Server Security Assured with Assuria Auditor
Assuria Auditor provides automated Vulnerability Assessment and Configuration Assurance for servers and endpoints through a blend of Resident Agent and Remote Agentless scanning approaches.
- Server hardening
- Vulnerability Assessment
- Compliance Assessment
- Change detection
- Inventory Reporting
Evolved over a period of 15 years, Assuria Auditor is used by central government agencies, financial services companies, local authorities, education organisations and other commercial organisations in more than 30 countries worldwide.
As a software only solution, employing a unique blend of agent based and agentless scanning techniques and probably the widest system coverage in the industry, Assuria Auditor forms a critical element of the IT security infrastructure for some of the largest organisations in the world.
- Vulnerability Assessment - Assuria Auditor utilises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructure up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.
- Regulatory Standards Compliance - The comprehensive built-in security database includes mappings of each of Assuria Auditor’s 2500+ security configuration checks to appropriate references within a range of standards such as ISO 27001, GPG-13, BS17799, PCI-DSS, SOX, GCSX CoCo and others. This makes it easy to assess server compliance against these standards. Detailed remediation instructions enable even inexperienced system administrators to quickly bring systems up to the level of compliance needed. Powerful reporting also provides verification to satisfy internal and external auditors. CVE and BID references are also provided, with CVSS scores where appropriate.
- Internal Policy and Build Standards Compliance - As well as monitoring compliance with external standards and accepted best practice in security configuration, Assuria Auditor can easily be customised to allow users to adjust checks and policies and write new checks to match the specific requirements of an organisation’s own security policy, thus ensuring full compliance. In the same way, Assuria Auditor can be configured to assess the build configuration of systems against internal build standards so as to ensure that systems are configured to corporate standards prior to rollout.
- Change Detection and File Integrity Monitoring - System administrators and corporate network management systems can be alerted to unexpected or un-authorised configuration changes, or changes to critical system elements and applications. Powerful change detection management features allow rapid assessment and reporting of suspicious or potentially troublesome changes. Change detection can be applied to whole systems and subsystems (i.e. Baselines) or specific resources such as individual files, folders or executables (i.e. File Integrity Monitoring).
- Automated operations and alerting - Assuria Auditor has a powerful bult-in scheduling subsystem which allowsscanning and integrity checking operations to be fully automated. Once systems have been brought up to the required level of security configuration, for the most part,scanningoperations should be looking for exceptions and suspicious changes to critical system components (for example with file integrity checking) and these operations can be fully automated and scheduled. Checks can also be configured to raise alerts in a number of formats and using various alerting processes.
- Inventory Reporting - Assuria Auditor provides powerful inventory assessment and reporting features, listing all hardware and software components installed, active services, open ports and much more, greatly assisting asset managers and internal auditors. Why buy a separate inventory reporting system when Assuria Auditor gives you these features as well!
- Assuria Auditor Information Manager (AIM) - The Assuria Auditor results database contains vast amounts of valuable and hard to get system information that until now was a hidden goldmine. Now this resource is accessible via AIM – a powerful and easy to use analysis and reporting feature.
- Extensible Knowledge Base - Assuria Auditor offers huge flexibility and extensibility. The built-in knowldge base of vulnerability tests, patch checks, compliance assessment checks and security best practice can be extended through a simple to use interface, even allowing addition of entirely new checks, modified checks and creation of custom policies.
Assuria Auditor is almost unique amongst vulnerability scanning solutions in offering both resident software agent and agentless credentialed scanning and assessment features. Unobtrusive, self contained resident agents operate autonomously, using central controller facilities only for policy or knowledge base updates and for uploading scan results.
Agentless, credentialed scanning allows deep assessment of target systems without the need to install agents. Using securely managed credentials (username and password) Assuria Auditor RA scans systems using the same built-in policies and checks as the resident agents.
Scan results are stored in the Assuria Auditor Console Database, where analysis, reporting and remediation management is also handled. Many hundreds of resident agents can be managed from a single console.
Assuria Auditor provides the industry's widest range of platform support, with powerful yet compact software agents available for the following platforms:-
Assuria Auditor agents:
- MS Windows Server 2003
- MS Windows Server 2008 (incl. R2)
- MS Windows Server 2012 (incl. R2)
- Solaris SPARC 8, 9, 10, 10 x86 and 11
- AIX 5.1+, 6.1
- HP-UX – PA-RISC and ITANIUM 11+
- Red Hat Enterprise Linux 3, 4, 5 & 6
- SuSE Enterprise Linux X86 9, 10 & 11
- SuSE Enterprise Linux 10 IBM Z series
- VMware ESX 3.5
- MS Windows 2000 (under special arrangements only)
- Windows NT (under special arrangements only)
- Solaris SPARC 7 (under special arrangements only)
The Assuria Auditor Console Version 4.2.8 is supported on:
- MS Windows Server 2003
- MS Windows Server 2008 (incl. R2 x64)
- MS Windows Server 2012 (incl. R2)
The Assuria Auditor Console supports the following underlying databases
- MS SQL Server 2005
- MS SQL Server 2008