HPE Software is now Micro Focus
HPE Software is now Micro Focus
IT Service Management
cancel

Is the CMDB the new tool for SecOps? Find out how automatic discovery can help

Is the CMDB the new tool for SecOps? Find out how automatic discovery can help

doronorbach

CMDB and SecOps.PNG

 

 

When you think about CMDB and discovery tools, security and compliance might not be the first words that come to mind. The standard use cases usually relate to having a role in the ITIL process, helping you better manage changes, incidents, or providing the data that is required to manage your software licenses to help stay compliant


Recent market trends prove that security might be a prime use case for your CMDB. At a basic level, this makes a lot of sense. When the CMDB is being fed by an automatic discovery tool (like Universal Discovery) that feeds it with comprehensive and up-to-date information about the data center, it can easily be leveraged as a powerful tool for the security groups in your organization.

Here are a few examples of data that is discovered automatically, and can be of clear benefit to SecOps:

  • Is vulnerable software _____ deployed on my environment? If so, which servers it is deployed on, what is their location, and who are their owners?
  • Does my ‘car reservation’ system contain any servers that might be vulnerable by the affected software?
  • What are the changes that happened to a specific device or service in the last day?
  • Where do I have open ports?
  • Do I have any of this vulnerable version of the operating system deployed?
  • Have any of my servers drifted from a pre-defined secured baseline?

These are just examples of discoverable data. The broader the discovery is in terms of the systems discovered (servers, network, storage and even workstations and desktops), the deeper the content is (discovery of configuration, resources such as interfaces, ports, software and dependencies to other system), and more useful the CMDB information is to the security teams.

A recent customer example of using CMDB as the foundation for SecOps is America First Credit Union (AFCU). They are monitoring over 3M CIs and 1500 servers across 120 locations. Security in the financial services industry is paramount, and AFCU was able to successfully use UCMDB to power their SecOps program as well. Check out the video below for more information:

So while your CMDB is likely not going to replace your security tools, it can serve as an important asset to complement data that is required by the security groups. It is also another good way to leverage the investment of collecting this critical data across any IT program.

 

  • configuration management
About the Author

doronorbach

I am the PM of UCMDB and CM. I have a lot of background in configuration management, discovery, integrations, and delivery. I have been involved with the products for 12 years in R&D and product management.

Comments
MukeshP
N/A

CMDB is all in one discovery tool

Trusted Contributor.

CMDB can augment your existing security tools by integratig data from your ICS,  SIEM and vulnerability scanners to provide risk assessment insight from a business application perspective.  This becomes even more powerful when you consider using CMDB's impact analysis to assess potential attack vectors of high value assets. 

Clarke Drummond
N/A

Fantastic!

Micro Focus Expert

Wow! Never thought about such powerful capability

Victor M
N/A

Thanks for sharing. It's great to hear about such use cases.