eTrust Policy Compliance FAQs

eTrust Policy Compliance automates the vulnerability assessment process, enabling security managers to efficiently monitor and enforce security compliance. It enables rapid response time with centralized alerts and reports, and significantly reduces ancillary costs. eTrust Policy Compliance helps organizations consistently maintain a high level of security by proactively managing vulnerabilities, executing remediation and implementing patches on demand — allowing them to immediately respond to critical security issues anywhere in their business environments.

What’s new in eTrust Policy Compliance v7.4?
eTrust Policy Compliance v7.4 delivers new features and enhancements, including:

Centralized Auditing of Heterogeneous Systems. eTrust Policy Compliance enables administrators to audit the security settings of diverse servers and applications from a single console. Administrators can simultaneously audit and monitor: Windows NT/2000, Windows 2000, Windows XP, Windows .NET, UNIX, Linux and OpenVMS systems; Oracle, MS SQL and Sybase databases; web servers; and other eTrust products — resulting in substantial time and cost savings.

Dynamic Web Update. eTrust Policy Compliance provides the latest security checks available for newly discovered vulnerabilities.

Automated Fix. This correction facility allows administrators to instantly correct critical security issues from the management interface with a point-and-click “fix button.”

Database -Driven Reporting and Alert Management. Drill-down and graphical reports can be generated using a relational database through integration with eTrust Audit. In addition, alerts can be executed, such as email, route, SNMP traps, user-defined actions, send to Unicenter, collector and so forth.

Integrated Patch Management. Integrated with Unicenter, patch management essentials, such as asset discovery, identification of security issues and automated deployment of security remedies, can be performed.

Hassle-Free Install and Convenient Mass Deployment. eTrust Policy Compliance allows administrators to create a CD-ROM image and run audit scans without having to install an agent. In addition, administrators can create a silent installation file that makes it easy to deploy large installations across the enterprise.

Security and Vulnerability Baselining. eTrust Policy Compliance builds a baseline snapshot of a resource’s overall security configuration, including custom checks and fixes, to help administrators maintain security policies to “ideal” conditions. This enables them to manage by exception and easily identify areas where system security has diverged.

Extensibility. The eTrust Policy Compliance Software Development Kit (SDK) enables organizations to leverage their investments by facilitating integration of third party and in-house applications. It also allows them to create and modify custom checks and fixes.

Reporting, Query and Modeling Tools. These tools allow administrators to: perform comprehensive security checks; monitor specific nodes, databases or entire networks; and report back on current security levels.

Intuitive Graphical User Interface (GUI). This reduces the platform expertise required to maintain an organization’s security policies. Alternatively, security administrators can choose to manage distributed systems from their command line interfaces.

User Account and Password Policy Analysis. eTrust Policy Compliance identifies user accounts and tracks user IDs that are disabled or are used by multiple users. It also identifies accounts with passwords that are missing or can be easily cracked.

Enhanced Reporting Capability. eTrust Policy Compliance offers multiple, easy-to-understand audit reports that can be easily filtered and exported to other reporting mechanisms. It supports HTML reporting, which makes web viewing and dissemination convenient. Additionally, selected reports can be emailed as security notifications.

Volume or File System Analysis. eTrust Policy Compliance locates files and directories without proper access control or protection, and prevents them from being manipulated.

Predefined Security Checks. eTrust Policy Compliance provides a collection of predefined checks that achieve particular auditing goals. Weight values that represent a security violation’s severity level can be assigned to checks and hosts, allowing administrators to focus on business-critical issues in their enterprise environments.

Why do organizations need eTrust Policy Compliance?
Most security breaches are due to poorly maintained platform and application security controls. Local server changes often unintentionally open up security holes and cause non-compliance with corporate security policies. Today, organizations need to ensure that their operating systems, databases, web servers, networks, user accounts, passwords, directories and file systems are secure. Because this responsibility increases daily, they need eTrust Policy Compliance to deliver continual protection against risk exposure or attacks.

How will I benefit from eTrust Policy Compliance?
eTrust Policy Compliance, CA’s automated security compliance management solution, is an essential component of any successful security strategy. eTrust Policy Compliance:

· Reduces operational cost through advanced automation and proactive policy management

· Raises security levels through active patch management, monitoring and reporting system activity

· Fits any enterprise infrastructure through extensible, open interfaces

How does eTrust Policy Compliance keep vulnerability information up to date?
New security vulnerabilities are uncovered daily, increasing user exposure to risks. The eTrust Policy Compliance Web Update facility helps ensure that the latest checks are available for new vulnerabilities by polling for web updates on a scheduled basis. When properly configured, the eTrust Policy Compliance Client Manager refreshes itself from the appropriate Web Update cache whenever it starts, which triggers agent updates by running an audit. The eTrust Web Update design allows you to directly deploy updates into your production environment or deploy them into a test environment for review. This capability is completely flexible, allowing you to establish the procedure that best meets the needs of your environment.

Can I view reports on the Web?
eTrust Policy Compliance offers a detailed, easy-to-understand audit report of your system’s security level. This report can be generated in a few minutes to quickly provide you with complete audit information. In addition, it can be saved in HTML format for easy web viewing and dissemination within your organization.

How easily can we implement fixes that are identified by eTrust Policy Compliance?
Once you understand where the security problems are on your system, eTrust Policy Compliance helps you make swift remediation using the correction facility. From the Client Manager, the correction facility lets you choose specific items returned by certain checks for immediate correction using a point -and-click “fix button.”

How do eTrust Policy Compliance handle deployment or installation issues for a large organization?
When deploying eTrust Policy Compliance on numerous Windows machines, it is more convenient to run the installation without having to interactively answer installation questions. eTrust Policy Compliance allows you to create a “silent” or batch installation file by running a regular installation and saving your responses — decreasing time and resources. In addition, eTrust Policy Compliance allows administrators to create a CD-ROM image and run assessments without having to install an agent.

Is it easy to implement my own customized audits?
When defining an audit, eTrust Policy Compliance allows users to choose to use either the Audit Definition dialog or the New Audit Wizard. The Audit Wizard allows users to: name and describe an audit; specify whether the results of the audit are saved as a model; indicate whether the audit runs against live data or a baseline model; specify the targets of the audit, such as hosts, host groups, databases or database groups; specify which checks to include in the audit; and specify when to run the audit.