Browse Prior Art Database

Method and Apparatus of Adaptive Compliance Checking for Enterprise IT system

IP.com Disclosure Number: IPCOM000249104D
Publication Date: 2017-Feb-07
Document File: 4 page(s) / 97K

Publishing Venue

The IP.com Prior Art Database

Abstract

An enterprise is required to be compliant with regulations and standards. Once a violation is discovered by automatic compliance checking, how to safely and effectively remediate the violation? the disclosure presents the following approach: 1) Once detected violation objects (device, solution, etc.), put them into a watching list; 2) The corresponding security monitoring components will pay attention to the objects in the watching list, and for each: Start to monitor, record and learn the normal behaviors of those objects, then detect the abnormal behaviors from real time data. Once abnormal behaviors occur, take actions to control the object in a secure situation.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

1

Method and Apparatus of Adaptive Compliance Checking for Enterprise IT system

Background: An enterprise is required to be compliant with regulations and standards. Some of the requirements are mapped to IT(information technology) level controls, such as, password management, file permission, access control, vulnerability, etc. Compliance checking is an assurance process to verify specific settings have been implemented according to security policies. It usually include scoping, scan, review, remediation and validation. A lot of efforts in manually analyze and review check result and remediate. It usually takes months for review and remediation, because of various situations like false positive, security exception, etc. The servers are under risk during remediation window, which possibly leads to business lose.

Problem: Once a violation is discovered by automatic compliance checking, how to safely and effectively remediate the violation?

There are two examples of violations below: 1) File Permission: Usually ‘/var/lib/mysql’ permission is set as 700. But in current server, it is set to 777 by root user, the application is configured to use root

right for a job - data backup. It can not be remediated which will lead to job failure. 2) Password Max Age: Usually user password needs to have a maximal age, like 90 days. When installing database server in a Linux server, some database

users are created, and their passwords are set as never expire. They can not be auto remediated into 90 days, because it will impact corresponding applications, and then business failure.

There are two prior arts to handle the violations above. Prior art 1: Force to fix the violation immediately. The weakness of the way is if the function of IT system depends on certain violated IT configuration, e.g. password, path etc., immediately fi...