ECM to virtual environments. ECM for Virtualization helps organizations to effectively manage and secure virtual environments by providing enterprise visibility, control and compliance across entire VMware environment. ECM for Virtualization provides a central console to view the security posture of their virtual environments. Organizations can ensure compliance with various standards such as Center for Internet Security (CIS) benchmarks for VMware ESX server, VMware hardening guidelines, GLBA, HIPAA, Sarbanes-Oxley acts. ECM for virtualization provides at a glance view of all guests and their build details to ensure that all the deployed virtual servers are consistent and follow current IT standards. IT operations can prevent virtual server sprawl by having control over virtual environments. ECM for Virtualization helps IT to automate their common IT tasks and achieve a more efficient IT operational state.

Virtual Security Posture Dashboard

Top 10 Non-Compliant Virtual Environments

Change Management Dashboard

 Key Features

Virtualization Visibility

Includes graphical indicators of non-compliance issues across entire virtual environment. Dashboards provide a view of top 10 non compliant virtual environments, Host and Guest summaries, Virtual environment security posture.

Security Hardening and Compliance Toolkits

Provides out-of-the-box templates that address vendor and virtualization best practices, regulatory mandates and security hardening guidelines such as:

• CIS benchmarks for VMware ESX server
• VMware hardening guidelines for VMware ESX server and Virtual Center.
• HIPAA
• FISMA
• GLBA
• Sarbanes-Oxley(404)
• DISA STIG

Reporting

Out-of-the-box reporting on virtual environment change log, virtual Host and Guest summary, storage allocation, network configuration and more.

Guest/Host Relationship Correlation

Supports management and security compliance of each Guest, Host and the associated relationships across the entire virtualized landscape.

Visibility Into Dormant VMs

Assesses the security posture of dormant VMs before they can compromise the integrity of the overall infrastructure. By knowing the security posture of VMs before they went dormant will help you determine if they are vulnerable.

License Management

Provides a summary of license usage in virtual environments to aid with license management.

Secure Collection Architecture

Discovers and collects granular configuration details for VM Guest machines and their Hosts.

 Key Benefits

Secure Enterprise Visibility

A single pane of glass to view entire ESX server farm configurations, enabling you to control your entire ESX infrastructure.

Ensure Continuous Compliance

Proven approach ensures that hosts and guests remain in a continuous state of audit.

Understand Security Posture

Authoritative guidance that your security posture not only complies with vendor-specific hardening guidelines, but also with relevant regulatory mandates affecting your organization.

Enforce VM Build Policy

Detect and remedy guests that violate build policy such as minimum OS version.

Control Virtual Sprawl

Visually see the map of hosts and guests in your ESX farm to prevent creation of rogue virtual machines.

ECM for Active Directory®

	Datasheet: ECM for Active Directory
	Datasheet: Enterprise Configuration Manager

ECM (Enterprise Configuration Manager) for Microsoft® Active Directory® (AD) spans multiple domains and forests to collect configuration data, objects and changes to simplify AD management and automate compliance. Administrators using the module can quickly ensure role holder redundancy prior to server maintenance deactivation, receive alerts about changes to key AD groups, objects and attributes and proactively assure compliance with Microsoft AD best practices for security and operations.

 Visibility across the entire Active Directory environment, not just by server

ECM for AD addresses one of the biggest challenges facing organizations administering tens, even hundreds of AD servers – enterprise visibility. By consolidating and managing AD through ECM, this module simplifies troubleshooting by alleviating the need to traverse between multiple native tools and login to multiple domain controllers. Administrators make better decisions and save significant time because all relevant information is provided within a single report. Best of all, ECM for Active Directory's built-in tracking of directory changes assures IT managers that changes delegated to Administrators are in compliance with corporate standards, resulting in an effective, efficient and secure enterprise.

 Enhanced Security Management

ECM for Active Directory improves the overall integrity of your enterprise by providing continuous security assessment and change alerting on AD. With ECM for Active Directory, Administrators can easily:

• Track Access Control Entry (ACE) or other critical security based changes that may not have been approved or occurred outside designated change windows.
• View changes to group membership across AD servers within a single report.

 Automated Compliance Assessments

ECM for Active Directory assures the integrity of corporate information and lowers IT audit costs by providing automated compliance assessments against Microsoft Security Best Practice Guides, industry best practices and corporate policies. ECM for Active Directory leverages ECM's Compliance Toolkits, which contain rule-based templates, reports and dashboards that ensure compliance to security guidelines, regulatory mandates and corporate policies.

AD Change Management Dashboard

AD Configuration Information Dashboard

AD Compliance Results

Automated Change Reconciliation Through ECM Service Desk Integration

	Datasheet: ECM Service Desk Integration Solutions
	Datasheet: Enterprise Configuration Manager

ECM Service Desk Integration Solutions enable the automation of operational processes, linking change and configuration management, as well as automating the intersecting transitions from the change approval processes to the implementation and verification processes, and closing the loop back to the Service Desk to complete the entire change process.

• Automated discovery and creation of structured Requests for Change (RFCs)
• Delivery of accurate, actionable RFC decision support information
• Enterprise–wide, cross platform implementation of required RFC changes
• Rapid, comprehensive change audit verification
• Proactive reconciliation of planned from unplanned change (Delivered through ECM)
• Change management process effectiveness measurement

By linking configuration and change management processes, ECM Service Desk Integration Solutions delivers visibility and control of unauthorized changes and improves overall enterprise and component systems availability, security, and policy compliance. It provides audit verification the changes were made and most importantly, measures how well the internal change management process is working.

 ECM Service Desk Integration Solutions Features

• Connection to the leading Service Desk solutions by BMC, HP, CA, IBM, Oracle and others
• Flexible & extendable architecture delivers a workflow platform that quickly customizes the change management process to align with your organization