Introduction

End point Non-Compliance detection & auto-remediation app 聽is a Windows OS client-server application where compliance criteria across multiple Agents installed at end points can be monitored and any deviation rectified automatically. All detected non-compliance and remediation status across multiple Products is reported in one single view providing Enterprise wide view.

Compliance Parameters details

The dashboard displays Product wise a set of monitored parameters and settings as detected at end points. The product categories on which compliance parameters are configurable can be categorized as following:

  • Protection: Antivirus, Firewall, Hard drive encryption
  • Operating system: Windows
  • Software: Java, Chrome, Browser, MS Office, Flash
  • Network: Secure web etc.
  • Data Loss Prevention: Symantec
  • System: Patching, Disc space
  • Communication management and tracking: Video or any text-based reminder with action enforcement mechanisms on end users

Illustrative view of Products and monitored Parameters

The following is the summary of the available metrics and corresponding configurations

Product/Category
Potential Issues
Remediation parameters
Antivirus (Symantec) Devices without a corporate antivirus represent a security risk. Even if a device has the corporate security solution installed, it is important to verify that this product is working correctly 路聽聽聽聽聽聽聽 Version

路聽聽聽聽聽聽聽 Non-infection

路聽聽聽聽聽聽聽 Service installed &聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 running

路聽聽聽聽聽聽聽 Update

路聽聽聽聽聽聽聽 Scan and auto聽 聽 聽 聽 聽 聽 聽 聽 聽protect聽 compliance

Firewall If Firewall solution is not working correctly, there might occur issues in network access 路聽聽聽聽聽聽聽 Service enabled

路聽聽聽聽聽聽聽 Service running

Hard Drive Encryption (Bitlocker) Devices without hard drive encryption can cause issues in data confidentiality inside organization 路聽聽聽聽聽聽聽 Encryption method

路聽聽聽聽聽聽聽 Conversion status

Data loss prevention聽(Symantec) DLP and data protection purposes in accordance with applicable laws and internal policies in information security 路聽聽聽聽聽聽聽 Installed

路聽聽聽聽聽聽聽 Version

路聽聽聽聽聽聽聽 Files

路聽聽聽聽聽聽聽 Service running

Adobe Adobe Reader/Flash requires to be of latest version as old versions are often subject to security vulnerabilities and can cause documents to be formatted incorrectly 路聽聽聽聽聽聽聽 Installed

路聽聽聽聽聽聽聽 Version

Patching Trying to manually manage patches is not only a huge headache but also a major risk for organization. even with a patch management software, organizations with multiple servers and computers, ensuring that all of them are updated must be ensured 路聽聽聽聽聽聽聽 Patching

路聽聽聽聽聽聽聽 Disk space

路聽聽聽聽聽聽聽 SCCM scan

Secure web (Websense) As secure web provides access to various internal and external sites, it is important to ensure that it鈥檚 working properly. Otherwise it may cause security issues 路聽聽聽聽聽聽聽 Installed

路聽聽聽聽聽聽聽 Version

OS Running a non-standard OS can result in security issues as IT services are usually tested on a limited set of operating systems 路聽聽聽聽聽聽聽 Version
Communication management and tracking Employee training tracking and reminder invocation helps in better user engagement 路聽聽聽聽聽聽聽 View status

路聽聽聽聽聽聽聽 Snooze numbers

How the Platform works

Deployment聽mode

Anakage compliance platform provides both agent based (installed at end point) and agent less (by scheduled push through SCCM or through distribution platforms) solutions

  • Agent Less Solution deployment

Compliance exe runs on the end points at the schedule specified from SCCM and after run and post actions, it self destructs leaving zero footprints. So no exe installation is required at the end points. And all the performed compliance task actions get reported on the reporting portal.

  • Agent Based Solution deployment

Agent based exe is installed at the end points (installation can be done through SCCM or other software distribution tools) and checks compliance status at predefined intervals.

Parameter
Agent Less Solution Deployment
Agent Based Solution deployment

Environment Designed for centralized environments Best for frequently disconnected machines or machines in the DMZ
Authority A central authority does all the deploying and scanning which has to be defined and monitored in-house Each agent does its own scanning and deploying based on policies defined on the central console
Software distribution mechanism and Network coverage Ideal for networks with large amounts of bandwidth and good SCCM(or other software distribution tool) coverage Ideal for distributed networks with remote locations that have limited bandwidth

Features

1. Regulatory Remediation Integration: Compliance remediation with both scheduled and manual triggering

Not only it collects and report compliance status, Compliance remediation and automation platform comes with the capability to remediate issues for certain metric parameters. Solution fixation can be either scheduled (agent initiated) or manual (admin initiated). The manual solution fixation can be invoked from admin portal.

In admin portal, all the compliance parameter statuses get reported. For a particular compliance parameter, i.e. antivirus scan compliant- if there are a few end points which are not antivirus scan compliant, it will appear as 鈥榝ail鈥 entries.

If the 鈥榝ail鈥 button is clicked, it will show the details of the end points for which the compliance failed. 聽Admin can manually trigger compliance solution for the 鈥榝ail鈥 entries by clicking on the 鈥楩ix鈥 button.

Upon clicking the 鈥楩ix鈥 button , a screen will come up allowing admin to select end points and action type.

2. Complete聽Enterprise wide Compliance聽Reporting in one single dashboard

All the predefined compliance parameters can be monitored from one central dashboard without any need for scripting or coding.

3. Multi attribute Reporting and Visualization

In the reporting portal, it is possible to view the report from different aspects- compliance status for different products with the corresponding end point and location facility/business unit details helping admin to follow the evolution of the compliance status and check if the overall compliance is improving or regressing. Options of reporting at Solution level, individual Product parameter level besides Facility, geography or Business unit wise are also available

  • Overall Product wise report

It shows the product wise drop down for which the compliance status is checked.

  • Product parameter (compliance parameters predefined for each product) wise report

Under any product it shows the particular parameter compliance status which are configured. Like for 鈥榮ecure web鈥 product, the compliance parameters are 鈥榠nstalled鈥 (installed properly or not) or 鈥榲ersion鈥 (version updated or not) – against these parameters it will show the compliance status.

  • Compliance before and after status report

There are options to have dashboards showing the compliance status at Parameter level before and after running the compliance exe (weather manual or scheduled). If some parameter shows 鈥榝alse鈥 (non compliant) before running the exe (in initial data), it gets remediated (if possible) and the taken actions also gets reported (in final data).

  • Location facility wise report

It shows the compliance data for different locations or business units providing a precise view of compliance for different segments of the organization.

All these reports can be downloaded from the portal and on the basis of the report; the IT Ops/Info Sec can inform engineers to take required actions.

Experience Non Compliance Detection and Auto Remediation and discover what聽Anakage聽can do for your organization.

Schedule a Demo

Visit our Website

}