Increases endpoint security with continuous compliance for all endpoints

New and increased governance both internal and external to organisations are forcing companies to invest a lot time and money both implementing new security policies and proving compliance to existing policies.  Some companies are still finding it difficult to implement some of the most fundamental IT security policies, such as:

  • Maintain secure systems.
  • Security patch management and security updates for major operating systems.

Even when the right security policies are in place companies often find it difficult and time consuming to provide evidence of compliance.

The IBM® BigFix (Endpoint Manager) Security configuration & Vulnerability Management software provides the ability to assess and enforce security policies on all systems running the BigFix agent.  It provides an out of the box security patch management solution and default security configuration policies that can be applied to Windows, Unix, and Linux platforms that will assist companies in maintaining secure systems. Compliance of systems to enforced security polices can also be monitored in real time through the reporting tools.

disa-stig-compliance-cat1-winxp-remediated-sm

How does Security Configuration Management (SCM) work?

BigFix SCM works by providing industry standard checklists that security teams can use to define security parameters and configurations to suit corporate policy.  The following example shows how to:

  • Define a custom company security configuration policy
  • Report compliance against newly defined company security configuration policy.
  • Remediate non-compliant security policies
  • Report after remediation against company security policy

Define a custom company security configuration policy

In this example the target endpoint is a Windows XP client, we are going to create a custom company policy containing the CAT 1 severities from the DISA STIG (Defence Information Systems Agency - Security Technical Implementation Guide)  for Windows XP. In the following picture we have created a custom site SCM-CAT1-DISA-STIG-XP within the security domain, we have subscribed all Windows XP clients to this site. The relevant CAT 1 security fixlets have been copied into the site to make up our company standard.

security-configuration-standard

 

security-configuration-report

Report on compliance to custom company security policy

Using the built in SCM compliance reporting, we can create a report based specifically on our newly created custom company security policy.  The following picture shows a list of available custom reports.

Selecting the report displays the current state of compliance to our new custom security configuration policy.

It can be seen from the above report that the Windows XP client is not compliant with the new custom security policy that we have created.

Remediate non-compliant security configuration settings

Using the built in fixlets we can take actions to correct the non-compliant security configurations.  The following picture shows the action for correcting the non-compliance for the "Annoymous enumneration of SAM accounts and shares".

Non-compliance to security policies should be remediated through Group Policy or using a fixlet to modify local security policy.

Report on compliance after remediation

After all security setting have been remediated, we can run the custom security configuration report again to check our current state of compliance.

take-action-remediate-policy-sm

Conclusion

Maintaining secure systems and keeping security patching up to date on all IT systems should be the minimum requirements for a company's IT security policy.  Using Tivoli Endpoint Manager SCM, company wide security policies can be enfored and reported on in real time.

 

Twitter Feed

OrbData RT @OrbData: If you missed our #IBMInterConnnect session "NOI: Achieving IT Operations Efficiency" please come to stand 167 & we'll send y…
OrbData If you missed our #IBMInterConnnect session "NOI: Achieving IT Operations Efficiency" please come to stand 167 & we'll send you the slides

Address

Address:
100 Longwater Avenue, Green Park, Reading, RG2 6GP, U.K.
Tel:
+44 (0) 118 945 0130
E-Mail:
This email address is being protected from spambots. You need JavaScript enabled to view it.

markerFind on Google Maps

About Us

Orb Data brings together People, Process and Technology to deliver the cornerstone of business success: the management of IT infrastructure. At our heart are our people. We have unrivalled experience, helping us to achieve an enviable reputation for excellence in project delivery. Because we’re independent, we identify actual issues and help organisations resolve them –from spec to deployment, and beyond –providing the right solution in terms of best of breed technology and support. We offer a refreshingly simple approach to the way we conduct business. We take pride in our abilities to provide first class solutions to business problems, and to conduct working relationships with honesty and integrity.

Follow Us On:

JoomShaper