Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION

Data Center Automation 2018.05 is here! Are you mitigating risks and maintaining compliance?

meganglick Trusted Contributor.
Trusted Contributor.
0 0 646

Managing compliance in today’s Hybrid-IT world has become an extremely complex task.  Not only has the number of external security and regulatory benchmarks grown immensely over the past decade, but new innovations and forms of technology like Open Source, Containers, Cloud and more have created additional layers for IT to manage and ensure compliance on.  Complexity is compounded because different teams often use different tools and processes to manage their individual environments, expounding the difficulty for Central IT to have an accurate, complete picture.   

Amazingly a large number of enterprises still lack an actual strategy to address and mitigate these security threats and software vulnerabilities.  In ENTERPRISE MANAGEMENT ASSOCIATES (EMA) 2018 white paper “Compliant IT Operations for Hybrid Cloud, DevOps, and Containers, Torsten Volk notes that of 301 enterprises surveyed, 52 percent admitted to having no solid compliance plan in place, which can lead to large lapses in compliance.

 FireEye’s latest M-Trends report, which aggregates incident response investigations over the prior year, reported the median amount of time to discover a breach is 101 days—a lot of time for an infrastructure system to be vulnerable and at risk.  If central IT can’t ensure the detection and remediation of these breaches in a timely manner, the consequences to the business can be far-reaching and extremely detrimental.  We’ve all seen the headlines time and again, this type of breach is not only costing company’s money in the way of fines, but also in brand equity and reputation.

The Micro Focus Data Center Automation solution aims to tackle these challenges. This is accomplished by detecting and remediating patch vulnerabilities and regulatory and enterprise compliance risks across multi-vendor servers, databases, and middleware. Data Center Automation offers risk and vulnerability dashboards that provide a snapshot of compliance across the data center on demand.

The DCA compliance dashboard helps assess the:

  • Level of compliance in the data center
  • Efficiency of the remediation process
  • Compliance failures across the data center

The risk dashboard shows near-real time patch vulnerability data across servers, database, and middleware.ComplianceDashboard.png

 Figure 1.1: The DCA compliance dashboard provides an overall snapshot of compliance across the data center.RiskDashboard.png

 Figure 1.2: The DCA risk dashboard provides patch vulnerability data across the data center.

 

We adopted Agile Development principals over a year ago, and since then we have continued to enhance and build upon our compliance capabilities. Following this methodology, we recently announced the general availability of DCA 2018.05

This latest release features:

  • Static Patching for Linux and Windows: Selectively manage a highly-OS patching process for RHEL and Windows Server operation systems, which limits the potential for change-related application outages in a large-scale production environment. Static patching also provides additional control to explicitly sub-select individual patches for updating.
  • Enhanced Compliance Benchmark Content: Support for DISA Security Technical Implementation Guides (STIGs) and ISO-27001 for tier 1 OS resource types including scanning and auto-remediation. Support for Microsoft SQL Server 2017 for compliance auditing and auto-remediation.
  • System Backup and Restore: Backup and restore all configuration state, databases, and automation content as one single backup image.

For more information on the 2018.05 release and other recent releases, visit our DocOps site.

Additional Resources:

Master regulatory compliance and patching across the enterprise

www.microfocus.com/dca

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.