Assuria Auditor Overview

Configuration Assurance. Vulnerability Assessment. Change Detection. Compliance.

Assuria Auditor is deployed in hundreds of government agencies and commercial enterprises to minimise information risk, improve security controls and comply with industry standards. Assuria Auditor provides deep configuration and vulnerability scanning, inventory reporting, compliance assessment and powerful change detection through an extensible and flexible architecture. It provides vital information assurance and protection for critical business servers and helps maintain systems in a secure ‘known state’.

Assuria Auditor is a market leader in countering the ‘insider threat’ to business integrity and a key solution for managing compliance to regulatory standards such as ISO27001, GPG-13 and PCI -DSS. Using a flexible, distributed management framework, Assuria Auditor measures, manages and reinforces server security policies and security good practice using a host-to-network view of critical systems, assessing security controls, detecting and reporting system security weaknesses and providing remediation advice.

Vulnerability Assessment

Assuria Auditor utlises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructures up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.  

Automated operation and alerting

Assuria Auditor has a powerful bult-in scheduling subsystem which allows scanning and integrity checking operations to be fully automated. Once systems have been brought up to the required level of security configuration, for the most part, scanning operations should be looking for exceptions and suspicious changes to critical system components (for example with file integrity checking) and these operations can be fully automated and scheduled. Checks can also be configured to raise alerts in a number of formats and using various alerting processes. 

Change Detection

System administrators and corporate network management systems can be alerted to unexpected

or un-authorised configuration changes, or changes to critical system elements and applications. Powerful change detection management features allow rapid assessment and reporting of suspicious or potentially troublesome changes.

Inventory Reporting

Assuria Auditor also provides powerful inventory reporting features, listing all hardware and software installed and much more, greatly assisting asset managers and internal auditors.

Extensible Knowledge Base

Assuria Auditor offers huge flexibility and extensibility. The built-in knowldge base of vulnerability tests, patch checks, compliance assessment checks and security best practice can be extended through a simple to use interface, even allowing addition of entirely new checks, modified checks and creation of custom policies.