Assuria Auditor - Key Features

Vulnerability Assessment

Assuria Auditor utilises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructure up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.  

Regulatory Standards Compliance

The comprehensive built-in security database includes mappings of each of Assuria Auditor’s 2500+ security configuration checks to appropriate references within a range of standards such as ISO 27001, GPG-13, BS17799, PCI-DSS, SOX, GCSX CoCo and others. This makes it easy to assess server compliance against these standards. Detailed remediation instructions enable even inexperienced system administrators to quickly bring systems up to the level of compliance needed. Powerful reporting also provides verification to satisfy internal and external auditors. CVE and BID references are also provided, with CVSS scores where appropriate.

Internal Policy and Build Standards Compliance

As well as monitoring compliance with external standards and accepted best practice in security configuration, Assuria Auditor can easily be customised to allow users to adjust checks and policies and write new checks to match the specific requirements of an organisation’s own security policy, thus ensuring full compliance. In the same way, Assuria Auditor can be configured to assess the build configuration of systems against internal build standards so as to ensure that systems are configured to corporate standards prior to rollout.  

Change Detection and File Integrity Monitoring

System administrators and corporate network management systems can be alerted to unexpected or un-authorised configuration changes, or changes to critical system elements and applications. Powerful change detection management features allow rapid assessment and reporting of suspicious or potentially troublesome changes. Change detection can be applied to whole systems and subsystems (i.e. Baselines) or specific resources such as individual files, folders or executables (i.e. File Integrity Monitoring).

Automated operations and alerting

Assuria Auditor has a powerful bult-in scheduling subsystem which allows scanning and integrity checking operations to be fully automated. Once systems have been brought up to the required level of security configuration, for the most part, scanning operations should be looking for exceptions and suspicious changes to critical system components (for example with file integrity checking) and these operations can be fully automated and scheduled. Checks can also be configured to raise alerts in a number of formats and using various alerting processes.

Inventory Reporting

Assuria Auditor provides powerful inventory assessment and reporting features, listing all hardware and software components installed, active services, open ports and much more, greatly assisting asset managers and internal auditors. Why buy a separate inventory reporting system when Assuria Auditor gives you these features as well!

Assuria Auditor Information Manager (AIM)

The Assuria Auditor results database contains vast amounts of valuable and hard to get system information that until now was a hidden goldmine. Now this resource is accessible via AIM – a powerful and easy to use analysis and reporting feature. Please follow the link to the AIM specification page at left.

Extensible Knowledge Base

Assuria Auditor offers huge flexibility and extensibility. The built-in knowldge base of vulnerability tests, patch checks, compliance assessment checks and security best practice can be extended through a simple to use interface, even allowing addition of entirely new checks, modified checks and creation of custom policies.