rating of 5 out 5 stars

Transcription

1 SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security Scan results... 6 Home Page Dashboard... 8 Asset Details... 9 Vulnerability Details Affected Security Controls Risky Assets Perspective Most Effective Controls perspective Top Risk Scenarios Remediation Report What-if Analysis Auto responses to assessments from scanned data Auto Answering Assessment with Security Scan Data Auto Answering when Starting Assessment with Security Scan Data Security Scans to Auto-reviewing assessment Support Page 1 egestalt Technologies is a leading provider of Cloud-based software-as-a-service (SaaS) solutions for IT security and compliance management, vulnerability analysis and risk management. The company's flagship product Aegify is the world s-first, software only solution that disrupts the way businesses deal with security, compliance and risk management using an easy-to-use, costeffective, subscription, cloud-saas solution. egestalt delivers its solutions through a channel based managed service provider community. egestalt s Aegify was given the highest rating of 5 out 5 stars by the reputed SC Magazine review, in June 2014, with 5 stars for Features, Performance, Documentation, Support and Overall Rating! The problems that Aegify solves are mentioned below and summarized here: Meet Regulatory Security, Risk and Compliance Management requirements for HIPAA, PCI, FISMA, SANS20, GLBA, SOX and 800 other regulatory frameworks. Perform effective vulnerability management to combat today's threats Remote deployment and management through a cloud-based managed services approach. Pre-Audit and Post-Audit with Complete audit trail for in-house or external auditors Vendor Risk Management Secure Meaningful Use Dollars through HIPAA Security Risk analysis

2 Aegify comprehensive benefits Just to recap, Aegify offers comprehensive benefits: 1. Features world s FIRST unique and flexible cloud-based software deployment architecture - Facilitates security scans of business IT assets. 2. Know your network through IT assets discovery - Detects vulnerabilities, security threats, and risks across your entire IT infrastructureto combat today's threats, helping you fix the vulnerabilities quickly, and made easy with automated vulnerability management life-cycle. Prioritize and manage risk effectively through real-time dashboards, GAP reports and remediation guidance. Facilitates security scans for more than 31,800 vulnerabilities and over 92,000 checks across your networks. 3. Remote deployment and management through a cloud-based managed services approach. 4. Integrates with Risk and Compliance Management Helps meet Regulatory Security, Risk and Compliance Management requirements for HIPAA, PCI, FISMA, SANS20, GLBA, SOX and 800 other regulatory frameworks. An underlying expert system that interprets the scanning results and maps the vulnerabilities to Risk and Compliance controls enabling you to manage your complete Security, Risk and Compliance Posture in real-time using a single unified GAP and remediation process for all organizational issues, resulting in huge productivity gains through savingsin time and resources. Addresses comprehensively the Vendor Risk Management 5. Pre-Audit and Post-Audit with Complete audit trail for in-house or external auditors. 6. Leverage the Integrated Managed Services Automation Platform - The solution is completely integrated with the rest of the services into the managed services framework with advance automation that enables complete administrative control for setup, configuration and administration of the service(s). 7. Do complete Remote deployment and management with low Total cost of ownership - Traditional vulnerability scanning solutions require manual deployment in the customer premises (CPE) for every location, sometimes requiring deployment in the domain controller's network. The scanning results need to be interpreted manually as well. Aegify SPM can be deployed and managed remotely through a remote cloud-based deployment architecture. With the click of a button on the browser based administrative console you are able to install, schedule and manage your vulnerability scanning process, and the expert system will automatically map the results to risk and compliance controls in real-time. This results in huge productivity gains and cost savings. 8. Scales easily from small to medium to large enterprises with large multi-segmented networks (more than 1,024 IPs) and virtualized infrastructures without affecting performance, including configuration and policy scanning. 9. Provides flexibility to easily include or exclude network segments from scans. 10. Includes authenticated and unauthenticated scan support. 11. Secure Meaningful Use Dollars through HIPAA Security Risk analysis 12. Generates extensive dashboard views and reports on security posture and compliance status. Page 2

3 Aegify Security Posture Managemnt (aka SPM) the unified security posture management tool for effective threat management includes the following capabilities: Asset Discovery Vulnerability Analysis Risk Profiling Threat Impact Analysis Compliance Mapping Dashboards & Reports Page 3 Security Posture Assessment workflow Assessing the security posture is a simple process as illustrated below: Scanner Management If you launch the scan from an AWS instance as detailed in the Aegify SPM from AWS User Guide, on clicking the Activate button after selecting the option to scan AWS instances and VPC, the scan schedule interface will display the following screen:

4 Page 4 The number of IPs addressed to be scanned based on your license subscription. The IPs may be your AWS systems or private IP of your VPC (when the scanner is launched within the VPC). Please ensure that the inbound traffic on port is allowed with the AWS security group as this port is required for Aegify Server scanner communication. Once the scan schedule is saved, Aegify portal will start a security scan on the specified assets at the scheduled time. You can disconnect from the remote desktop of the scanner instance and login into Aegify using a web browser. Go to and login using the ID and password you setup in step-1 above to monitor the scan progress. You can also schedule recurring scans by going to the links Security Manage Security Scans Aegify Scanner Management. Security->Manage Security Scans ->Manage Security Scan ->Aegify Scanner Management

5 Page 5 1. The screen display is to configure the scan. 2. The internal scan option is to run the Aegify scanner and the external scan option can be selected to run any supported external scanner as explained below. 3. Schedule the scan on a selected date and time and click on the Repeat check box to repeat the scans periodically; then select the repeat cycle - an assigned number of days, weekly, or monthly. 4. Select the notify option if you desire to have an sent to you after an asset is discovered. Please note that the scan will not proceed until you log on to Aegify and manually select the IPs to be scanned and then clear this option. 5. Select the included hosts (required field) and select other hosts from the drop-down list on the right. If asset discovery has been completed for an ongoing scan, then you can choose the discovered assets from the Select Hosts from Here box to scan. 6. To exclude specific hosts, you can specify a single private IP or given subnets of private IPs. To add more than one IP address, press Enter key after keying in every IP Address. 7. Advanced Configuration section allows you to setup authenticated scans. Configuring logon credentials for scans enables you to perform deep checks, inspecting assets for a wider range of vulnerabilities or security policy violations. Additionally, authenticated scans can check for software applications and packages and verify patches. When you configure credentials for a site, target assets in that site authenticate the Scan Engine as they would an authorized user. Expand the advanced configuration section for adding new scan credentials for select services and also for restricting access to assets or ports. Read more about authenticated scans here.

6 Page 6 Upload external scan output Security -> Manage Security Scans -> Upload External Security Scan Output If you already have been using any of the scanners listed below, you can use Aegify to manage the secuirty posture by uploading the XML reports of the scans. The scanners supported include: {Select from the drop-down list by clicking the hyperlink} Nessus (Nessus Vulnerability Management) Qualys (Qualys Vulnerability Management) Rapid 7 (Rapid 7 Vulnerability Management) Retina (Retina Vulnerability Management) Saint (Saint Vulnerability Management) XCCDF (Extensible Configuration Checklist Description Format) The supported file formats include XML, zipped XML, and GZipped XML) {Select from the drop-down list by clicking the hyperlink) Browse your folders to select the external scanned data file. The data in the XML file will be imported into Aegify for compliance assessment purposes. If you launch the scan from an AWS instance as detailed in the Aegify SPM from AWS User Guide, the scan reports could be viewed by logging into and selecting Reports from the top-level menu and SPM Reports from the sub-menu. You may view the vulnerabilities and the remediation report for taking appropriate remedial measures and rerunning the scans to ensure that the vulnerability gaps are fixed. These are detailed in the Reports section of this user guide later. Reports -Views View Individual Security Scan results Security -> Manage Security Scans -> View Security Scan Results

7 This view as shown below summarizes the scan results of each security scan. It also enables you to download a remediation action report (first column) for each vulnarabilities found in each scan. Page 7 Click on the comparison reports in the right-most column to compare the current scan results with a previous scan or click on the trend line report to view the trend. On clicking these comparison report links, you will be prompted to select a previous scan to compare as shown below: Click on the Generate button to generate the report. Please wait for Aegify to generate the report. The document will be placed in your download folder of the browser. Open the downloaded report document to view the comparison report. The comparison report will be downloaded as a CSV in which, each vulnerability status is compared against the previous scan selected. The trend report highlights the trend in risk levels of the assets, vulnerabilities by severity level and the secuity status to help you decide on appropriate actions for mitigating the security risks.

8 Home Page Dashboard On login, the customer s home page has a dashboard view of the security posture of the highlighting the security risk level, the vulnerable assets and total vulnerabilities for the customers. A graphical view of the data is displayed on the right. A customer's home page will display customer specific security posture details and the compliance status to applicable regulations and standards. Page 8

9 Asset Details Assets ->Asset Management ->Asset Aegify SPM inlcudes state of the art asset fingerprting algorithm wherein same asset scanned in multiple scans is recongined as an existing asset and the securtiy posture of the asset is determined from its latest scan. The Asset Repository in this view lists all the assets scanned across multiple scans and their current securitu posture. You can download the detailed secuity posture report from each assets-perspective by clicking the export botton located at the bottom-right of this view. Page 9 1. The first pie-chart summarizes all the scanned hosts by grouping them based on the security Severity. 2. The second pie-chart summarizes all the software services running on these assets. 3. The trendline shows the security posture over time interms of number of assets in each severality rating in last three scans. 4. The data grid at the bottom of this view lists all the assets with current securtiy posture details. Click on individual asset link to view more details about the asset security posture in terms of vulnerabilties and remediation suggestions.

10 Page 10 Vulnerability Details Assets ->Asset Management ->Vulnerability View You can download the detailed secuity posture report from each vulnerability-perspective by clicking the export botton located at the bottom-right of this view. 1. The first chart lists the top 10 vulnerabilities across all the scanned asssets. 2. The second chart summarizes all the vulnerabilities present across all the assets by grouping them based on the security Severity. 3. The trenline shows the number of vulnerabilities by severity present in each scan. The data grid at the bottom of this view lists all the vulnerabilities present across all the assets. Expand each vulnerability to read more about the vulnerability and remediation suggestions. If you have been scaning same set of assets over a period of time, the trendlines in these two view shows how your I.T. Security Risk is changing over time. A good remedial action process in place will show the Risk being lowered over time in these trend charts.

11 You can download a detailed remediation report from any of these two views. This report will giude your remediation team with detailed remedial actions for each asset and time estimates for remediating each asset. Page 11

12 Affected Security Controls Assets ->Asset Management ->Affected Regulatory/Standards Controls View Page The top panel displays the affected controls and the control risk status changes across a timeline. 2. The table below the top panel displays details of the vulnerabilities in terms of Control Title, Citation Reference, Total Vulnerabilities and Affected Controls. 3. Click on the export icon at the bottom to export the data in PDF or Microsoft Word format. 4. Click on the hyperlinked numerical figures in the table to view the affected scanned IT Assets in terms of the asset name, protocol and the port used.

13 Reports ->Risk Reports->Dashboard and Reports Set the required filters in this reports sreen and select the required perspective. Page 13 Risky Assets Perspective Most Effective Controls perspective

14 Top Risk Scenarios Page 14 Remediation Report What-if Analysis 1. What-If Analysis gives a powerful simulation model to assess the impact on security and compliance levels for a selected customer by defining the count of assets to be evaluated and the perspective in terms of controls and risk scenarios. 2. Filter on various tags using the predefined tags in the drop-down list. 3. Various applicable controls listed in the left panel could be selected by clicking the check box to the right of the control to indicate whether the control is implemented and to instantly display the risk scenario, the number assets impacted by the control and the percentage of controls scored. After selecting or deselecting the controls that are implemented, clicking the Calculate button at the bottom right of the task bar displays the extent to which the selected customer is compliant through the pie chart on the right. 4. The multi-level pie chart shows three layers: The inner most circle shows the severity of the overall risk status; the middle circle shows the assets grouped by severity; the outer circle displays the risk scenarios grouped by the severity for the group of assets.

15 5. Selecting the heat map tab to the right of the multi-level pie chart shows the risk by asset value for the different assets for which the compliance controls have been implemented. Page 15 Auto responses to assessments from scanned data Auto Answering Assessment with Security Scan Data Assessment -> Start Assessment egestalt has mapped many known vulnerabilities published by MITRE to different Regulatory controls. So the presence of any of these vulnerabilities in your organization can automatically fail compliance to controls in assessments. egestalt updates these vulnerabilities mapping to different Regulatory controls regularly. MCP Reviewers can select the option to auto-answer some of the controls in the assessment when starting the assessment after starting the assessment for user responses. This option will be available if you have subscribed to SPM service and have scanned the IT network at least once. If a scan is performed after the assessment is started (published), Aegify will prompt the assessee to auto answer using the scan data. Assessees can auto-answer the assessment later by clicking on the Auto-Answer button. MCP Reviewers can also use the scan data for reviewing Assessments. This option will be available, if the customer has subscribed to SPM service and has scanned the network at least once in their network. The interface provides features for the MCP reviewer to: 1. Select the customer organization. 2. Enter relevant Assessment details. 3. Click on the check box under Auto-answer options - Use Security Scans to Autoanswer and / or Use Previous Assessments to auto-answer. 4. Where fields have a drop-down box, select the value from the list box. 5. Click on the Save button.

16 Auto Answering when Starting Assessment with Security Scan Data Assessment -> Start Assessment egestalt has mapped many known vulnerabilities published by MITRE to different Page 16 Regulatory controls. So the presence of any of these vulnerabilities in your organization can automatically fail compliance to controls in assessments. egestalt updates these vulnerabilities mapping to different Regulatory controls regularly. MCP Reviewers can select the option to auto-answer some of the controls in the assessment when starting the assessment after starting the assessment for user responses. This option will be available if you have subscribed to SPM service and have scanned the IT network at least once. If a scan is performed after the assessment is started (published), Aegify will prompt the assessee to auto answer using the scan data. Assessees can auto-answer the assessment later by clicking on the Auto-Answer button. 1. Select customer organization. 2. Enter relevant Assessment details. 3. Click on the check box under Auto-answer options - Use Security Scans to Autoanswer and / or Use Previous Assessments to auto-answer. 4. Where fields have a drop-down box, select the value from the list box. 5. Click on the Save button. Security Scans to Auto-reviewing assessment Assessment ->Assessment Browser ->Review MCP Reviewers can use the security scan data for reviewing Assessments. This option is available to a customer who has subscribed to SPM service and has scanned the network at least once in their network. 1. Select an assessment with its state shown as review from the list or using advanced search panel select an assessment in review state. 2. Add user relevant details and click the Review button. 3. Select a user from the list with the status Review in Progress. 4. Click on Review Responses button in the bottom panel. 5. Click on Auto-review button in the bottom panel. 6. Click on Use Security Scan Results option from the pop-up menu. 7. Select an Assessee name from the list and click on Auto-score button. 8. Click Yes, for confirmation. Support support@egestalt.com