• No results found

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

N/A
N/A
Protected

Academic year: 2021

Share "BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture"

Copied!
11
0
0

Loading.... (view fulltext now)

Full text

(1)

BladeLogic

Software-as-a-Service (SaaS) Solution

Help reduce operating cost, improve

security compliance, strengthen

cybersecurity posture

(2)

The Configuration Security Compliance Challenge

Federal Agency Case Study

(3)

Copyright © 2014 Deloitte Development LLC. All rights reserved.

3

Today’s ever-changing cyber threat landscape requires

organizations to effectively maintain secure standard

configurations and continuous awareness

Source: Verizon 2013 Data Breach InveSecurityations Report

Why important – “66% of the breaches in our 2013 report took

months or even years to discover …”

Source: SANS Critical Controls for Effective Cyber Defense

Three of the “First Five” quick wins identified by SANS Critical Controls for Effective Cyber Defense deal with secure

standard configurations and timely patching of application and system vulnerabilities

(2) secure standard configurations

(3) application security patch installation within 48 hours

(4) system security patch installation within 48 hours

Source: NSS Labs

System and application vulnerabilities still remain a primary

cyber threat exploitation risk for most organizations

(4)

Maintaining standard secure configured and patched

servers in a timely and effective manner remains a

serious challenge for most large, complex organizations

Configuration management

Inconsistent configurations subvert operational effectiveness

Difficult to track and trend changes across the enterprise

Network-wide changes are labor-intensive and error-prone

Security compliance auditing

Inconsistent results due to individual interpretation

Out of date because of constant change

Inconsistent implementation of audits

Incomplete audits (often to save time)

Security compliance remediation

No way to verify success

No way to back out changes

Security compliance reporting

No trust in data

Must be keyed in by hand

Out of date

No enterprise view of risk

Labor Intensive processes and locally implemented tools do not achieve timely, effective

end-to-end risk management

Volume

Managing large volumes of security

requirements and configuration data

Manual

Labor-intensive custom-scripting to support

scanning and review of compliance data

within large server environments

Partial

Lack of integrated tool suite covering full set

of secure configuration and patching

requirements

(5)
(6)

Federal is required to deal with a highly diverse and

complicated set of security requirements to maintain

secure systems

Overview

Security challenges

Provides processing capability, systems management,

communications and storage in support of Department of

Defense services, agencies, and combatant commands

• Secure facilities strategically located throughout the

world

• Support millions of users with petabytes of storage

Transitioning from a traditional software implementation

and sustainment model to a service provider delivered

enterprise SaaS operating model

• Reduce operating cost

• Increase operational efficiency

• Improve customer access to a simple, flexible utility

pricing

• Improve security compliance consistency across its

Computing and Data centers

Transparency of server security configurations

Windows Server (32 and 64 bit)

RED HAT Linux

SUSE Linux (x86, x86_64, s390x and s390)

HP-UX

Sun Solaris

Solaris on INTEL X86

Auditing against stringent security controls – over

11,000 Security Requirements compliance rules for

servers alone

Enterprise-wide visibility of security posture

Inventory lifecycle control of tens of thousands of

servers

Long discovery, incident response, and compliance

reporting times

(7)

Copyright © 2014 Deloitte Development LLC. All rights reserved.

7

Federal Agency Services and Operations - Overview

Content Development

Continuously develop compliance and remediation content

Sustainment

Update BladeLogic patch repository

Manage automated reports

Address user incidents

Sustain BladeLogic system software, configuration, and architecture

PMO

Engage user community

Manage logistics and reporting

Enterprise Services

enables

Operations

Patch Analysis and Deployment

Compliance

Remediation

• Determine patch level of a server

• Identify patching needs

• Download and install patches

Develop compliance checks for

Security Guidelines

Analyze servers for compliance

Report server deviations to

enterprise security standards

Develop automated remediation

scripts to address compliance findings

(8)

Content - Development

Identify gaps in existing content against Security Requirements

Gap Analysis

Baseline Content

Sustain Platform

Develop &

Deploy Content

Federal Operations: Content Development

Approach:

Document gaps and implement change control for content

Develop content for each operating environment

Maintain content and address incidents reported by enterprise users

End Product(s):

Component Template & Remediation Packages

(one set for each operating environment)

(9)

Copyright © 2014 Deloitte Development LLC. All rights reserved.

9

A structured approach has been established for

developing and testing Federal enterprise

compliance content

Content - Testing and Release

Develop and Test

Compliance Content to

latest Security

Visit Agency site and

conduct UAT

Conduct User

Acceptance Test (UAT)

virtually with Agency

Brief Agency Leadership

and obtain approval for

Enterprise Readiness

Announce and roll-out

content to community

Development and Testing Approach

Federal Operating Environments

Red Hat Linux 5

Windows 2012 DC

Windows 2012 MS

Windows 2008 R2 DC

Windows 2008 R2 MS

Windows 2008 DC

Windows 2008 MS

Windows 2003 DC

Windows 2003 MS

Solaris 10 SPARC

Solaris 10 x86

HP-UX 11.23

HP-UX 11.31

Solaris 9

Red Hat Linux 6

SUSE Linux 9

SUSE Linux x86

Oracle 11

MS SQL Server 2005

(10)

The Federal Agency is realizing measurable benefit in

performing its scanning Security requirements, inventory

configurations, and change tracking activities

Task

Before BladeLogic

With BladeLogic

Scan server for Security Audit

20 minutes

3 minutes

Security Analysis using Gold Disk

(Security vs. Actual and Remediate back to

compliance) per server

3 days

(without rollback or audit trail)

10 minutes

(with rollback and audit trail)

Security Analysis using Gold Disk for 100

Servers.

300 days

2 days

Server Inventory/Config/ Remediate

15 days

15 minutes

Change Tracking/Server Drift Tracking

N/A

Continuous/Automated

(11)

Copyright © 2012 Deloitte Development LLC. All rights reserved.

This publication contains general information only, and none of the member firms of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collective, the “Deloitte Network”) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.

As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting

Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. Copyright © 2014 Deloitte Development LLC. All rights reserved.

References

Related documents

ZENworks Primary Server software is supported on Windows Server 2003, Windows Server 2008, and Windows Server 2012 R2 editions with or without Hyper-V.. NOTE: Installation on

ISA (Internet Security and Acceleration) Server Connection Settings 66 Microsoft Windows Vista, Windows 7, Windows 8, Windows 8.1, Server 2008, Server 2008 R2, Server 2012, and

Installing guest operating systems on Windows Server 2008 R2/Windows Server 2012 Standard 21... Install Windows Server® 2008 R2 or HP-branded Windows Server 2012 in

Version Database Server Web and Licence Servers Windows Server 2012 R2 Recommended Recommended Windows Server 2012. Windows Server 2008 R2 Windows

• New functionality requires that domain controllers run: – Windows 2000 – Windows Server 2003 – Windows Server 2008 – Windows Server 2008 R2 – Windows Server 2012. •

Microsoft Windows 2008 Server R2 Standard Edition Microsoft Windows 2008 Server R2 Enterprise Edition Microsoft Windows 2008 Server R2 Data Center Edition Microsoft Windows

The MagLink interface engine requires the following: Supported Recommended Operating System Windows 2003 Server Windows 2008 Server Windows 2008 Server R2 Windows Server 2012

 In addition to operating systems supported for the application, the license server will run on the Windows Server® 2008, Windows Server 2008 R2, Windows Server 2003 and Windows