IT Security – Real Time View for Compliance

As many of us know IT Security plays an integral role in making sure the enterprise is secure.  The challenges are plentiful. Between managing the end points to hardening the Servers, both internal and public facing, securing the enterprise is never ending.
With FootPrints Asset Core these challenges are more manageable. The ability to centrally view and manage these requirements from a single console can reduce man hours and ensure compliance. We will explore just a few of the possibilities.
Starting with one of the biggest challenges let’s begin with the DMZ public facing servers. Using a device in the DMZ and getting an agent installed on that OS (Windows or Linux) we can enable that device to preform scans of all network IP ranges assigned in the DMZ. These scans will allow the IT Security Staff to peer inside the DMZ to ensure no unauthorized devices have been inadvertently assigned to the DMZ. Furthermore, with FPACs ability to perform agentless inventory the IT Security staff can see what hardware, software and security settings are on each device.  This works with both physical and virtual devices. Once a scan has been completed this device can also perform agent deployments to all other devices in the DMZ easily and seamlessly. Once the agents have been deployed ALL changes to both software and hardware is captured and stored in the central database.
Detailed History of Software Changes
 
This allows forensic analysis for all changes made by any security updates or manual software installs over the life of that server. There are four views. Complete History, Updated Objects, Deleted Objects and New Objects.
Another compelling benefit is the ability to Patch these devices without having to open up multiple ports to the enterprise WAN. Using only two ports FPAC has the ability to patch, deploy software and even remote control these devices including Linux devices. Ensuring these public facing Servers are current on their patches is a huge step in meeting IT compliance.
The Compliance Module allows IT Security Staff to create specific guidelines using real time queries to validate that each of these Servers meet the compliance rules and if they do not then automated operational rules can be run against non-compliant devices to bring them back to a compliant state. An example of this would be to create a compliance rule that states the end point anti-virus DAT is no older than 7 days. Once that DAT file is older than 7 days old an Operational Rule is run against that device to UPDATE that DAT file. If for some reason the DAT file is not able to update is remains in the non-compliance group which then becomes viewable from the console and a report can be emailed to IT Security revealing the non-compliant state that device is in.
 
Criteria:

SQL Criteria Builder

SQL Criteria Builder


 
Results:
Results Chart

Results Chart


Once devices are not compliant they are populated into a non-compliance device group where an Operational Rule is assigned to all devices that are members of this group.
 
Operational Rule:
Build the Operational Rule

Build the Operational Rule


In the event the Operational Rule fails to be able to get a current version of the DAT file the device will remain in this device group. A report can be assigned to this device group to be run on a daily basis or more frequently if you desire and sent to any person, persons or a Distro List.
 
Report:
Compliance Report

Compliance Report


I will follow up with additional post to show the benefits of using FPAC to enhance the ability to manage compliance requirements for IT Security.
by Steve Gibbs, RightStar Systems

2013-03-22T14:18:42+00:00March 22nd, 2013|FPAC|