Security Manager Plus

Security Manager Plus

Security Manager Plus is a network security scanner that proactively reports on network vulnerabilities and helps to remediate them and ensure compliance. With vulnerability scanning, open ports detection, patch management, Windows file/folder/registry change management and vulnerability reporting capabilities, Security Manager Plus protects the network from security threats and malicious attacks.

 

Key Features

Patch Management

With the number of security threats and vulnerabilities on the rise, the hot fixes and updates released by software vendors to address these vulnerabilities is also increasing manifold. It becomes an extremely arduous task for security administrators to cope with the volume and frequency of such patches as the amount of time and effort involved in identifying, testing and installing problem-free patches on vulnerable systems is enormous.

One form of vulnerability remediation on Windows & Linux assets is applying missing patches and service packs & missing packages. Security Manager Plus doubles up as a patch management software here. It identifies missing patches/packages and service packs on vulnerable assets and facilitates downloading patches from vendor site and deploying them on systems that require them - all from a central location.

Windows Patch Management

Security Manager Plus supports Windows patch management for more than 26 languages supported by Microsoft OS and applications. It has its own scanning and patching engine backed by a comprehensive patch database that is updated frequently. You can also use Security Manager Plus to verify the list of Missing and Installed Patches that are reported by other software like WSUS, SMS, etc.

 

Linux Patch Management

It can also detect missing packages on Linux (Red Hat, Debian, CentOS) systems and install these package updates by interoperating with target system's package management tools (up2date for Red Hat, aptitude for Debian, yum for CentOS).

Support for other Linux distributions can be added by editing patch management scripts from the web console.

In order to use SMP's Linux patch deployment feature, you must ensure that you have a valid support and update subscription license with the different Linux distributions, wherever applicable. It is important that you provide the username/password details for a valid subscription account for the systems to be patched correctly.

 
Deploy Missing Patches

Deploy Missing Patches

Deploy Missing Patches
  • Schedule patch deployment
  • Deploy patches according to a preset baseline
  • Options to reboot or shutdown systems after deployment
  • Automatically sequence the deployment of multiple patches
  • Post a custom message in the system after patch deployment
  • E-mail deployment status reports
 

View Patch Details
  • Affected hosts list
  • Information on products it affects, severity, vulnerability etc.
  • Links to vendor websites
Patch Details
View Patch Details
 
Deploy Service Packs
Deploy Service Packs
Deploy Service Packs
  • Deployment of a service pack in multiple systems
  • Use an already downloaded service pack for deployment
  • Deployment timeout configurable
  • Schedule service pack deployment
  • E-mail service pack deployment status
  • View service pack deployment history reports
 
View Patches Dashboard
  • Network patch status based on severity
  • Top patches required for your network
  • Most vulnerable hosts based on missing patches
  • Recently released patches
Patches Dashboard

Vulnerability Management over the Internet

Consider scenarios where you have to manage

  • systems that are spread across different geographical locations or offices over the internet (applicable primarily to Service Providers)
  • laptops that are often disconnected from the network (mobile users on the move)
  • systems situated behind a NAT/PAT firewall or router (systems in different branches of an enterprise)

Security Manager Plus is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the Security Manager Plus Agents should be able to contact the Security Manager Plus Server over the web (using HTTP).

Enterprise Setup

Here is an example to illustrate how a Service Provider can setup Security Manager Plus Agents in the HTTPS mode to manage systems in different geographical locations.

A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.

Vulnerability Management over the Internet

The Security Manager Plus Server will reside in the SerPro network in Washington. The Security Manager Plus Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the Security Manager Plus Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the Security Manager Plus Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.

Network Security Scanner - Vulnerability Scanning

With increasingly sophisticated attacks on the rise, the ability to quickly mitigate network vulnerabilities is imperative. Vulnerabilities if left undetected pose a serious security threat to enterprise systems and can leave vital corporate data exposed to attacks by hackers. For organizations, it means extended system downtimes and huge loss of revenue and productivity.

Vulnerability Assessment is a process of identifying the effectiveness of an enterprise network's security posture. The process qualifies the type of assets in the network, the probable areas for compromise and how to remediate vulnerabilities and protect assets. The core function of Security Manager Plus, network security scanner, is vulnerability scanning & detection of industry-known vulnerabilities on network assets and to offer remediation solutions.

Security Manager Plus enables you to scan assets and asset groups, view vulnerable assets and their complete security information, e-mail scan reports and take appropriate action to safeguard your assets based on the remediation solutions provided.

PCI DSS Compliance Reporting

Payment Card Industry Data Security Standard (PCI DSS)

With e-commerce on the rise, there have been numerous financial transactions made online, many of which involve making credit card payments for purchases. This increase in online payments has subsequently resulted in the growth of cases involving credit card fraud. Card numbers and card holder data are sensitive information which need utmost protection so that misuse is prevented and information is secured.

Therefore as a strategic security measure, companies & vendors handling credit and debit card information now need to comply with stringent security standards drawn by major credit card companies like VISA, MasterCard, American Express etc. so that security breaches are prevented and card holder data is safeguarded. The standard to be followed is a set of security requirements known as the Payment Card Industry Data Security Standard (PCI DSS) and applies to all members, merchants and service providers that store, process or transmit cardholder data regardless of transaction type (point of sale, phone, e-commerce, etc.).

What is the PCI DSS ?

The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard comprise 12 general requirements designed to:

  • Build and maintain a secure network
  • Protect cardholder data
  • Ensure the maintenance of vulnerability management programs
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Ensure the maintenance of information security policies

This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/

Why should you comply to PCI DSS ?

Organizations that store and handle credit card information of their customers, irrespective of their size and nature of business, are always at a high risk of cardholder data misappropriation by criminals and other sources with malicious intent. Such security breaches will result in fines levied by credit card companies, litigations and loss in trust, and eventually business. Moreover, there is a deadline posed by credit card companies to achieve PCI DSS compliance and that is December 2007. Credit card companies levy huge fines up to $500,000 if businesses fail to comply to the PCI DSS within the stipulated time frame. Companies also run the risk of not being allowed to handle cardholder data if found non-compliant and having lost data. As a result, achieving PCI DSS Compliance is top priority for such companies.

How does Security Manager Plus fit in ?

Security Manager Plus can help you weigh the effectiveness of your organization's PCI DSS compliance efforts. It can automate the process of PCI DSS Compliance by scanning your network for vulnerabilities, determining if your network security is compromised and reporting whether the systems are compliant or not-compliant to the Payment Card Industry - Data Security Standards (PCI DSS).

Security Manager Plus enables corporate networks adhere to PCI DSS, by assessing many key requirements of the PCI DSS and furnishing compliance reports. PCI DSS compliance report in Security Manager Plus, presents the violations in your network from the requirements PCI DSS. This report is specially designed and generated in the format specified by the "Payment Card Industry Data Security Standard" available at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

Port Scanner - Open Ports Detection

Open ports leave your network exposed to malicious attacks by hackers or worms & trojans. An open port if detected by a hacker will be exploited, leading to a compromise in your network security. Studies have shown that a large number of security threats arise due to conditions like buffer overflow and denial of service attacks on open ports in enterprise networks.

Security Manager Plus as a port scanner, plays an important role in detecting and displaying all open ports on every discovered asset throughout the network. It uses TCP & UDP port scanning techniques to accurately detect them and the service running on these ports. A periodic scan and analysis of open ports will allow you take control so that loss or exposure of sensitive information in your network can be prevented.

Hardware and Software Inventory

In order to maintain a healthy security posture of your network, it is important that a record of the hardware and software resources in the discovered assets is tracked, lest the presence of an unwarranted inventory resource induces a probable security threat. Keeping track of inventory is one of the most tedious tasks for security administrators.

Security Manager Plus intelligently scans for Hardware and Software inventory details for all assets and reports them as a part of the scanned asset details. This automates the pain-staking task of manually auditing your inventory, at the same time ensuring that inventory resources in the network assets are in line with the company's security policies.

Hardware Inventory Hardware Inventory
  • System Manfacturer Info & Model
  • Processor & RAM Info
  • Drive & Network
  • Peripheral Info
  • Ports Info (COM, USB etc.)
Software Inventory Software Inventory
  • List of available software with version
  • Installed patches & updates
  • Windows services list with status

Windows Users and Groups

Knowing User accounts, their access privileges and other account details present in an asset namely number of logins, last logon time etc., provides sensitive security information that can be tracked to prevent unauthorized access. Similarly, the various User groups present in discovered assets and the members of each group, too add value to the risk identification process.

Security Manager Plus provides an easy to use dashboard with Windows Users and Groups information. A vulnerability scan on an asset with appropriate login credentials will display this information, which can also be converted into PDF or CSV formats for reporting and audit purposes.

Windows Users and Groups
Windows Users and Groups
  • View open ports list, protocol & service info
  • View the vulnerabilities that are exposed on these ports

Windows Change Management

In Windows systems, there are constant changes happening to files, folders and registry entries. Though many of these changes are due to normal processes like patch updates or system modifications, some of the changes could be the result of viruses or malicious hacker attacks that can introduce critical vulnerabilities to these Windows systems, that cause system downtime.

It therefore becomes imperative that some of the critical files, folders and registry entries are periodically monitored and the changes are kept track off during the normal vulnerability scan cycle. Change tracking and management aids largely in providing insights on the status of the entities (like files, folders or registry entries) and helps comparing against a preset baseline. This ensures IT Security staff that everything is in order and gives them control over vulnerabilities creeping into Windows systems due to unwarranted file/folder/registry changes.

In Security Manager Plus, Change Management of Windows machines is governed by Profiles. Profiles are nothing but custom templates that are defined by users to capture a list of important files, folders and registry entries that need to be periodically tracked for changes during every scan. Change tracking can be done on Assets or Asset Groups. Multiple profiles can be associated to the same asset or asset group.

Setting Baseline

By default, the details obtained from a File or a Folder or the values for a Registry key after the first scan on an asset, will be treated as the Baseline value for various parameters being tracked. However, this can be altered at any time and a baseline can be set to be a changed value.

Setting baselines is applicable for every entry under each category (files, folders or registry).

 
Change Management Profile Create Change Management Profile
  • Add specific files, folders & registry entries to a profile
  • Associate change management profiles to assets or asset groups
 
View Inventory Dashboard
  • Assets with most changes
  • Entities with most changes
  • Top 5 OS detected
  • Top 5 installed software
View Inventory Dashboard
 
Changes List for an Asset Changes List for an Asset
  • View the status of files, folders, registry entries tracked for an asset
  • Set Baseline for further change tracking
  • Associate more Change Management Profiles to an asset
 

Audit Reports

Reportsss are essential to provide insights on historical data, trends and to facilitate statistical analysis of network behavior. They are useful when security administrators have to submit periodic information on the security posture of the network to IT managers and auditors to make well-informed security decisions. Reports also ensure that the company's IT and regulatory policies are complied with.

Security Manager Plus comes with a set of comprehensive, canned reports to aid security administrators. There are also provisions to define custom reports based on select criteria. Reports can also be generated on vulnerability scan completion and sent to desired e-mail IDs. They can be exported to PDF or CSV format and can be imported by other reporting tools like Crystal Reports etc.

Security Consultants and Service Providers have the facility to rebrand reports from Security Manager Plus by changing the company logo and disclaimer messages. Some of the reports in Security Manager Plus are shown below for reference.

 
Executive Report Executive Report
  • Provides a high-level summary of scan results in rich graphical formats
  • Used by the executive to know the exposure level of the enterprise network to threats
 
Remediation Report
  • Provides a comprehensive report on the vulnerabilities with links to solutions for fixing the problem
  • Used by the System Administrators to prioritize vulnerability resolution
Remediation Report
 
Differential Report Differential Report
  • Compares and provides a detailed report on the difference in security postures of the network and assets on two different scans
 
Service Packs and Patches Report
  • Provides a detailed listing of all the missing service packs and patches on the selected assets.
Service Packs and Patches Report
 
View File & Registry Change Report View File & Registry Change Report
  • Presents a report for a list of assets or groups displaying the status of changes
  • Used by System Administrators to monitor and track file & registry changes

Vulnerability Database

Vulnerabilities are constantly on the rise as hackers are getting smarter by the day. A network security scanner like Security Manager Plus needs to be in tune with the most recently discovered vulnerabilities and patch information, so that it can identify the latest vulnerabilities in your network as well as remediate them.

Security Manager Plus has a comprehensive database of industry-known vulnerabilities from trusted sources like CVE, SecurityFocus, SANS etc. and also maintains it patch database information from sites like Microsoft, Red Hat & Debian. Vulnerabilities are classified into predefined vulnerability groups based on :

  • services they affect like HTTP, Telnet, IMAP etc.
  • operating systems like Windows
  • device categories like Cisco
  • application servers like Mail servers, Database Servers (MSSQL, MySQL, Oracle), Web Servers
  • others like CGI abuses, SANS Top 20 vulnerabilities

The vulnerability database is frequently updated with new signatures so that you can ensure full security from recently released vulnerabilities.

Vulnerability Knowledge Base Vulnerability Knowledge Base
  • Obtained from trusted sources like CVE, SANS etc.
  • Frequently updated with latest signatures
  • New Update Availability notification in Security Manager Plus web interface
Patches Knowledge Base
  • Latest bulletin releases from Microsoft
  • Support for more than 26 OS languages and applications
  • Contains both security and non-security patches for Windows
Patches Knowledge Base

 

Login Form