SecurityManager Plus

SecurityManager Plus Features

Network Security Scanner - Vulnerability Scanning
PCI DSS Compliance Reporting
PCI DSS Requirements supported in Security Manager Plus
Port Scanner - Open Ports Detection
Hardware and Software Inventory
Windows Users and Groups
Patch Management
Audit Reports
Vulnerability Management over the Internet
Vulnerability Database

Network Security Scanner - Vulnerability Scanning[Top]

With increasingly sophisticated attacks on the rise, the ability to quickly mitigate network vulnerabilities is imperative. Vulnerabilities if left undetected pose a serious security threat to enterprise systems and can leave vital corporate data exposed to attacks by hackers. For organizations, it means extended system downtimes and huge loss of revenue and productivity.

Vulnerability Assessment is a process of identifying the effectiveness of an enterprise network's security posture. The process qualifies the type of assets in the network, the probable areas for compromise and how to remediate vulnerabilities and protect assets. The core function of Security Manager Plus, network security scanner, is vulnerability scanning & detection of industry-known vulnerabilities on network assets and to offer remediation solutions.

Security Manager Plus enables you to scan assets and asset groups, view vulnerable assets and their complete security information, e-mail scan reports and take appropriate action to safeguard your assets based on the remediation solutions provided.


Scan Assets & Asset Groups	Scan Assets & Asset Groups Scan by hostname, IP address or network range Scan based on select Vulnerability Groups Supply asset login credentials for thorough detection Schedule periodic scans for assets & groups

View Vulnerable Asset Details Security information of an asset or group at a glance Pie-chart to depict vulnerability risk percentage Remediation solutions for detected vulnerabilities Generate audit reports for assets or groups	View Vulnerable Asset Details

E-mail Scan Reports	E-mail Scan Reports Get notified on scan task completion Send desired reports to administrators & IT managers Generate trouble ticket e-mails based on criteria

View Security Dashboard Top Vulnerable Assets Top Vulnerable Asset Groups Prevalent Vulnerabilities in the Network Latest Available Vulnerabilities	Security Dashboard

PCI DSS Compliance Reporting[Top]

Payment Card Industry Data Security Standard (PCI DSS)

With e-commerce on the rise, there have been numerous financial transactions made online, many of which involve making credit card payments for purchases. This increase in online payments has subsequently resulted in the growth of cases involving credit card fraud. Card numbers and card holder data are sensitive information which need utmost protection so that misuse is prevented and information is secured.

Therefore as a strategic security measure, companies & vendors handling credit and debit card information now need to comply with stringent security standards drawn by major credit card companies like VISA, MasterCard, American Express etc. so that security breaches are prevented and card holder data is safeguarded. The standard to be followed is a set of security requirements known as the Payment Card Industry Data Security Standard (PCI DSS) and applies to all members, merchants and service providers that store, process or transmit cardholder data regardless of transaction type (point of sale, phone, e-commerce, etc.).

What is the PCI DSS ?

The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard comprise 12 general requirements designed to:

Build and maintain a secure network
Protect cardholder data
Ensure the maintenance of vulnerability management programs
Implement strong access control measures
Regularly monitor and test networks
Ensure the maintenance of information security policies

This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/

Why should you comply to PCI DSS ?

Organizations that store and handle credit card information of their customers, irrespective of their size and nature of business, are always at a high risk of cardholder data misappropriation by criminals and other sources with malicious intent. Such security breaches will result in fines levied by credit card companies, litigations and loss in trust, and eventually business. Moreover, there is a deadline posed by credit card companies to achieve PCI DSS compliance and that is December 2007. Credit card companies levy huge fines up to $500,000 if businesses fail to comply to the PCI DSS within the stipulated time frame. Companies also run the risk of not being allowed to handle cardholder data if found non-compliant and having lost data. As a result, achieving PCI DSS Compliance is top priority for such companies.

How does Security Manager Plus fit in ?

Security Manager Plus can help you weigh the effectiveness of your organization's PCI DSS compliance efforts. It can automate the process of PCI DSS Compliance by scanning your network for vulnerabilities, determining if your network security is compromised and reporting whether the systems are compliant or not-compliant to the Payment Card Industry - Data Security Standards (PCI DSS).

Security Manager Plus enables corporate networks adhere to PCI DSS, by assessing many key requirements of the PCI DSS and furnishing compliance reports. PCI DSS compliance report in Security Manager Plus, presents the violations in your network from the requirements PCI DSS. This report is specially designed and generated in the format specified by the "Payment Card Industry Data Security Standard" available at https://www.pcisecuritystandards.org/tech/index.htm.

PCI DSS Compliance Report Screenshots


PCI DSS Compliance all Sections	PCI DSS Compliance selected sections

PCI DSS Requirements supported in Security Manager Plus[Top]

Here are the 12 primary requirements of the PCI DSS :

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security

Security Manager Plus supports the following requirements of the PCI DSS :

PCI DSS requirements	Support Status
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
2.1 Always change vendor-supplied defaults before installing a system on the network	Yes
2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities
2.2.1 Implement only one primary function per server	Yes
2.2.2 Disable all unnecessary and insecure services and protocols	Yes
2.2.3 Configure system security parameters to prevent misuse	Yes
2.3 Encrypt all non-console administrative access	Yes

Requirement 4: Encrypt transmission of cardholder data across open, public networks
4.1 Use strong cryptography and security protocols	Yes

Requirement 5: Use and regularly update anti-virus software or programs
5.1 Deploy anti-virus software on all systems commonly affected by viruses
5.1.1 Ensure that anti-virus programs are capable of detecting, removing, and protecting against other forms of malicious software	Yes
5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs	Yes

Requirement 6: Develop and maintain secure systems and applications
6.1 Ensure that all system components and software have the latest vendor-supplied security patches installed	Yes
6.2 Establish a process to identify newly discovered security vulnerabilities	Yes
6.5 Develop all web applications based on secure coding guidelines	Yes

Requirement 11: Regularly test security systems and processes
11.2 Run internal and external network vulnerability scans at least quarterly	Yes

Requirement 12: Maintain a policy that addresses information security for employees and contractors
12.2 Develop daily operational security procedures that are consistent with requirements in this specification	Yes

Port Scanner - Open Ports Detection[Top]

Open ports leave your network exposed to malicious attacks by hackers or worms & trojans. An open port if detected by a hacker will be exploited, leading to a compromise in your network security. Studies have shown that a large number of security threats arise due to conditions like buffer overflow and denial of service attacks on open ports in enterprise networks.

Security Manager Plus as a port scanner, plays an important role in detecting and displaying all open ports on every discovered asset throughout the network. It uses TCP & UDP port scanning techniques to accurately detect them and the service running on these ports. A periodic scan and analysis of open ports will allow you take control so that loss or exposure of sensitive information in your network can be prevented.


Open Ports Report	Open Ports Report View open ports list, protocol & service info View the vulnerabilities that are exposed on these ports

Hardware and Software Inventory[Top]

In order to maintain a healthy security posture of your network, it is important that a record of the hardware and software resources in the discovered assets is tracked, lest the presence of an unwarranted inventory resource induces a probable security threat. Keeping track of inventory is one of the most tedious tasks for security administrators.

Security Manager Plus intelligently scans for Hardware and Software inventory details for all assets and reports them as a part of the scanned asset details. This automates the pain-staking task of manually auditing your inventory, at the same time ensuring that inventory resources in the network assets are in line with the company's security policies.


Hardware Inventory	Hardware Inventory System Manfacturer Info & Model Processor & RAM Info Drive & Network Peripheral Info Ports Info (COM, USB etc.)

Software Inventory List of available software with version Installed patches & updates Windows services list with status	Software Inventory

Windows Users and Groups[Top]

Knowing User accounts, their access privileges and other account details present in an asset namely number of logins, last logon time etc., provides sensitive security information that can be tracked to prevent unauthorized access. Similarly, the various User groups present in discovered assets and the members of each group, too add value to the risk identification process.

Security Manager Plus provides an easy to use dashboard with Windows Users and Groups information. A vulnerability scan on an asset with appropriate login credentials will display this information, which can also be converted into PDF or CSV formats for reporting and audit purposes.


Windows Users and Groupsss	Windows Users and Groups View open ports list, protocol & service info View the vulnerabilities that are exposed on these ports

Patch Management[Top]

With the number of security threats and vulnerabilities on the rise, the hot fixes and updates released by software vendors to address these vulnerabilities is also increasing manifold. It becomes an extremely arduous task for security administrators to cope with the volume and frequency of such patches as the amount of time and effort involved in identifying, testing and installing problem-free patches on vulnerable systems is enormous.

One form of vulnerability remediation on Windows assets is applying missing patches and services packs. Security Manager Plus doubles up as a patch management software here. It identifies missing patches and service packs on vulnerable Windows assets and facilitates downloading patches from Microsoft site and deploying them on systems that require them - all from a central location.

Security Manager Plus supports Windows patch management for more than 26 languages supported by Microsoft OS and applications. It can act as a reporting tool to monitor if other patch management software like WSUS, SMS etc. are functioning properly. It can also detect missing RPM security updates Linux (Red Hat and Debian) systems.


Deploy Missing Patches	Deploy Missing Patches Schedule patch deployment Deploy patches according to a preset baseline Options to reboot or shutdown systems after deployment Automatically sequence the deployment of multiple patches Post a custom message in the system after patch deployment E-mail deployment status reports

View Patch Details Affected hosts list Information on products it affects, severity, vulnerability etc. Links to vendor websites	View Patch Details

Deploy Service Packs	Deploy Service Packs Deployment of a service pack in multiple systems Use an already downloaded service pack for deployment Deployment timeout configurable Schedule service pack deployment E-mail service pack deployment status View service pack deployment history reports

View Patches Dashboard Network patch status based on severity Top patches required for your network Most vulnerable hosts based on missing patches Recently released patches	View Patches Dashboard

Audit Reports[Top]

Reports are essential to provide insights on historical data, trends and to facilitate statistical analysis of network behavior. They are useful when security administrators have to submit periodic information on the security posture of the network to IT managers and auditors to make well-informed security decisions. Reports also ensure that the company's IT and regulatory policies are complied with.

Security Manager Plus comes with a set of comprehensive, canned reports to aid security administrators. There are also provisions to define custom reports based on select criteria. Reports can also be generated on vulnerability scan completion and sent to desired e-mail IDs. They can be exported to PDF or CSV format and can be imported by other reporting tools like Crystal Reports etc.

Security Consultants and Service Providers have the facility to rebrand reports from Security Manager Plus by changing the company logo and disclaimer messages. Some of the reports in Security Manager Plus are shown below for reference.


Executive Report	Executive Report Provides a high-level summary of scan results in rich graphical formats Used by the executive to know the exposure level of the enterprise network to threats

Remediation Report Provides a comprehensive report on the vulnerabilities with links to solutions for fixing the problem Used by the System Administrators to prioritize vulnerability resolution	Remediation Report

Differential Report	Differential Report Compares and provides a detailed report on the difference in security postures of the network and assets on two different scans

Service Packs and Patches Report Provides a detailed listing of all the missing service packs and patches on the selected assets.	Service Packs and Patches Report

Vulnerability Management over the Internet[Top]

Consider scenarios where you have to manage

systems that are spread across different geographical locations or offices over the internet (applicable primarily to Service Providers)
laptops that are often disconnected from the network (mobile users on the move)
systems situated behind a NAT/PAT firewall or router (systems in different branches of an enterprise)

Security Manager Plus is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the Security Manager Plus Agents should be able to contact the Security Manager Plus Server over the web (using HTTP).

Enterprise Setup

Here is an example to illustrate how a Service Provider can setup Security Manager Plus Agents in the HTTPS mode to manage systems in different geographical locations.

A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.

Vulnerability Management over the Internet

The Security Manager Plus Server will reside in the SerPro network in Washington. The Security Manager Plus Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the Security Manager Plus Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the Security Manager Plus Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.

Setting Up Security Manager Plus Server in the Service Provider Network

1. On a system which is in the Internet Data Center (IDC), with a public IP address

Security Manager Plus Server can be installed on a server in the IDC of the service provider. This server must have a unique public IP address and must be accessible over the web. Port 6767 (default web server port of Security Manager Plus server) must be open allow Security Manager Plus agents to communicate to this server.

Administrators can login to the web interface of Security Manager Plus from any location to view and perform patch management tasks.

2. On a system in the internal network of the service provider, with internet access via a NAT/PAT router

Security Manager Plus can be installed on a system with an internal IP address, within the SerPro network. The NAT router in the service provider IDC will have the public IP address for external internet traffic, and this will redirect all traffic to and from the internal IP addresses. The NAT router must be configured (mapping in the routing table) in such a way that it routes all HTTP (web) traffic coming through port 6767 (default web server port of Security Manager Plus server) to the internal IP address of the system which has Security Manager Plus Server installed.

The SMP agents will have the external IP of the SerPro NAT router configured as the SMP Server name and will establish contact over the web on port 6767 (default). The NAT router at SerPro will take care of redirecting the requests/responses to the internal IP address of the SMP Server machine.

Setting Up Security Manager Plus Agents at the customer sites

This process is very much simple and does not involve any major configurations at the customer sites.

Access the web interface of the SMP Server in SerPro using the public IP address : https://<publicIP>:6767/
Login and download the SMP Agents (Windows) from the Home tab
Copy and install the SMP Agents on systems that need to be managed
Provide the public IP address of the SMP server machine as Server Name to the agent during installation
If web access from the SMP Agent machine happens via a proxy server, this can be configured during installation or later from the System Tray Icon of SMP Agent
Start the agent at the end of the installation screen
Login to the web interface of SMP, visit the Systems tab and see your agents listed there

Differences between Security Manager Plus Agent in HTTPS mode and TCP mode

S.No		HTTPS Mode	TCP Mode
1	Usage scenario	WAN,LAN	LAN,VPN
2	Communication protocol	HTTP (Over the web)	Port to port (TCP)
3	Security	Data encrypted. Communication secured using SSL over HTTP (HTTPS)	Data encrypted. Communication secured using SSL over TCP.
4	Ports to be open for the Agent in the firewall (if any)	None. Web access (HTTP) must be allowed.	9005 (default, but configurable)
5	Ports to be open for the Server in the firewall (if any)	6767 (SMP server web port - default, but configurable)	9004 (default, but configurable), 6767 (for patch download)
6	SMP Server location	Can be located in an internal network with IP & port mapping done to the NAT's external IP address	Located in the internal network
7	Agent Configurations required	External IP address of the SMP Server, SMP server web port & proxy server info (if required), polling interval for agent	Name/IP address of the SMP Server, SMP Server TCP port
8	Communication Flow between Server and Agents	One-way (Agent polls Server)	Two-way
9	Response time of Agent	Agent's poll interval	Instant (no polling!)
10	Operating System supported	Windows only	Windows & Linux

Refer to the documentation for more information on Security Manager Plus Agent Installation, Setup and Configuration.

Vulnerability Database[Top]

Vulnerabilities are constantly on the rise as hackers are getting smarter by the day. A network security scanner like Security Manager Plus needs to be in tune with the most recently discovered vulnerabilities and patch information, so that it can identify the latest vulnerabilities in your network as well as remediate them.

Security Manager Plus has a comprehensive database of industry-known vulnerabilities from trusted sources like CVE, SecurityFocus, SANS etc. and also maintains it patch database information from sites like Microsoft, Red Hat & Debian. Vulnerabilities are classified into predefined vulnerability groups based on :

services they affect like HTTP, Telnet, IMAP etc.
operating systems like Windows
device categories like Cisco
application servers like Mail servers, Database Servers (MSSQL, MySQL, Oracle), Web Servers
others like CGI abuses, SANS Top 20 vulnerabilities

The vulnerability database is frequently updated with new signatures so that you can ensure full security from recently released vulnerabilities.


Vulnerability Knowledge Base	Vulnerability Knowledge Base Obtained from trusted sources like CVE, SANS etc. Frequently updated with latest signatures New Update Availability notification in Security Manager Plus web interface

Patches Knowledge Base Latest bulletin releases from Microsoft Support for more than 26 OS languages and applications Contains both security and non-security patches for Windows	Patches Knowledge Base

	Site Search...

Browse

	Request Callback Subscribe Training Get Quotation BUY ONLINE

Products

	or...

Customer Comments

White Paper



									Tuesday, 07 September 2010