Our integration team here at CloudPassage has worked very closely with the RSA Archer team to get certified with the RSA Ready Partner Program for our Halo Connector for Archer – something many of our larger enterprise customers have asked for.
RSA’s Archer GRC platform is engineered to help enterprises easily manage risks, demonstrate compliance, automate business processes, and gain visibility into their organization’s risk and security controls across IT, finance, operations and legal domains.
CloudPassage’s Halo configuration scanning feature allows you to automatically evaluate servers against the latest configuration policies customized specifically for them. Halo can also scan servers for software vulnerabilities and perform file integrity monitoring. Configuration and vulnerability scanning can be easily automated across all of your public or private cloud environments, where traditional software scanning products are unable to operate effectively.
These features let you maintain continuous exposure and compliance awareness across your infrastructure, and are crucial to maintaining hardened server configurations that can withstand the more exposed environments of public and hybrid clouds.
Governance, Risk, and Compliance (GRC) tools have traditionally been thought of as tools for tracking compliance requirements within an organization. But now, more security professionals are turning to data collected by GRC tools to gain broader insights into not just compliance, but also their organization’s overall security posture.
To enable users, of both RSA Archer and CloudPassage Halo, to collect data about their cloud assets, especially in large and complex environments, CloudPassage has released an open-source security data connector. The Halo Connector for Archer retrieves scan data from a CloudPassage Halo account and streams it to RSA Archer GRC. It also has the ability to enrich the scan data with associated event data before sending it to Archer.
Security professionals can use this information to gain enhanced visibility into an organization’s risks, such as determining what servers are running vulnerable software.
GRC plays a strong role in helping security teams understand the business and to protect the organization from threats. As more and more customers move their workloads and assets into public IaaS environments, their expectation is to have the same level of security and compliance reporting for their cloud environments that they have in the traditional perimetered data center environment. Users of the Halo Data Connector and RSA Archer are able to unify the components of their critical security operations and reduce risk for their enterprise.
The first release of the Halo Connector for Archer consists of:
- The application module: This is a Threat Management module which enables Archer users to navigate through the various scan results like they would in a regular web-based application. The module also contains pre-built reports that provide different views of the same dataset.
- The Halo Connector script: This is a Ruby script that is designed to execute on a repetitive basis. It keeps Archer GRC up-to-date with Halo scan results as time passes and new Halo scans occur. This script retrieves scan data from a CloudPassage Halo account and sends it to Archer GRC.
Using Archer GRC with CloudPassage has many advantages especially with the ability to aggregate and correlate data. Here are a few specific examples:
GRC can give you a policy view of your Halo scan data. This allows you to view a report of all your servers that are not compliant with a specific policy, which is an extremely helpful tool for compliance and remediation purposes. For example: You want to know every server that has a violation against the “Permissions on /etc/shadow” policy. GRC can easily list all servers that have that specific violation. The user can then drill down into specific servers to get more detail if needed.
Another example of advanced reporting functionality that can easily be accomplished with GRC and Halo is to list all servers that have a critical configuration issue.
Roll-up and aggregation type reports can easily be created. For example: A rollup report can easily be created that can provide a list the lists all configuration issues with a server group, with the issues ranked and counted. This type of report is extremely useful for remediation.