Changes across network devices, files, and security policies happen daily within an organization. Without proper change control policies in place, organizations can increase in network disruptions, misconfigured devices, and privilege creep among internal users. This report will help organizations to better understand where changes are occurring across network files, policies, and devices.
The ISO/IEC 27002:2013 provides a framework that can be used to develop and enhance information security policies for any organization. Each security control and objective provided within the standard can be tailored to specific business and regulatory objectives, and assist with maintaining overall compliance. This report aligns with the ISO/IEC 27002 12.1.2 and 12.5.1 controls, which can provide organizations with the latest information on network changes across the enterprise.
Proper change control policies can help organizations identify when a change was made, the type of change, and on what host. By definition, change control management is a formal process to ensure that proposed changes will not disrupt systems, users, and services. Organizations should forward all event logs from network devices to the Log Correlation Engine (LCE), which will monitor and collect the latest information on changes throughout a network. Changes can include software upgrades, firewall policy modifications, user privilege changes, and more. Monitoring changes on critical infrastructure devices can help to reduce unauthorized or improper changes that could severely impact critical network services. Having the latest information on network changes can help analysts quickly identify which users and hosts were involved by the change.
The chapters within this report utilize LCE in obtaining the latest information on network change events. Monitoring configuration changes will alert analysts to any unauthorized changes that could result in network outages or misconfigured devices and servers. Event information on password changes, group changes, and privilege change events are included. The Change Events chapter reports on the latest change events collected from network devices. Top change events from Windows, Linux, and UNIX hosts will report on registry changes, domain, and software updates. Software changes present information on software that has been installed, removed, and software application error events.
This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Compliance & Configuration Assessment. The report requirements are:
- SecurityCenter 5.2.0
- LCE 4.6.1
- Log Correlation Engine Clients
SecurityCenter Continuous View (CV) provides continuous network monitoring, vulnerability identification, risk reduction, and compliance monitoring. Nessus is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits. PVS and Nessus both have the capability to discover operating systems, software, network devices, hypervisors, databases, tablets, phones, servers, and other critical assets. SecurityCenter CV allows for the most comprehensive and integrated view of network changes.
Executive Summary: The Executive Summary chapter will alert analysts to configuration changes on network devices and servers. Each chapter will include event information on password changes, group changes, privilege change events, and more. Organizations can use the information provided within this report to reduce and prevent unauthorized or unknown changes, which can be beneficial in strengthening existing security policies. This report aligns with the ISO ISO/IEC 27002 12.1.2 and 12.5.1 controls, which can provide organizations with the latest information on network changes across the enterprise.
Change Events: The Change Events chapter reports on the latest change events collected from network devices. This chapter includes change event information from commonly used firewall, IPS, and IDS network devices. Other elements include change events from Windows, Linux, and UNIX hosts. This information will report on registry changes, domain, and software updates. This chapter will also present information on file change events across the network.
Software Change Events: The Software Change Events chapter presents information on software change events on network hosts. Each table provides a count for the top 20 software change events. This information will alert analysts to possible unauthorized software installations, updates, and removal events. The tables within this chapter can provide valuable information organizations can use to identify and secure gaps within existing security policies.