We provide services compliant with strict technical, structural, and security standards
Configuration integrity and IS compliance
Organisations with complex IT environment often do not actually know if their information systems, including network infrastructure, are set in an appropriate manner.
This is a result of following factors:
- Extremely demanding manual or semi-automatic daily status check of all the important features within the complex environment, whereas this check is impossible to carry out when FTE plays an important role as far as operation costs are concerned,
- An attacker changes the configuration or executable files covertly,
- While trying to solve a problem, an authorised privileged user carries out such changes that sort out the current problem but actually create even a more serious one,
- If administrators are fully occupied, carrying out the changes and sorting out the problems take necessarily the precedence over the documentation of the changes.
As a consequence, apart from operation problems, significant security risk emerges which could have been prevented if the appropriate configuration of existing features had been maintained. To cover the risk, there are additional investments in other components which increase the configuration complexity of the environment even more.
Our solution includes supplied services and systems that provide an automatic check of the configuration changes as well as verification against the best practices.
- automatic verification of the configuration against the standards or "best practices" recommendations, which assists in preventing new security problems and enables to demonstrate the compliance with the standards
- complex overview of the configuration changes in compliance with the best practices
- sources for identification of possible risks necessary for meeting the objectives of security audits
Needs analysis and a proposal of the solution
It provides a complex overview of the configuration status and compliance of the information systems
It does not actively influence the operation
It enables an automatic detection, evidence and storing of the configuration or objects change, including details of the change
It enables a retrospective display of the configuration status of particular systems within an outlined time interval
It provides outputs, applicable as potential sources for security and compliance audit
Minimum requirements for human resources