Device Hardening & Continuous Compliance Monitoring
NNT Change Tracker™ addresses all your device hardening requirements.
Trusted by hundreds of organizations around the world, NNT Change Tracker™ will automatically audit your entire estate – Servers, Database systems, Firewalls and network devices – against auditor-verified hardening checklists. Within just a few minutes you can have a full assessment of how secure your IT estate is, what needs to be done to address any vulnerabilities and how security can be improved further.
Where NNT Change Tracker™ provides a significant advantage over traditional scanning solutions is that configuration changes are monitored in real-time and on a continuous basis. This means that not only is the initial hardening process greatly simplified, but the on-going maintenance of a hardened build standard is now straightforward too. Scheduled, automated reports as well as real-time alerts will identify any weakening of security, but also show how newly introduced vulnerabilities can be mitigated.
Importance of Configuration Hardening
Using a server, database or network device with default settings in place is an open door to automated computer attack programs. It is vital therefore that a comprehensive security hardening checklist be applied to all devices in your estate.
The good news is that there are numerous reference sources for such checklists – The SANS Institute, NIST, the Center for Internet Security, Microsoft and Oracle all publish hardening best practise checklists, and there are numerous other guides and forums across the internet to help.
The problem is that the checklists are long, complex to understand and time-consuming to implement, even for one server, let alone a whole estate. A typical checklist for an operating system like Windows or Linux will run into hundreds of tests and settings.
Even then, once a hardened build standard has been implemented, the need to regularly – ideally continuously – verify that the server, database or device is being maintained within compliance of your hardened build standard is vital if security is to be enforced.
NNT Change Tracker™ allows you to define your own Hardened Build Standard for all devices, combining best practise in security configuration with your organizations’ specific application and operational requirements.
The solution provides:
- Out of the box PCI DSS, ISO 27000, SOX and other compliance reports
- The ability to create your own hardening template and apply it easily across your estate
- Continuous automated vulnerability auditing
- Easy to read assessment reports, on-demand or as part of a scheduled emailed report
- Compliance score sheet per device or for groups of devices, with drill-down option to see exactly where vulnerabilities exist
- The facility to track any changes to the state of IT systems with planned versus unplanned change reporting
- Compliance reports combined with extended templates to monitor the health, performance, set up, file and registry integrity along with local security policies, installed software and user accounts
- The capability to schedule planned changes with the reassurance of a ‘closed loop change management system’ that reports on ‘what actually changed’ and who made the changes
NNT covers all popular platforms such as:
- Windows, all versions
- Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat
- Unix, all versions including Solaris, HPUX, AIX
- VMWare, all versions including ESXi
- Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL
- Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper and Checkpoint
Security Standards and Corporate Governance
All security standards and Corporate Governance Compliance Policies such as PCI DSS, GCSx CoCo, SOX (Sarbanes Oxley), NERC CIP, HIPAA, HITECH, ISO27000 and FISMA require Windows and Unix servers, workstations, firewalls, routers and switches to be secure and configured properly in order to protect and secure confidential data. NNT Change Tracker™ ensures that systems remain in a secure state at all times with an evolving baseline linked to each properly executed planned change.
A hardened system is one that is fundamentally secure and rendered hack-proof. Hardening a device requires known security ‘vulnerabilities’ to be eliminated or mitigated. A ‘vulnerability’ is any weakness or flaw in the software design, implementation or administration and configuration of a system, which provides a mechanism for a threat to exploit the weakness of a system or process.
Security best practise (as an example, the PCI DSS), determines that all ‘within scope’ sites are scanned for vulnerabilities every quarter. This gets expensive in a large scale, multi-site estate, as well as being a time-consuming management overhead. Perhaps the biggest issue is that the results of any scan are only accurate at that point in time – any configuration changes made after the scan could render devices vulnerable and in a worst case scenario, devices could be left vulnerable to attack for a 3 month period.
Fortunately the solution is readily available – NNT Change Tracker™ will continuously track configuration changes, which is the only real way to guarantee the security of your IT estate is maintained. At any time you can see the Compliance Score of any server, database or network device and also, which settings need to be changed to re-harden the configuration. Any changes made will be reported, including Planned Changes, which are handled using NNT Change Tracker™ unique ‘Closed Loop Change Management’ process.
We have used NNT to help deliver our log management requirements for the code of connection and we are pleased that we chose NNT to work with us. NNT are always helpful and we look forward to working with them on future projects"
Andy Nix – ICT Service Manager Computer - South Kesteven District Council
Very good change management tool, priced right and full of appropriate functionality.
A lot of functionality and reporting features at a reasonable cost.