|
 |
||
Agentless Auditing and Remediation Provides an agentless system security audit and compliance solution for Windows, UNIX and Linux operating systems, which reaches thousands of systems. This is perfect for auditing desktops.
Benefit - Eliminates the expense, risk, and time associated with deploying new software agents on every system. Eases deployment and improves performance, scalability, and management. It also simplifies maintenance and upgrades.
Agent-based Auditing and Remediation If an agentless solution is not deployed, then a target-resident agent may be used. Agents may be appropriate for highly secured machines in a DMZ or in low bandwidth networks. This is perfect for auditing servers. The agent integrates with existing corporate directories.
Benefit - Ensures system security policy compliance even in the most highly secure environments where networking services are disabled or where incremental network bandwidth usage is limited. SecurityExpressions Agents do not require administrative access. Auditing and remediation privileges are controlled via groups with integration into corporate directory services such as Active Directory and NT Domain Groups for Windows, and local groups and NetGroups (NIS, NIS+, LDAP, etc.) for UNIX.
Mix and Match Agentless & Agent-Based SecurityExpressions includes the best of both worlds with an agentless and agent-based solution for auditing and remediation, allowing users to mix and match deployment to meet the specific demands of the network and the organization.
Benefit - Gives customers the flexibility to deploy an auditing solution that works in their environment and with their architecture.
return to top
Audit-On-Connect Audit systems as they connect to a network – either directly or over a VPN. It will pick up systems missed in a scheduled audit the next time they connect, and these audits can be performed with or without an agent.
Benefit - Ensures all systems can and will be included in an audit, including remote users.
return to top
Web-based Management Offers audit task scheduling, interactive viewing of audit results from Internet Explorer, creation of audit reports using Crystal Reports templates from Internet Explorer, and secure access to audit and compliance functions. Automatic updates of policies, such as antivirus status, patch status and vulnerabilities, are supplied from the Altiris library.
Benefit - Provides ease of use through a centralized, Web-based management of core system security audit and compliance functions.
return to top
Integration of AuditExpress This Vulnerability Audit solution is incorporated into SecurityExpressions, offering system audits for Windows, UNIX, and Linux desktops, laptops and servers, using a pre-defined list of built-in system security checks. AuditExpress audits for all seven of the existing security check categories: antivirus status, security patches, industry-known vulnerabilities, personal firewall status, system security configuration settings, unauthorized software and unauthorized hardware.
Benefit - Combines the traditional functions of a vulnerability scanner and the core features of an audit tool – providing the most comprehensive functionality. Organizations now have the flexibility to perform a basic system security assessment or run a full audit for policy compliance depending on their needs.
return to top
Distributed Proxy The distributed proxy allows audits, application of settings, and patches of systems to occur at remote sites located across a firewall or the Internet.
Benefit - Improves scalability and reduces administrative costs by enabling one central console to manage multiple systems in remote locations.
return to top
Comprehensive Reporting SecurityExpressions contains built-in and customizable reports, which are capable of being exported to Word/Excel, HTML, tab-delimited, Adobe PDF, etc. Benefit - Crystal Reports adds more robust and customizable reporting.
ODBC compliance allows for comprehensive reporting, customization, and data correlation through corporate database tools.
Detailed reports provide proof of compliance for system audits as well as adherence to industry regulations.
System Security Policy Compliance Asset Classification Benchmarking Benchmarking provides a single measurement of overall audit compliance status. Therefore, all levels of IT management can work from a single number as a percentage of compliance.
- Report with weighted average
- Rules are Low, Medium, High – a weighted % can be added to create a weighted average
- Weight systems based on importance or function.
Benefit - Benchmarking ensures that all levels of management are working from the same standard of compliance measurement; it aids in management understanding and efficiency.
Customizable Industry Best Practice Policies Industry system security best practices policy files are included with SecurityExpressions. These system security policy files can be customized on a rule by rule basis to suit specific needs.
Benefit - Ensures that users can audit and implement any necessary best practices policy changes within minutes of installation. These include:
- SANS Step-by-Step Guide
- Microsoft Security Operations Guides
- NSA (National Security Administration) Best Practices
- NIST (National Institute of Standards and Technology)
- CIS (Center for Internet Security)
- IBM's Guidelines for Hardening AIX
Bandwidth Throttling Full bandwidth throttling can be set to use only a specified amount of bandwidth on your network when using agentless, agents or the distributed proxy to conduct audits, giving the ability to control the bandwidth that the auditing system is using.
Benefit - Provides control over and the ability to limit the amount of bandwidth used by the system to achieve a network bandwidth-friendly audit strategy.
return to top
Scalability Agentless option and central database management configuration make enterprise-wide audits, assessments and system configuration simple and scalable to tens of thousands of systems.
Benefit - Servers can work together and be managed together from a central web interface and database distributing the load of large audits easily and efficiently.
return to top
Central Database Management Configuration All audit data and machine lists are stored in a central database for easy data management, central reporting and sharing between multiple users. This information is located in a single repository for backup and management. Settings and patches can be applied centrally for multiple distributed systems. Manageability is achieved by storing lists of systems and credential information in a secure scalable central database.
Benefit - Leverages existing corporate database for reporting and correlation to other security products.
- Easy back up of a single repository versus backing up distributed databases or flat files on a large number of systems.
- Easy configuration updates by centrally applying a configuration change to a group of machines from the central management console.
- Ease of management remains constant as the number of systems increases, thereby allowing for increased productivity in large scale deployments.
- Log files and baseline data are stored centrally and therefore more secure than if stored on distributed systems where tampering is more likely.
Check Virus Detection Software for Latest Version Levels Audit all systems, both locally and remotely, to ensure virus detection software is up-to-date.
Benefit - Maintaining virus protection software version levels ensures that all systems are protected from the newest virus strains and thereby minimizes security vulnerabilities.
return to top
Eliminate Unused System Administrator Passwords Audit all systems for unused administrator passwords and delete them.
Benefit - Administrator passwords function as security vulnerabilities, and therefore all unused passwords should be eliminated as part of any system security risk management policy.
return to top
Audit Patches Audit all desktops and servers to ensure patch compliance with a system security policy. Identify all systems that are missing patches, and provide appropriate notification.
Benefit - Organizations can ensure compliance with minimum patch baselines according to corporate standards by automatically auditing to ensure that all patches are up-to-date.
Given the high frequency of new patch releases and the time-consuming process required to manually research each patch, it is almost impossible for companies to ensure ongoing system security compliance without the aid of an automated tool.
return to top
Apply Patches Automatically download and apply software patches for Microsoft Windows, Solaris and many Microsoft applications to both local and remote machines.
Benefit - Identify out-of-date or missing patches in both the operating system and key applictions.
return to top
Queries Queries can include lists of files, file permissions, registry keys, users and groups, and other information on systems that meet the needed criteria. Example queries include:
Benefit - Where expressions-based rules are powerful and flexible for system security policy, queries are powerful when requiring lists of specific objects across a wide range of systems.
- Files or registry keys that are owned by a particular user
- Files or registry keys created or modified during the last X days or hours
- All files or registry keys to which a particular user has access
- Files or registry keys with unknown or deleted users in the access control list
- Find a value in the registry
- Users with blank, clear text or expired passwords
- Users who haven't changed their password in X number of days or are inactive
- Users who haven't logged in over some period of time or never logged in
- Users who are directly or indirectly members of the Administrator's group
- Users with local login rights to a server
- Users with dial-in privileges
- Groups with a specific, administrative, guest or disabled member
- Groups with identical memberships
Enterprise System Support This supports all standards (such as ODBC) as well as all operating systems and application servers.
Benefit - Support and integrity assurance for the following critical operating and multi-vendor environments:
- Centralized database (SQL, Oracle)
- Supports any ODBC-compliant database
- Windows (NT, 2000, 2003, XP)
- UNIX (Solaris, HP-UX, AIX, Linux, etc.)
