BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture



Similar documents
Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

SANS Top 20 Critical Controls for Effective Cyber Defense

Deloitte and SuccessFactors Workforce Analytics & Planning for Federal Government

Cybersecurity The role of Internal Audit

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Tivoli Endpoint Manager for Lifecycle Management

BSM for IT Governance, Risk and Compliance: NERC CIP

Closing the Vulnerability Gap of Third- Party Patching

IT Security & Compliance. On Time. On Budget. On Demand.

Evergreen Solutions Lowering the cost of EHR ownership

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Altiris IT Management Suite 7.1 from Symantec

Lumension Endpoint Management and Security Suite

McAfee Database Security. Dan Sarel, VP Database Security Products

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

ArcSDE Oracle Database Requirements

IBM Tivoli Endpoint Manager for Lifecycle Management

Cisco Security Optimization Service

How To Monitor Your Entire It Environment

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

eeye Digital Security Product Training

Cybersecurity and internal audit. August 15, 2014

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

Guardium Change Auditing System (CAS)

1. Understanding Big Data

Third Party Security: Are your vendors compromising the security of your Agency?

The Operating System Lock Down Solution for Linux

Altiris IT Management Suite 7.1 from Symantec

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Who is my SAP HANA DBA? What can I expect from her/him? HANA DBA Role & Responsibility. Rajesh Gupta, Deloitte. Consulting September 24, 2015

ORACLE VM MANAGEMENT PACK

How To Use Ibm Tivoli Monitoring Software

IBM Tivoli Netcool Configuration Manager

HP Application Security Center

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

IBM Maximo Asset Management Essentials

Managing Application Performance with JBoss Operations Network and OC Systems RTI

The Protection Mission a constant endeavor

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

NERC CIP VERSION 5 COMPLIANCE

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

Maximizing Configuration Management IT Security Benefits with Puppet

Red Hat Satellite Management and automation of your Red Hat Enterprise Linux environment

Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment

Leveraging SANS and NIST to Evaluate New Security Tools

Ensuring Contract Compliance through integration of Ariba Contracts and SAP ECC Michael Chavez and Sean Rhoades, Deloitte Consulting LLP

IBM Endpoint Manager for Lifecycle Management

System Requirements and Platform Support Guide

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

IBM Maximo Asset Management for IT

Introduction. Automated Discovery of IT assets

Symantec Server Management Suite 7.6 powered by Altiris technology

Nessus Agents. October 2015

vrealize Business System Requirements Guide

Comparison of versions 7.5 and 9.2. IBM License Metric Tool & Software Use Analysis Questions and Answers ILMT Central Team

PEOPLESOFT IT ASSET MANAGEMENT

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

How To Use Axway Sentinel

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Managing your Red Hat Enterprise Linux guests with RHN Satellite

Patch Management for Red Hat Enterprise Linux. User s Guide

Conducting due diligence and managing cybersecurity in medical technology investments

Configuration Audit & Control

Symantec Control Compliance Suite Standards Manager

Introduction to OVAL: A new language to determine the presence of software vulnerabilities

BMC BladeLogic Client Automation Installation Guide

Symantec Client Management Suite 8.0

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Managed Backup Service Supported Platforms

Altiris Server Management Suite 7.1 from Symantec

ZENworks Patch Management. Doc Hodges Opportunity Response Team Novell, Inc.

IPLocks Vulnerability Assessment: A Database Assessment Solution

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Increasing Recoverability of Critical Data with EMC Data Protection Advisor and Replication Analysis

Trend Micro. Advanced Security Built for the Cloud

THE TOP 4 CONTROLS.

Into the cybersecurity breach

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

PrimeRail Installation Notes Version A June 9,

VMware vcenter Update Manager Administration Guide

Patch management point solution. Platform. Patch Management Point Solution

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Symantec Client Management Suite 7.6 powered by Altiris technology

LANDesk Server Manager. Single Console Multi-Vendor Management Solution

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/ Barfield Road Atlanta, GA Tel: Fax:

Vulnerability Management

Transcription:

BladeLogic Software-as-a- Service (SaaS) Solution Help reduce operating cost, improve security compliance, strengthen cybersecurity posture February 20, 2014

Contents The Configuration Security Compliance Challenge Federal Agency Case Study 2

Today s ever-changing cyber threat landscape requires organizations to effectively maintain secure standard configurations and continuous awareness System and application vulnerabilities still remain a primary cyber threat exploitation risk for most organizations Why important 66% of the breaches in our 2013 report took months or even years to discover Source: NSS Labs Source: Verizon 2013 Data Breach InveSecurityations Report Three of the First Five quick wins identified by SANS Critical Controls for Effective Cyber Defense deal with secure standard configurations and timely patching of application and system vulnerabilities (2) secure standard configurations (3) application security patch installation within 48 hours (4) system security patch installation within 48 hours Source: SANS Critical Controls for Effective Cyber Defense 3

Maintaining standard secure configured and patched servers in a timely and effective manner remains a serious challenge for most large, complex organizations Common Challenges Volume Managing large volumes of security requirements and configuration data Manual Labor-intensive custom-scripting to support scanning and review of compliance data within large server environments Partial Lack of integrated tool suite covering full set of secure configuration and patching requirements Organizational Impact Configuration management Inconsistent configurations subvert operational effectiveness Difficult to track and trend changes across the enterprise Network-wide changes are labor-intensive and error-prone Security compliance auditing Inconsistent results due to individual interpretation Out of date because of constant change Inconsistent implementation of audits Incomplete audits (often to save time) Security compliance remediation No way to verify success No way to back out changes Security compliance reporting No trust in data Must be keyed in by hand Out of date No enterprise view of risk Labor Intensive processes and locally implemented tools do not achieve timely, effective end-to-end risk management 4

Federal Agency Case Study

Federal is required to deal with a highly diverse and complicated set of security requirements to maintain secure systems Overview Provides processing capability, systems management, communications and storage in support of Department of Defense services, agencies, and combatant commands Secure facilities strategically located throughout the world Support millions of users with petabytes of storage Transitioning from a traditional software implementation and sustainment model to a service provider delivered enterprise SaaS operating model Reduce operating cost Increase operational efficiency Improve customer access to a simple, flexible utility pricing Improve security compliance consistency across its Computing and Data centers Security challenges Transparency of server security configurations Windows Server (32 and 64 bit) RED HAT Linux SUSE Linux (x86, x86_64, s390x and s390) HP-UX Sun Solaris Solaris on INTEL X86 Auditing against stringent security controls over 11,000 Security Requirements compliance rules for servers alone Enterprise-wide visibility of security posture Inventory lifecycle control of tens of thousands of servers Long discovery, incident response, and compliance reporting times 6

Federal Agency Services and Operations - Overview Enterprise Services Patch Analysis and Deployment Compliance Remediation Determine patch level of a server Identify patching needs Download and install patches Develop compliance checks for Security Guidelines Analyze servers for compliance Report server deviations to enterprise security standards Develop automated remediation scripts to address compliance findings Operations enables Content Development Continuously develop compliance and remediation content Sustainment Update BladeLogic patch repository Manage automated reports Address user incidents Sustain BladeLogic system software, configuration, and architecture PMO Engage user community Manage logistics and reporting 7

Content - Development Federal Operations: Content Development Approach: Gap Analysis Baseline Content Develop & Deploy Content Sustain Platform Identify gaps in existing content against Security Requirements Document gaps and implement change control for content Develop content for each operating environment Maintain content and address incidents reported by enterprise users End Product(s): Component Template & Remediation Packages (one set for each operating environment) 8

Content - Testing and Release A structured approach has been established for developing and testing Federal enterprise compliance content Federal Operating Environments Red Hat Linux 5 Windows 2012 DC Windows 2012 MS Windows 2008 R2 DC Windows 2008 R2 MS Windows 2008 DC Windows 2008 MS Windows 2003 DC Windows 2003 MS Solaris 10 SPARC Solaris 10 x86 HP-UX 11.23 HP-UX 11.31 Solaris 9 Red Hat Linux 6 SUSE Linux 9 SUSE Linux x86 Oracle 11 MS SQL Server 2005 Development and Testing Approach Conduct User Acceptance Test (UAT) virtually with Agency Develop and Test Compliance Content to latest Security Brief Agency Leadership and obtain approval for Enterprise Readiness Announce and roll-out content to community Visit Agency site and conduct UAT 9 *IAVMs

The Federal Agency is realizing measurable benefit in performing its scanning Security requirements, inventory configurations, and change tracking activities Task Before BladeLogic With BladeLogic Scan server for Security Audit 20 minutes 3 minutes Security Analysis using Gold Disk (Security vs. Actual and Remediate back to compliance) per server 3 days (without rollback or audit trail) 10 minutes (with rollback and audit trail) Security Analysis using Gold Disk for 100 Servers. 300 days 2 days Server Inventory/Config/ Remediate 15 days 15 minutes Change Tracking/Server Drift Tracking N/A Continuous/Automated Documentation (exceptions/changes) Limited if done Automatic real time reporting 10

Copyright 2012 Deloitte Development LLC. All rights reserved. This publication contains general information only, and none of the member firms of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collective, the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication. As used in this document, Deloitte means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. Member of Deloitte Touche Tohmatsu Limited

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information