SolarWinds announced enhancements to its Network Configuration Manager (NCM), a network device configuration and change management product for Cisco, Juniper, HP, Dell, and Brocade routers and switches.
The latest version makes it possible to demonstrate security compliance by automatically performing vulnerability scanning on Cisco Adaptive Security Appliance- and Internetwork Operating System–based devices using Common Vulnerabilities and Exposures (CVE) published by the National Vulnerability Database (NVD).
The NCM platform also provides automated remediation options and compliance reports for the National Institute of Standards and Technology’s Federal Information Security Management Act and for the Defense Information Systems Agency’s (DISA) Security Technical Implementation Guide (STIG).
“Just about any company can benefit from NCM’s ability to help more effectively manage change, implement policy-based and standardized configuration practices and maintain and demonstrate compliance with required configuration standards and policies,” Nikki Jennings, group vice president of products and markets for SolarWinds, told eWeek. “With that said, there are three use cases that really stand out in my mind: first, companies with a growing or fast changing network infrastructure; second, companies who have adopted an IT governance framework; and finally, companies who have regulatory compliance obligations.”
By automatically receiving updated security alerts from the NVD, NCM now helps identify risks to network reliability and security by detecting potential vulnerabilities.
Using integrated access to the CVE system published in SCAP format, a match between a vulnerability and a device will trigger an alert from SolarWinds NCM, which can be followed up with an interactive report that documents remediation steps.
“When it comes to network management tools, ease of use is very important because it directly correlates to cost savings,” Jennings said. “These savings are realized when labor costs are reduced by developing competencies faster and completing work with greater speed and accuracy. In other words, improved efficiency and performance.”
If vulnerabilities are found, NCM will provide an alert, compile a report on violations by control and device, and provide automatic remediation actions.
Jennings noted that by creating reusable remediation scripts that are set to run automatically whenever specific violations are detected, NCM provides reassurance that vulnerabilities are fixed, network devices are secure and compliance is being enforced.
“The need to integrate security into every aspect of network design and operation is becoming well understood and adopted. As this occurs, and as standards are translated into polices and then into technical controls, the process of ensuring compliance will become near real-time,” she explained. “For example, when policies define what controls are required and how controls are to be implemented, then it becomes possible to use automation to standardize system configure and to monitor controls. If a control is altered, then automation can be used to re-apply the control thus ensuring and demonstrating near-real-time compliance.”