Versio.io

Reduce risks and optimize business for your company

White paperFree training (DE)Free trial

How can I improve IT security with Versio.io?

Automate the detection, documentation and verification of security-related changes

How can I improve IT security with Versio.io CMDB? The security of IT systems must be re-evaluated each time there is a change in the dynamic behaviour or the static state in order to avoid risks for IT and the company. The following blog post shows how Versio.io can support you in ensuring IT security in your company.
 

Positioning of Versio.io in the IT security architecture

With the provided importers Versio.io captures thousands of static changes, verifies them based on rules and can trigger corresponding actions (email, chat, trigger for third party systems). Versio.io can therefore be a very powerful component of an IT security landscape in an enterprise company.
 

Pre-packaged IT security rules

How can I improve IT security with Versio.io CMDB? Based on the publicly available National Vulnerability Database (NVD) of the US National Institute of Standards and Technology (NIST), Versio.io offers monthly updated rule sets for Versio.io customers.
With the NVD rule sets, customers can identify components in their IT landscape for which there are known security vulnerabilities. For example, it can be determined that the specific version of a manufacturer's product with known vulnerabilities is in use in the company.
The verification in Versio.io based on imported data from IT monitoring solutions, which record this specific information.
 

Which data in Versio.io contains which security relevant information?

Using a few examples from customer projects, we want to show which data in Versio.io contains security-relevant information. This information can be collected and documented fully automatically and actions can be triggered depending on the verification results.
 
Entity      Relevant attributes and relations      Security related detection of ...
General
  • Attribute with defined naming conventions for the attribute values
  • attribute values that do not conform to the specified naming conventions.
Host
  • OS release version
  • OS kernel version
  • Hostname
  • operating system and kernel versions with known software vulnerabilities.
  • host computer with non-compliant assigned names.
OS process
  • Vendor
  • Product
  • Product version
  • Technology
  • executed software components with known software vulnerabilities.
  • unintended use of technologies.
SSL certificate
Whois
Token
  • Temporal validity limit
  • Expires date
  • shortly expiring SSL certificates or tokens.
  • expiring domain registration and the loss of domain ownership.
Port scan result
  • Open ports
  • Number of open ports
  • unintentionally open host computer ports.
User & role
  • Relation
  • unwanted assignment of permissions.
File configuration
  • Specific attributes
  • insecure configuration at the level of infrastructure components, the operating system or applications.
Batch job
  • Existing instance
  • not executed batch job (e.g. backups).
 

Host port status as a practical example

The following practical example of a host port status is used to demonstrate vulnerability detection, validation and notification. The ports of a host are the entrance gates to the underlying services. In order to minimize the possibilities of attack, one only wants to open ports to the outside if necessary.

Versio.io detects and documents changes on a port of a host

Versio.io detects and documents changes on a port of a host
X

Versio.io detects and documents changes on a port of a host

The state of the host port is continuously monitored by the Versio.io OneImporter and transmitted to the Versio.io platform. The platform checks whether a change has been made and saves it. This creates an auditable and audit-proof database of all changes in your company.

In addition to the historical storage of instance changes in Versio.io, the relationships to other instances can also be identified. This is also possible to instances from other data sources and thus increases the possibilities to validate or process data depending on its context.

With an easy to define compliance rule in Versio.io the unwanted status of the change can be detected

With an easy to define compliance rule in Versio.io the unwanted status of the change can be detected
X

With an easy to define compliance rule in Versio.io the unwanted status of the change can be detected

With the visual rule editor, logical rules can be defined and executed based on the data imported into Versio.io. If the rule logic matches, a corresponding violation event is triggered.

The violation can also include the time from the identification of the violation to its removal. This documentation ensures auditability.

The identified change and the defined compliance rule lead to an event with a complete root cause analysis and corresponding actions

The identified change and the defined compliance rule lead to an event with a complete root cause analysis and corresponding actions
X

The identified change and the defined compliance rule lead to an event with a complete root cause analysis and corresponding actions

The compliance violation event provides all necessary information about the event.

We are especially proud of the root cause display, which gives you all the details about the root cause of the problem, the duration of its existence, a direct link to the causing instance and actions triggered by the event.

 

Related references

National Vulnerability Database (NVD) of National Institute of Standards and Technology (NIST)
Vulnerability advisory service of Deutsche Telekom Security GmbH


Keywords

Security

 

IT

 

SSL/TLS certificate

 

Port scan

 

Technology

 

Operational rules

 

Change ticket

 

Configuration managaement database

 

CMDB

 

CI

 

NVD

 

NIST

 

DCERT

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.