by Pranesh Ramachandran
Senior Product Manager Data Center Automation Solutions
Data Center Automation (DCA) compliance and vulnerability resource status data now available in Universal CMDB
The latest release of Data Center Automation allows you to meet the must-have requirement of resource management and understanding business criticality. It brings Security and Operations together to look at risk from the same lens in Universal CMDB.
- New CMS integration with DCA delivers at-a-glance visibility in Universal CMDB to the regulatory compliance and vulnerability status of discovered resources from DCA’s policy scans and imported Qualys scan results.
- The security lens view to server resources for CMS users enables prioritization of vulnerability and compliance gaps, faster remediation of exposures, and reduced risk to the business.
Fig 1. DCA stores compliance and vulnerability status of resources in UCMDB
With this expanded visibility and DCA’s integration with Qualys, you will be able to quantify and prioritize risk across server vulnerabilities and groups of resources. This allows you to best determine which resources need to be protected the most, or first, reducing your risk exposure for a more meaningful vulnerability management program.
Those of you already using UCMDB will be able to answer questions that you couldn’t answer before: Which CIs have a security severity rating of 7 or higher? Where do I have log4j and do I have the secure version running? Where do I have misconfigurations that don’t follow CIS benchmarks across my hybrid servers?
This new level of visibility and context builds a shared understanding between teams and how you can better coordinate on business criticality.
Fig 2. Quick “at-a-glance“ visibility to regulatory and vulnerability status of discovered servers, including Qualys scan results
DCA 2023.05 . . . What Else Is New?
This release also includes vulnerability patching updates to better prioritize patching efforts as well as new and enhanced reporting and dashboarding capabilities for both DCA and SA customers.
Vulnerability Patching
- Vulnerabilities list enhancement – DCA now automatically creates a list based on imported CVE data and vendor patch metadata. It includes the vulnerability name, CVEs, CVSS score, severity, patch availability to remediate the vulnerability, and the publish date. A user can filter through the list, look for available patches, and create static patch bundles to scan and remediate resources for the selected vulnerabilities.
- Risk dashboard enhancement – The dashboard displays top vulnerabilities based on severity with drilldown capability to easily identify vulnerable resources. Admins can configure up to four vulnerability widgets in the Risk dashboard to monitor the number of impacted resources with weekly trend data.
- New vulnerability charts – Two new charts on the resource page visualize vulnerabilities by severity (critical, high medium, low) and vulnerabilities by status (new, active, re-opened, patched, fixed) to help prioritize patching and remediation actions. The charts show the vulnerabilities identified by DCA’s policy scans and imported Qualys scan results. They also provide drilldown capability.
Fig 3. Vulnerabilities discovered on the resource by DCA (based on policy scans) and Qualys (based on imported scan results) by severity and status; provides drilldown capability
Reporting
- New OOTB Vulnerability dashboard displays a summary of all vulnerabilities discovered on the managed resources. It displays the count of vulnerabilities by state and provides charts to visualize the count of vulnerabilities by severity, patch availability, CVSS severity, source, and resource types.
Fig 4. Overall security posture in an easily digestible, summarized format
- New OOTB Resource Vulnerabilities Summary dashboard displays a resource vulnerability chart to identify the number of vulnerable resources by severity and by resource types. The dashboard also provides a tabular report to look at resource vulnerabilities by severity and state with drilldown capability.
- New OOTB Compliance dashboard displays a resource compliance summary by audit policy/benchmark, patch bundle and software policy for Server Automation, and resource compliance by benchmark and patch bundle for Data Center Automation.
- New Resource Consumption dashboard helps visualize and track the number of resources under Server Automation and DCA management.
- All new OOTB dashboards provide extensive context filtering to refine the report content based on multiple fields of interest.
- Enhanced Server Automation (SA) Dataminer collects user event history data from SA to report on who changed what, from what old value to what new value, and when, for auditing needs.
- Enhanced SA Dataminer now comes with an optional flag to collect and forward SA job results data (audit, patch, software, application configuration compliance data) as part of the initial configuration to facilitate immediate reporting.
Automation Platform
- New install platform support – DCA now supports RHEL 9 and Rocky Linux 9.
- Additional database support – DCA now supports Vertica 12 for OPTIC Data Lake.