Managing compliance in today’s Hybrid-IT world has become an extremely complex task. Not only has the number of external security and regulatory benchmarks grown immensely over the past decade, but new innovations and forms of technology like Open Source, Containers, Cloud and more have created additional layers for IT to manage and ensure compliance on. Complexity is compounded because different teams often use different tools and processes to manage their individual environments, expounding the difficulty for Central IT to have an accurate, complete picture.
Amazingly a large number of enterprises still lack an actual strategy to address and mitigate these security threats and software vulnerabilities. In ENTERPRISE MANAGEMENT ASSOCIATES (EMA) 2018 white paper “Compliant IT Operations for Hybrid Cloud, DevOps, and Containers”, Torsten Volk notes that of 301 enterprises surveyed, 52 percent admitted to having no solid compliance plan in place, which can lead to large lapses in compliance.
FireEye’s latest M-Trends report, which aggregates incident response investigations over the prior year, reported the median amount of time to discover a breach is 101 days—a lot of time for an infrastructure system to be vulnerable and at risk. If central IT can’t ensure the detection and remediation of these breaches in a timely manner, the consequences to the business can be far-reaching and extremely detrimental. We’ve all seen the headlines time and again, this type of breach is not only costing company’s money in the way of fines, but also in brand equity and reputation.
The Micro Focus Data Center Automation solution aims to tackle these challenges. This is accomplished by detecting and remediating patch vulnerabilities and regulatory and enterprise compliance risks across multi-vendor servers, databases, and middleware. Data Center Automation offers risk and vulnerability dashboards that provide a snapshot of compliance across the data center on demand.
The DCA compliance dashboard helps assess the:
- Level of compliance in the data center
- Efficiency of the remediation process
- Compliance failures across the data center
The risk dashboard shows near-real time patch vulnerability data across servers, database, and middleware.
Figure 1.1: The DCA compliance dashboard provides an overall snapshot of compliance across the data center.
Figure 1.2: The DCA risk dashboard provides patch vulnerability data across the data center.
We adopted Agile Development principals over a year ago, and since then we have continued to enhance and build upon our compliance capabilities. Following this methodology, we recently announced the general availability of DCA 2018.05.
This latest release features:
- Static Patching for Linux and Windows: Selectively manage a highly-OS patching process for RHEL and Windows Server operation systems, which limits the potential for change-related application outages in a large-scale production environment. Static patching also provides additional control to explicitly sub-select individual patches for updating.
- Enhanced Compliance Benchmark Content: Support for DISA Security Technical Implementation Guides (STIGs) and ISO-27001 for tier 1 OS resource types including scanning and auto-remediation. Support for Microsoft SQL Server 2017 for compliance auditing and auto-remediation.
- System Backup and Restore: Backup and restore all configuration state, databases, and automation content as one single backup image.
For more information on the 2018.05 release and other recent releases, visit our DocOps site.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.