Its one thing to establish and communicate policies around who, how and when configuration changes can be made to IT infrastructure. Its another thing to get everyone in the IT department to follow them.
IT governance automation provider Active Reasoning on Feb. 19 will try to advance the cause of policy enforcement when it introduces its Active Reasoning System 5 policy enforcement system.
The system provides continuous, real-time monitoring of servers and applications to automatically detect unauthorized change activities and audit configurations to guard against “configuration drift,” according to Andrew Lochart, vice president of marketing at the San Francisco firm.
“Were unique in monitoring those systems for not just changes but other actions and events like logon and logoff, and we do it continuously. When an agent sees something happen on a system thats relevant to a policy, that information is conveyed to our server, which correlates that with the policies in place and shows the results in real-time dashboards,” said Lochart.
That capability sets Active Reasoning apart from rivals Tripwire and Solidcore Systems, he added.
The new version of the system, which includes agents deployed on the servers to be monitored and a central server, adds a new PMDB (Policy Mapping Data Base) that allows users to load their own policies and control statements as well as optional modules with IT Infrastructure Library control statements.
The control statements can be mapped to detailed information on the applications, servers and individual staff members that should be monitored as well as what customers want to monitor for.
For example, customers can let the system know that developers are never allowed to log into a certain set of production systems, or this is the payroll system and only the CFO can access it.
“The database allows customers to map those controls to detection capabilities monitored by the agents,” said Lochart.
Although enforcement can include preventing the activity from happening, Active Reasoning found that most customers dont want to implement that level of automation in the event that emergency practices should over rule such policy enforcement.
“Enforcement can mean communicating in real time to a trouble-ticketing system to see if there is a ticket outstanding for a change, or we might alert someone to the change and ask if that change is acceptable. If not, then we call roll it back,” said Lochart.
Active Reasoning in its new System 5 release also added support for SNMP traps to allow network or other devices to be monitored without installing a proprietary agent on those devices.
“We can listen for SNMP traps that might be thrown off by a router or firewall, and that gets rolled back and configured by the customer to look for activities that violate their controls,” said Lochart.
The new release is due Feb. 19.