We would find it valuable to be able to capture and report on the status of simple security settings and applied patches on discovered devices. Specifically a list of all installed patches, status of firewall (on/off), disk encryption, firewall rules, anything else that's relevant? This could be used for compliance reporting and a would make a great feature for a "security" widget.
I've attached a picture of VMWare's Airwatch implementation, simple but effective.
Benefits / Value
Having the capability to quickly and easily report on applied patches and security settings across discovered devices would provide value when major vulnerabilities are released or prior to an audit. Although this capability exists in many other desktop management tools, it seems straight-froward to bring it into CMDB and it would provide clients with peace of mind knowing their respective environments are up-to-date.
To avoid clutter with installed applications, KB's and patches should exists as their own CI Type. This way you can do things such as integrate installed software with Asset Management and/or Service Management but not clutter those databases with large amounts of patch data by exluding the "patch CI type".
Other security settings could be captured as attributes of a node.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.