Protecting IT operations from both internal and external threats is one of the most critical forms of information security for any organization. Everyday news hits the wire about new system vulnerabilities, high profile data breaches and various other forms of exploits. Even more alarming is the ever-narrowing gap between the discovery of a new vulnerability and the time corresponding exploits appear. The advent of new exploits and regulatory pressures has introduced a new level of increasing complexity and forced most to question the effectiveness of their IT security strategy.
The key to maintaining an effective security strategy is understanding what is in your environment and who has access to what. Configuresoft’s Enterprise Configuration Manager (ECM) is literally the only tool that is scalable, non-intrusive, and powerful enough to accomplish this enormous and vital task, collecting configuration, asset and security information across your Windows, UNIX and Linux enterprise. By leveraging the information stored in the ECM's CMDB, IT administrators can assure that the policies they develop and actions they take are appropriate for the IT infrastructure that they actually have. The CMDB provides complete, continuous visibility of, and control into your environment.
Enforce Security Policies
Visibility into Security Events
- Configuresoft allows you to audit and enforce regulations, standards and internal policies across your enterprise with a click of a button
- Configuresoft allows you to assess, deliver and verify the patch status of all machines across the enterprise, and maintain an audit history of patch deployments
- Configuresoft allows you to identify and remediate security vulnerabilities and ensures the configuration of your systems to determine if they are vulnerable to attack based on pre-defined rules
- Configuresoft provides customizable reports and dashboards that allow drill-down to identify the full chain of change events for rapid detection and recovery
- Configuresoft reconciles expected change activities with actual changes and alerts you on changes that were unauthorized or performed incorrectly
- Configuresoft allows you to operationalize security best practices delivered in Center for Policy & Compliance toolkits including, PCI, SOX, HIPAA, GLBA, ISO 17799/27001, NERC/FERC, FISMA, DISA, FDCC, CIS Benchmarks for Windows, MS Hardening Guidelines, VMware Hardening Guidelines and more
Ongoing security management is not a "set it and forget it" process. In large organizations, changes inevitably cause security configurations to "drift" over time. Adding software patches, fixes, and updates often causes modifications to revert to their original settings. To ensure that your security policies are enforced, you must audit your systems continuously.
A good security configuration management (SCM) tool allows you to audit and enforce your standards across your enterprise with relatively little effort.
ECM offers the following analysis and reporting features:
- Identify critical trends and conditions using pre-defined template and reports
- Track performance against desired objectives
- Automatically publish reports to communicate the results delivered by IT
- Provide both pre-defined and customizable usage reports to pinpoint problems, assist in root cause analysis and produce historical trending information
ECM and Continuous Auditing
Auditing requirements are changing. No longer is it "good enough" to perform semi-annual or annual audits on a handful of systems. Regulatory mandates and IT best practices are forcing a new paradigm: the need to ensure business continuity on a continuous basis. This means that IT needs to understand exactly how existing configurations compare to the desired state at all times. In essence, IT needs a Configuration Intelligence™ tool focused on technology that posesses the breadth needed to pass today's tough audits.
ECM provides this level of visibility. With ECM, you have a Continuous State of Audit of all settings from all machines. No need to commit precious IT resources and interrupt daily workloads getting ready for an audit. All the information you need is right at your fingertips.
ECM's dashboards and report provide an enterprise level visibility into the configuration of your systems. Clicking an area of interest drills down to the supporting detail necessary to build a remediation plan. Performing system and security compliance remediation actions within ECM is simple. Whether it’s rollback of planned or unplanned changes, deploying a security patch, closing vulnerability by enforcing configuration values, or even removing a software application, ECM easily accomplishes the task with a single click.
ECM and Comprehensive Reporting
ECM helps you visualize and understand important trends across the enterprise. Interactive charting for on-the-fly analysis, consolidated event and performance data reporting, and a comprehensive set of performance data reports help you measure and manage the effectiveness of your IT assets.
ECM consistently and proactively installs patches to eliminate areas of potential weakness. Leveraging ECM's extensive CMDB to perform the vulnerability assessment, patches are installed at an enterprise level rather than machine-by-machine. ECM automatically discovers new systems and tracks configuration changes at scheduled intervals to ensure the latest patch information is available.
ECM is quite simply the most scalable and effective patch assurance solution available, utilizing the ECM CMDB to quickly and efficiently analyze all of the machines in your environment.
Because ECM can automatically group machines by function or role (SQL, IIS, workstation, application, OS type etc.), ECM can help the administrator test the patches across varying configurations. Available for Windows, UNIX and Linux systems, ECM is the essential tool for continuous patch delivery and verification across heterogeneous enterprises.
Patch Assurance Visibility ECM continuously updates the patch status of all machines across the enterprise, and maintaining an audit history of patch deployment.
To ensure ongoing patch compliance, ECM can be easily configured to raise an alert or take an automated action if a new machine is discovered, that is non-compliant or if an existing machine falls out of compliance.
Click here to learn more about ECM's Security Update Manager (SUM) for patch assurance
ECM and Vulnerability Assessment
ECM is not defined as a Vulnerability Scanner, but rather, is considered a Vulnerability Assessment tool. The primary distinction is that ECM does not attempt to run "live" tests against your system. For example, ECM does not try to gain entry into remote machines via brute force password attacks.
ECM performs vulnerability assessment in two forms: Patch Assessments and Compliance Runs. ECM, with SUM, can easily assess the vulnerability associated with a given Microsoft Bulletin. Compliance scans are assessments as well. They assess the configuration of your systems to determine if they are vulnerable to attack based on pre-defined rules.
ECM's biggest strength in this area is the database. Both types of assessments are run against the ECM CMDB to ensure that all machines, on or off the network, are included in the assessment, thus avoiding the network overhead associated with yet another scan of the network.
ECM and Vulnerability Remediation
Security Configuration Management (SCM) is the ongoing configuration maintenance that is associated with security. SCM tools are proactive in nature, because they can fix vulnerabilities before problems occur. SCM is comprised of patch management, system hardening, security operations, and security auditing.
Because ECM can touch one, one thousand, or any number of your machines, it can automate SCM tasks. The great thing about ECM is that you don't need to script. Simple wizards guide the user through making changes across any number of machines on which they have been granted access.
Obviously this type of change capability is powerful, but it can also be dangerous. So, ECM contains the concept of User Roles that govern a user's access to machines, data, and change capabilities. So, you can limit what any user can see and do within ECM to a very granular level. For example, don't confuse Senior Managers with an Admin interface. When they login, take them directly to Compliance Reports that show the degree of compliance across the enterprise. Or, send a Help Desk Administrator directly to User password settings.
With powerful functionality safely guarded by the User Roles, your most capable Administrators can easily perform periodic (i.e.,weekly or monthly) security operations in minutes instead of hours or days. ECM automates such tasks as:
- Change the Local Administrator password on all machines
- Change the password of critical Service accounts
- Disable Guest accounts on all machines
- Change Registry settings on all machines
- Modify all Audit settings across the enterprise to ensure a consistent and thorough audit trail
- Stop the IIS Service on all non-production or otherwise approved servers.
Performing these tasks on a regular basis is a fundamental part of securing your network. However, without scalable, automated tools, these items are usually considered impossible in large environments and often go undone.
Securing a complex IT infrastructure is no small task. The most important first step in creating the "right" security strategy for your organization is to create and document your processes. Once your processes are documented, you must create and document your strategy for securing those processes from end to end, and provide audit data that proves your controls were in place and adequate. Tools will then be necessary as a means to implement and audit your security strategy.
An important part of a sound security policy must include the technical controls that will be enforced to ensure that your data and infrastructure is secure. That means giving the right people the right access to the right information.
The final step to any sound security policy is implementation. Effective Security policies continuously assess and remediate enterprise systems. By ensuring a continuous state of compliance, organizations can proactively eliminate threats which exploit system drift and shift, ensure ongoing compliance and enjoy the benefits of a reliable, responsive and cost-effective IT infrastructure.
So, how do you do that across an ever increasingly complex infrastructure?
While the answer is not black and white, the industry agrees that the technical controls set forth in security checklists and hardening guidelines from industry recognized leaders and experts such as NSA, NIST, CIS, SANS, and operating system vendors is crucial to any security strategy.
Not only is it a "good idea" for IT to embrace these standards, but it is also necessary for meeting requirements set forth by auditors and regulatory mandates. This is good news for any IT organization because it means that the regulatory and audit pressures are addressed by implementing sound processes along with industry recognized best practices.
Configuresoft's Center for Policy and Compliance (CP&C), an organization comprised of industry security experts in policy creation and enforcement, is dedicated to creating specific ECM solutions centered on these industry best practices. The solutions are delivered as compliance toolkits for ECM customers.
Configuresoft currently supplies the following best practice toolkits for ECM customers:
- PCI DSS
- SOX
- HIPAA
- GLBA
- NERC/FERC
- ISO 17799/27001
- FISMA
- DISA
- FDCC
- CIS Benchmarks for Windows
- Microsoft Hardening Guidelines
- VMware Hardening Guidelines