| Quarterly Newsletter - Vol 1 Issue 6 |
January 29th, 2008 |
|
In this issue:
|
Greetings from Secure Vantage Technologies.
Happy New Year from all of us at Secure Vantage Technologies, and welcome to our first newsletter of 2008.
Last year saw the launch of several new Microsoft System Center technologies, and we are pleased to continue extending our Compliance Security Suite along with this growth. At IT Forum in November we launched support for System Center Configuration Manager with our new DCM Optimization solutions, providing quick configuration assessments of Windows environments in relation to specific regulations and standards.
This month we are announcing availability of a new Audit Collection Syslog Gateway. This gateway allows companies using Microsoft Operations Manager to integrate Unix, Linux and other syslog events into the ACS data repository. If you have non-Windows devices and are considering ACS for Windows security collection, you need to check this out.
In addition to these new solutions, we have also released a number of package updates over the past few months which include additional guidance, support for 64bit Windows environments and refresh for Operations Manager SP1. This year we're also opening our new EMEA office in London, UK. Stay tuned as we continue to extend solution support, scope and depth in 2008. You’ll find continual updates and lots of great info on our new Team Blog.
We hope you enjoy reading this newsletter and find the information useful. If you have any general comments, or know of anyone who would like to be on the circulation list and is not currently receiving it, please send us an email at info@securevantage.com or contact me directly at jbeckett@securevantage.com
Cheers,
Jeremiah Beckett
President, Secure Vantage Technologies, Inc.
www.SecureVantage.com
|
Secure Vantage Update: Compliance Security Suite extends support to System Center Configuration Manager and Syslog devices
Volume 1, Issue 6 January 29th 2008
In this Issue
How to audit Syslogs with ACS
Many customers have asked us if our ACS reporting solutions support non-Windows event sources. Historically we’ve provided support via 3rd party partners and an SDK, but this method did not provide the ease of use or out-of-box features we wanted to bring our customers.
To address this need we have released the Audit Collection Syslog Gateway, allowing customers to centralize all syslog events in ACS. This enables centralized audit reporting across platforms and applications, including consolidated collection, storage and archiving of that data as well.
Our solution requires no additional software on the Unix or Linux machine. Customers simply deploy the Audit Collection Syslog Gateway MP to one or more Windows Servers and then configure syslog devices to forward events to the gateway server. The data is then collected via ACS and integrated into the Secure Vantage archiving, operations and reporting infrastructure. The use of a gateway is transparent to ACS; ACS treats the data from the Unix and Linux sources exactly as if the source were a Windows Security Log.
So for those customers looking to leverage the power of ACS and our reporting solutions for non-Windows, we’re pleased to say now you can. Contact us today to learn more.
PCI Compliance with System Center
When it comes to regulatory compliance and IT auditing, organizations require solutions that support a wide range of technology and cater to specific auditing needs. Many regulations and standards, like the Payment Card Industry Data Security Standards (PCI-DSS), have very specific audit and process requirements that must be adhered to in order to maintain compliance. In some cases compliance is optional; in others, like PCI, it’s required. Very often organizations are mystified by the range of requirements associated with PCI and even more so by the approved solutions and methods to support it. The PCI Advisory Council does have a certification processes for vendors who provide technology and/or audit services, but organizations must often go to a number of software vendors to meet all their PCI needs, and unfortunately the metrics each vendor uses for testing may deviate, making it even harder to create an integrated solution.
So how does adding Secure Vantage Technologies and System Center help end user organizations meet their PCI auditing requirements?
PCI is concerned with data protection and integrity. Most of the IT controls focus around change and configuration auditing for both operating systems and applications where customer information is stored or processed. Microsoft’s range of System Center solutions provide key infrastructure to support your configuration management, data protection, operations, security and virtualization needs. Secure Vantage Technologies extends this foundation, tailoring those technologies to the specific needs of individual regulations and standards. For example, PCI DSS Control 10.2 requires collection and storage of all security events for a minimum of 90 days. System Center Operations Manager provides facilities via ACS to collect and store all Windows security events. Secure Vantage Technologies provides PCI-specific audit reports and guidance for Windows operating systems.
Visit our PCI Overview page to learn more about how we support PCI auditing with System Center .
New Solutions for Desired Configuration Manager
We’re pleased to announce we have extended our Compliance Security Suite to provide auditing solutions for System Center Configuration Manager. This new offering enhances the Desired Configuration Manager component to provide snapshot auditing of specific regulation controls for quick assessment and risk analysis. Customers can quickly roll-out a preconfigured baseline and then audit Windows Server and Windows client settings. Using the reporting and guidance libraries included with our solution, non-compliant controls are identified and collected for analysis, allowing detailed drilldown of individual regulations or standards to the specific risks and breaches.
In addition to our compliance libraries, we are also releasing a DCM Resource Kit that includes a range of PowerShell-based scripts for SCCM administrators. This Resource Kit automates routine tasks like Importing CIs to folders and mass deleting CIs.
Rather than creating yet more licensing requirements, adding complexity and cost, we have decided to include access to this new DCM solution in our standard Audit Management License (AML). This will ensure that Microsoft customers get the maximum value out of their investment in System Center and Secure Vantage Technologies for their regulatory compliance auditing requirements.
These solutions will be available for customer trial in March. Learn more about >DCM Optimization.
ACS Deloyment Best Practices
Since last March we’ve assisted with over 50 ACS deployments and have identified many common practices for improving deployment success and long term system health. To assist the community in planning ACS deployments, we’ve launched a range of guides to cover ACS best practices, optimization, noise filtering, archiving and historical reporting. The following guides are currently available:
- ACS Arching & Historical Reporting Planning Guide, click here
- ACS Archive Planning Worksheet (ROI Calculator), click here
- ACS Noise Filter Guide, click here
We strongly recommend anyone planning an ACS deployment review these guides and use them as appropriate to help build an environment that meets your specific audit requirements.
In addition to these guides, we are planning to release additional KB articles and have launched a new team blog to further support the community.
Secure Vantage partners with Microsoft Group Policy and Compliance Experts
Secure Vantage Technologies is pleased to announce new partnerships with Microsoft Group Policy MVP Jeremy Moskowitz, www.GPAnswers.com, and Industry Compliance Expert Tony Noblett, www.Socair.com.
Secure Vantage will leverage their expertise and training content to enrich knowledge base articles and guidance provided in our Compliance Security Suite. This enables customers to have both best practices and expert guidance on common configuration and troubleshooting topics around Group Policy and more granular regulatory compliance content. These partnerships provide more training and consulting resources for Secure Vantage customers, which helps reinforce the fundamentals behind using our solutions. Both of these partners provide a lot of value in the field, and we look forward to introducing their content throughout our solutions this year.
This section is being retired and replaced by our new Team Blog! Visit this page to learn about our best practices, general support, product updates, lessons from the field and much more.
April 27th – May 2nd : Las Vegas NV , MMS 2008 – Gold Sponsor, Register and sign up for session SR41
Secure Vantage is continually investing in new auditing technologies. This year we continue to extend our auditing scope with the introduction of more application security auditing, reporting technologies and compliance knowledge. If you’re interested in learning more about our solutions under development or participating in our Early Adopter Program please contact us.
|
|
© 2008 Secure Vantage
Technologies
Inc. |
|
|
News & Events
Press Release 07/08/08: Secure Vantage Technologies and Infront Consulting join forces to offer free training and education series for the Audit Collection Service
Press Release 05/21/2008: Secure Vantage Technologies partners to create a Security Management Partner Solutions bundle for System Center customers
Read more
|