Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Is the CMDB the new tool for SecOps? Find out how automatic discovery can help

doronorbach Honored Contributor.
Honored Contributor.
4 5 1,287

CMDB and SecOps.PNG

 

 

When you think about CMDB and discovery tools, security and compliance might not be the first words that come to mind. The standard use cases usually relate to having a role in the ITIL process, helping you better manage changes, incidents, or providing the data that is required to manage your software licenses to help stay compliant


Recent market trends prove that security might be a prime use case for your CMDB. At a basic level, this makes a lot of sense. When the CMDB is being fed by an automatic discovery tool (like Universal Discovery) that feeds it with comprehensive and up-to-date information about the data center, it can easily be leveraged as a powerful tool for the security groups in your organization.

Here are a few examples of data that is discovered automatically, and can be of clear benefit to SecOps:

  • Is vulnerable software _____ deployed on my environment? If so, which servers it is deployed on, what is their location, and who are their owners?
  • Does my ‘car reservation’ system contain any servers that might be vulnerable by the affected software?
  • What are the changes that happened to a specific device or service in the last day?
  • Where do I have open ports?
  • Do I have any of this vulnerable version of the operating system deployed?
  • Have any of my servers drifted from a pre-defined secured baseline?

These are just examples of discoverable data. The broader the discovery is in terms of the systems discovered (servers, network, storage and even workstations and desktops), the deeper the content is (discovery of configuration, resources such as interfaces, ports, software and dependencies to other system), and more useful the CMDB information is to the security teams.

A recent customer example of using CMDB as the foundation for SecOps is America First Credit Union (AFCU). They are monitoring over 3M CIs and 1500 servers across 120 locations. Security in the financial services industry is paramount, and AFCU was able to successfully use UCMDB to power their SecOps program as well. Check out the video below for more information:

So while your CMDB is likely not going to replace your security tools, it can serve as an important asset to complement data that is required by the security groups. It is also another good way to leverage the investment of collecting this critical data across any IT program.

 

5 Comments
MukeshP
Not applicable

CMDB is all in one discovery tool

SKAZAL_ Super Contributor.
Super Contributor.

CMDB can augment your existing security tools by integratig data from your ICS,  SIEM and vulnerability scanners to provide risk assessment insight from a business application perspective.  This becomes even more powerful when you consider using CMDB's impact analysis to assess potential attack vectors of high value assets. 

Clarke Drummond
Not applicable

Fantastic!

Micro Focus Expert
Micro Focus Expert

Wow! Never thought about such powerful capability

Victor M
Not applicable

Thanks for sharing. It's great to hear about such use cases.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.