VANGUARD INTEGRITY PROFESSIONALS Page 1

Similar documents
DATA SHEET VANGUARD CONFIGURATION MANAGER TM KEY FEATURES: VANGUARD TAKES THE TARGET OFF YOUR

DATA SHEET. ez/piv CARD KEY FEATURES:

PROFESSIONAL SERVICES (Solution Brief)

POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)

VANGUARD POLICY MANAGERTM

Analyzer runs thousands of integrity checks for both RACF and z/os Security Server.

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

WHITE PAPERS. INSURANCE INDUSTRY (White Paper)

VANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

VANGUARD Policy Manager TM

Insurance Industry - PCI DSS

DATA SHEET. VANGUARD ez/tokentm KEY FEATURES:

DATA SHEET VANGUARD AUTHENTICATORTM KEY FEATURES:

NOTE: This process is not to be used for Grouping/ Member Classes. Those will be covered in another White Paper.

Removing ID. The Solution: The Issue: The Problem:

NIST Standards and a VCM Implementation

Is Your z/os System Secure?

Are Your Auditors and NIST Security Configuration Controls Driving You Crazy? Configuration Manager Implementation

VANGUARD Compliance Manager VANGUARD Policy Manager VANGUARD Security Manager VANGUARD Enforcer

Achieving Java Application Security With Parasoft Jtest

Performing a z/os Vulnerability Assessment. Part 2 - Data Analysis. Presented by Vanguard Integrity Professionals

Developing Legacy Platform Security. Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21

Data Sheet The PCI DSS

locuz.com SOC Services

Maximizing IT Security with Configuration Management WHITE PAPER

Background FAST FACTS

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

ISACA Arizona May 2016 Chapter Meeting

Total Protection for Compliance: Unified IT Policy Auditing

How Vanguard Solves. Your PCI DSS Challenges. Title. Sub-title. Peter Roberts Sr. Consultant 5/27/2016 1

Introducing Cyber Observer

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk

Tripwire State of Cyber Hygiene Report

Automating the Top 20 CIS Critical Security Controls

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Cyber Risks in the Boardroom Conference

McAfee Database Security

Choosing the level that works for you!

Skybox Security Vulnerability Management Survey 2012

Introduction to AWS GoldBase

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Eleven Steps to Make Mainframe Security Audits More Effective and Efficient

MIS Week 9 Host Hardening

Cyber Risks, Coverage, and the Board of Directors.

COBIT 5 With COSO 2013

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services

Simplify PCI Compliance

Gujarat Forensic Sciences University

Department of Management Services REQUEST FOR INFORMATION

Cyber Attacks & Breaches It s not if, it s When

Establishing a Credible Cybersecurity Program. September 2016

90% of data breaches are caused by software vulnerabilities.

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF Virtual CISO

HITRUST ON THE CLOUD. Navigating Healthcare Compliance

IBM BigFix Compliance PCI Add-on Version 9.5. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

COMPLIANCE SCOPING GUIDE

Reinvent Your 2013 Security Management Strategy

Best Practices for PCI DSS Version 3.2 Network Security Compliance

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Tripwire State of Container Security Report

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

to Enhance Your Cyber Security Needs

Ten Innovative Financial Services Applications Powered by Data Virtualization

The Center for Internet Security

Art of Performing Risk Assessments

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Simplifying Security for IBM i and IBM Security QRadar

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

Ensuring System Protection throughout the Operational Lifecycle

PCI Compliance Simplified A Case of Airport Parking System PCI Readiness

Performing a z/os Vulnerability Assessment. Part 1 - Data Collection. Presented by Vanguard Integrity Professionals

Taking a Business Risk Portfolio (BRP) Approach to Information Security

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Meeting RMF Requirements around Compliance Monitoring

IT Vulnerabilities: What an IT Auditor Should be Thinking About

IBM BigFix Compliance

INFORMATION ASSURANCE DIRECTORATE

Background FAST FACTS

SIEMLESS THREAT MANAGEMENT

An Oracle White Paper April Oracle Technology for Government Cybersecurity

The Importance of Cybersecurity Threat Detection for Utilities

Tenable SCAP Standards Declarations. June 4, 2015 (Revision 11)

Securing Your Digital Transformation

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

Defense Security Service Industrial Security Field Operations National Industrial Security Program (NISP) Authorization Office (NAO)

V Conference on Application Security and Modern Technologies

Accelerate Your Enterprise Private Cloud Initiative

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Escaping PCI purgatory.

Top Ten Security Vulnerabilities in z/os Security Doug Behrends Sr. Professional Services Consultant Vanguard Integrity Professionals

Transcription:

VANGUARD CONFIGURATION MANAGER (AUDIT/COMPLIANCE) Vanguard Configuration Manager automates review of current z/os Security Server configurations against prevailing standards to include DISA STIG, NIST, DB2, PCI-DSS hardening standards and Vanguard Best Practices dramatically reducing personal cost and time to verify compliance. VANGUARD TAKES THE TARGET OFF YOUR BACK If you look at any best practice guidance, regulation or standard around effective IT security today, you ll quickly recognize that it advises organizations to ensure their computing systems are configured as securely as possible and monitored continuously for changes. Vanguard Configuration Manager designed to provide the fastest, most cost-effective and accurate method to verify that security configuration controls are in accordance with published prevailing standards for z/os systems. Configuration Manager allows organizations to easily move continuous monitoring from periodic compliance reporting. Today, the Security Technical Implementation Guides (STIGs) from the Defense Information Systems Agency (DISA) are the gold standard given their exacting dictates for configuration and monitoring, which prevent cyberattacks for both governments and commercial organizations. To put things in perspective, following the guidelines laid out in the STIG is essential in eliminating the easy vectors hackers often use to launch attacks. One such breach at MBIA, the nation s largest bond insurer, was perpetrated due to system misconfiguration. DEVELOPED ENTIRELY IN THE U.S.A. VANGUARD INTEGRITY PROFESSIONALS Page 1

With the aforementioned in mind, secure configurations are a foregone conclusion for a key reason. With them, your organization no longer represents an easy score. If there are innumerable other firms that haven t bothered to implement basic security standards and controls, why would a hacker spend time on an organization that has? Vanguard Configuration Manager ensures secure configuration of your z/ OS systems and effectively removes the target from your back. VANGUARD CONFIGURATION MANAGER: AUTOMATE YOUR DISA STIG ASSESSMENTS AND DRAMATICALLY REDUCE COSTS AND TIME TO VERIFY COMPLIANCE Configuration Manager was designed to provide the fastest, most cost-effective and accurate method to verify that security configuration controls are in accordance with the DISA STIG for z/os systems. Vanguard s team of United States-based, z/os mainframe security experts analyzed all of the DISA STIG z/os and RACF checks to determine how best to interpret them, test configuration controls for compliance and report findings. This comprehensive intelligence was built into Configuration Manager along with efficient automation capabilities. The result is that organizations using Configuration Manager can perform System z checks and report findings in a fraction of the time of standard methods. Configuration Manager also allows organizations to easily move to continuous monitoring from periodic compliance reporting. ACTUALLY IMPROVE ON THE DISA STIG TEST PROCESSES WITH CONFIGURATION MANAGER Verifying that mainframe systems are in accordance with the DISA STIGs can require that more than 300 checks be performed, depending on specific configurations. For each check, from one to hundreds of thousands of control points must be tested. It can be extremely costly and time consuming to use the standard DISA STIG Checklist process to verify that z/os systems are configured correctly, even for smaller installations. Organizations that try this method to comply face the following challenges: Configuration checks take too long or are impossible to complete. Team morale is negatively impacted by the added workload. Multiple findings for the same checks are common. Ambiguous checks can put teams at risk if interpreted incorrectly. DISA STIGS are updated every three months. With Configuration Manager however, organizations can perform tests and report findings in a few hours each quarter, instead of the hundreds, or thousands, of hours required when using the standard z/os DISA STIG Checklist process. Once Configuration Manager has identified findings, they can be remediated, as required, to improve an organization s overall z/os security baseline and increase security levels. VANGUARD INTEGRITY PROFESSIONALS Page 2

VANGUARD CONFIGURATION MANAGER: TECHNICAL FEATURES Creates summary and detailed reports to provide the proper information required. Executes in both batch and online environments. Supports parallel collection and execution of checks to enable reporting to be completed quickly. Architected to prevent failure of one check from affecting reporting on another check. Consistent look and feel across all DISA STIG categories. Users do not need to be an expert on the DISA STIG to complete checks and report on compliance. Vanguard always supports the latest DISA STIG versions, including versions for the past two years. KEY DIFFERENTIATIORS A) Organizations can perform tests and report findings in a few hours each quarter instead of the hundreds or thousands of hours required when using published standards. B) Creates summary and detailed reports to provide the proper documentation required. C) The ability to compare multiple occurrences of the reported results for historical reporting. D) Users do not need to be an expert on the published standards to complete checks and report on compliance. E) Supports implementing the z/os Security Server and RACF configuration checklist from the National Checklist Program (NCP) of the National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) F) Automates more than 300 z/os Security Server checks and produces accurate compliance reports in minutes. G) Provides update for all DISA levels and checks within 30 days of posting. H) Delivers the ability to match wildcard resources to profiles. VANGUARD INTEGRITY PROFESSIONALS Page 3

WHY VANGUARD CONFIGURATION MANAGER? VCM has a built in DB2 Compliance module Vanguard built into VCM a set of DB2 checks based on their best practices and posted to the NIST NCP site as the set of standards for auditing DB2 security for RACF. These checks are automated in VCM and can be easily executed in a continuous monitoring methodology that ensures that any deviations from the standards are captured and reported. VCM has a built in Best Practices Compliance module Vanguard built into VCM a set a comprehensive set of Best Practice checks based on their Professional Services Auditing requirements. These checks are automated in VCM and will significantly reduce the amount of time it takes for Vanguard Professional Services to complete a comprehensive audit on a given target mainframe system. Please contact Vanguard Professional Services on how to enable this functionality FOR MORE INFORMATION To learn more about Vanguard Security Solutions, please contact Vanguard Integrity Professionals at (702) 794. 0014 or visit www.go2vanguard.com ABOUT VANGUARD SECURITY SOLUTIONS Vanguard offers one of the most advanced and integrated portfolios of enterprise security products and services in the world. The portfolio was the first to offer a fully automated baseline configuration scanner for mainframe DISA STIGs. VCM has a built in comprehensive PCI Audit Solution Vanguard automated a number of PCI checks and walk the end user through an entire set of PCI checks for the mainframe. These checks are automated in VCM and will significantly reduce the amount of time it takes for Vanguard Professional Services to complete a comprehensive PCI audit on a given target mainframe system. Please contact Vanguard Professional Services on how to enable this functionality VANGUARD INTEGRITY PROFESSIONALS Page 4

The World s largest Financial, Insurance, Government Agencies and Retailers entrust their Security to Vanguard Integrity Professionals. Corporate Headquarters Vanguard Integrity Professionals 6625 S. Eastern Avenue Suite 100 Las Vegas, NV 89119-3930 Telephone: 702.794.0014 Fax: 702.794.0023 +1.702.794.0014 Live Customer Support 24/7/365 VANGUARD INTEGRITY PROFESSIONALS Page 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback