Comprehensive Security Configuration Reporting
NetIQ Secure Configuration Manager provides the industry's first solution that covers all aspects of the evolving vulnerability management process. It provides you with all of the tools necessary to effectively manage your information security environment—from notification and advisory services that provide you with the latest in vulnerability alerts to patch and configuration remediation that ensures you are protected against those vulnerabilities.
Notification and Advisory
Though security products depend on current, up-to-date knowledge to maximize results; researching and compiling new vulnerabilities and keeping up with Microsoft patch databases will give you gray hair. NetIQ has teamed with National Vulnerability Database to provide you with the latest information on vulnerabilities and exploits through our AutoSync capabilities in Vulnerability Manager. AutoSync provides a common pipe for publishing and delivering vulnerability knowledge as well as other security-related content including patch databases, regulation templates and even sample policy templates. AutoSync can be configured to pull new updates hourly, daily or in the middle of the night to ensure that your vulnerability scans aren't using stale knowledge.
Policy and Regulatory Compliance Auditing
Today, companies not only face difficulties enforcing corporate security policies, but now they must also meet security requirements from vague government regulations. Companies must now be much more proactive and thorough in their security audits. NetIQ Secure Configuration Manager provides the tools necessary to audit security controls across a heterogeneous environment, ensuring compliance with company policies and regulations. NetIQ provides thousands of out-of-the-box checks to evaluate the most common security controls. Additionally, NetIQ Secure Configuration Manager provides templates organized by regulations such as Sarbanes-Oxley, HIPAA, FERC and GLBA or by best practices such as SANS Top 20, Center for Internet Security, workstation hardening and other operating system baselines. Controls assessments can be run as-needed or scheduled to occur regularly to ensure on going policy compliance. Risk-based reports highlighting your most critical and most at-risk systems, provide executive-level summaries and supply the information necessary for taking corrective actions. Delta reports enable you to quickly and easily know what has changed on a system since the last audit. This is a great "last step" in a compliance remediation project to verify that the necessary changes have been put in place.
Vulnerability Scanning
NetIQ takes a unique approach by not only providing the vulnerability alert content, but also including actionable vulnerability templates that enable you to immediately assess your environment to determine which systems are exposed to the vulnerability and which systems have already been exploited.
As the vulnerability matures, AutoSync will automatically keep you apprised of any updates to the vulnerability content and the vulnerability signature. Even though you may have prevented the exploit, you should still periodically check for any regression to your system. Better yet, roll the vulnerability signatures into your technical standards to optimize your policy compliance efforts.
Patch and Configuration Management
Reduce the risks in your environment by being sure that your systems are up to date with the latest vendor security patches. NetIQ Secure Configuration Manager has the power to identify missing patches on Windows, Unix and Linux platforms. Moreover, NetIQ Secure Configuration Manager assists patch management efforts on Windows workstations and servers by assessing automatic update settings and identifying patch installation failures and other events related to patch deployments—all from a central console. NetIQ Secure Configuration Manager enables you to effectively remediate exceptions from policies by providing detailed recommendations and, in many cases, the ability to take action directly from the console. Specifically, it enables users to manage user and group accounts, modify security policies or change file and share permissions directly from the console. Many actions can be taken directly in response to policy violations or discovered vulnerabilities.
