Configuration Compliance Manager
"Security configuration assessment is a necessary element of a vulnerability management program, because it orients remediation activity to the elimination of vulnerability root causes."
- Gartner, Inc., "Security Configuration Assessment Is Becoming a Feature of Security and Operations Products" by Mark Nicollett, July 23, 2008Auditing the configurations of IT systems and monitoring changes in those configurations is critical to reducing security risk and achieving compliance. nCircle Configuration Compliance Manager (CCM) automates configuration auditing, change monitoring and configuration compliance processes, providing the industry’s clearest picture of system configurations and the compliance impact of configuration changes.
nCircle's unique solution:
- Discovers all IT systems – servers, desktops, laptops, routers, switches, firewalls, and enterprise applications
- Collects detailed configuration information from each system
- Compares the configurations with established benchmarks and baselines
- Provides customizable reporting for monitoring and regulatory purposes
Agentless Architecture Delivers Lowest Cost of Management
Configuration Compliance Manager utilizes a completely agentless architecture, requiring no software to install on the monitored endpoints. This is a huge cost savings over agent-based solutions, providing ease of management across the largest networks, highly cost-effective deployment, and the ability to profile every system in the enterprise, not just servers. CCM’s agentless architecture provides comprehensive coverage with the industry’s lowest cost of ownership.
Configuration Compliance Manager collects detailed configuration information from all IT systems and compares the configurations to built-in or user-generated policies to identify deviations.
CCM shares nCircle Suite360's unified appliance architecture, utilizing the same scanning appliances as nCircle IP360 and other Suite360 products to audit system configurations. nCircle's agentless, appliance-based Suite360 is easier to deploy and manage and more cost effective than acquiring separate solutions for security and compliance.
Agentless File Integrity Monitoring – with DynAgent Technology nCircle’s DynAgent, patent-pending agentless technology built in to nCircle File Integrity Monitor and nCircle Configuration Compliance Manager, enables organizations to audit every system across their entire global network – comprehensively, cost-effectively, and without installing agents on each monitored endpoint. nCircle solutions combine credentialed access with transitory DynAgents to fully assess hosts, delivering all the power of an agent, with none of the management overhead and complexity. For more information, download our paper on agent-based vs agentless technology. |
Automated Configuration Compliance
nCircle Configuration Compliance Manager continuously discovers and identifies all IT systems, including servers, desktops, laptops, routers, switches, firewalls, and enterprise applications. It also regularly enumerates the configuration of each system and any configuration changes, providing detailed information on thousands of configuration variables. CCM assesses virtually everything on your network, from routing table entries and ACLs to Active Directory group policy objects and application misconfigurations - all without using agents. CCM can also monitor the integrity of designated files, a requirement for PCI compliance.
Configuration Compliance Manager continuously audits each system's configuration and the changes made to these configurations for compliance with the relevant policies. The solution includes a rich library of policies based on standards and benchmarks from NIST, CIS and Microsoft. Also included are policies for specific regulations such as PCI, Sarbanes-Oxley, HIPAA, FDCC and NERC.
Configuration Compliance Manager provides built in drill down and dashboard reports, and can also export configuration information it gathers to nCircle Suite360 Intelligence Hub for more executive dashboards and a centralized unified view of security and compliance.
Configuration Compliance Manager automatically documents the compliance of your system configurations through robust reports and web-based dashboards. The built-in reports make preparation for IT audits fast and easy, while the dashboards give administrators a variety of perspectives into the compliance status of every asset on the network.
SCAP Validated
Configuration Compliance Manager has been SCAP validated to scan systems for Federal Desktop Core Configuration compliance. For more information, please visit our FDCC page.
CMDB Integration
Configuration Compliance Manager can be integrated with your configuration/change management process to address any compliance deviations identified. Therefore, when out-of-compliance configurations or changes are identified, it can notify administrators immediately, open trouble tickets and/or update your CMDB. Further, issues can be prioritized based on the business value of the assets affected.
Complete IT Asset Coverage
Configuration Compliance Manager utilizes active and passive scanning to discover and audit the configurations of all networked systems. CCM also includes a wide variety of scan modules that provide highly detailed information on the configurations of a wide variety of systems, including desktops, laptops, applications, firewalls, routers and switches. These modules probe systems for specific characteristics, such as application configurations. Application-specific scan modules include anti-virus, Cisco routers and switches, Microsoft Active Directory, databases, web servers, and firewalls.
Click here to schedule an evaluation of nCircle Configuration Compliance Manager.
