Support Site

IT Foundation

Revisiting How ConsoleWorks Handles Baseline Configuration Management (BCM) of All Cyber Assets

by

One element of configuration management is the recording and auditing of the actual configuration files on IT/OT devices. The first time we document the configuration of a device that becomes the device’s baseline. The baseline is required before an audit can be performed.

The most straightforward audit checks the configuration to see if it has changed. More advanced audits use records (approved and assigned changes) from the CMDB or other change management repository, checking to see if the configuration of the device is what it should be. Each configuration change that is supposed to occur (like installing a patch) creates a new baseline.

This is often a very manual process. People are involved in each step along the way, connecting to each device to pull down the current configuration and then manually comparing the baseline with the current configuration. They have to check records in multiple places when the audit is checking the “should be” configuration.

The process is expensive, it is reactive (it lags actual changes sometimes by weeks or months), it is error-prone and unintentional device configuration changes can impact the overall security practice. There has to be a better way.

With ConsoleWorks BCM, configuration data is pulled automatically on a periodic basis. ConsoleWorks uses an agentless, patented approach to managing the IT/OT Infrastructure. ConsoleWorks is connected to the device regardless of its state (i.e. up, down, single user or maintenance mode). The configuration is checked against the current baseline, and any changes between the two are immediately alerted on. Alerts include the exact (keystroke by keystroke) changes between the baseline and the current configuration data. You can also check for differences between devices that are in specific groups (i.e. – they should all have the same security patches installed). Having this capability significantly reduces the time involved in collecting the data required to support an audit and producing the reports to prove compliance.

Looking at the Utility industry, in particular, there is a requirement to meet specific NERC-CIP requirements for establishing and retaining a set of secure configuration profiles across hundreds, often thousands, of cyber assets. Manufacturer point solutions exist in a few cases today. However, the limited capabilities vary across manufacturers, and the functionality is inadequate for addressing the basic NERC CIP requirements.

ConsoleWorks automates baseline configuration management of all cyber assets from the control room, to the substation, to the pole. It periodically retrieves the current configuration of each monitored asset and compares it to the established baseline. If a difference is detected, an Event is created and logged, and a notification is sent to a designated person for further assessment.

Moving from a manual configuration management process to an entirely automated process has many benefits. There is a drastic reduction in cost (man hours), the accuracy of the data and audit findings is dependable and issues can be identified quickly and resolved, typically long before the manual process would even detect that the issue exists.

CIP-010 R1: The Importance of Baseline Configuration as a Critical Security Management Control

Patch Management a Constant Drain or Major Cost Savings Opportunity

by

Patch management is an inglorious part of the life of admins, engineers, technicians, and support staff. It seems that the patches just keep coming faster and faster, and where they once fixed function bugs or even enable extended features, now the majority address security vulnerabilities. That’s not good news because there is a lot more pressure on getting security patches in place in a timely manner than in most other scenarios.

If you are responsible for patch management and everything is running smooth, then you probably consider patching as a rote activity. If you are responsible for a large IT environment where you feel like you’re always one step behind the patches you need to install, then you are probably feeling like a lot of the folks – frustrated.

One of the capabilities in the ConsoleWorks solution is a module called Multi-Connect. With Multi-Connect, up to 40 like devices can be patched at the same time from a single master console. Just put the devices into a group and then patch them all at the same time. What is unique about this capability is that while you may only have one master console, all devices being patched are continuously monitored so you can jump in and fix any issues on any device as needed. All patching activities in this scenario are fully recorded, making it extremely easy to provide documentation for compliance purposes and alerted on any issues that may arise.

ConsoleWorks Use Cases – Large Solaris server environment reduced the man-hours required for patching by 3x, saving them over a million dollars a year. In another scenario, a small (5) server environment drop patching and maintenance costs by over $50,000 per year.

Electric Utilities – ConsoleWorks now offers Automated Patch Analysis. A solution that greatly simplifies the process of gathering the information required for patching IT and OT devices – beyond the HMI.

Flexibility of Enterprise-Wide Integration

by

In the most comprehensive implementations, ConsoleWorks is the single pane of glass for managing and helping to integrate the foundation of the IT enterprise.

ConsoleWorks has an enormous amount of flexibility for managing the standard IT hardware devices and applications, and also enabling less common devices to be brought under the same management environment through its integration capabilities.

ConsoleWorks provides a number of methods that enable the product to be adapted to the specific IT enterprise requirements for the day-to-day security and management of hardware, virtual machines, and applications.

All of these advanced capabilities help to integrate ConsoleWorks into the tools, processes, and requirements of our customers rather than forcing our customers’ processes to work with the product. Some of these capabilities relate to:

  • Intelligent Event Modules (IEMs)
  • Controlled Automation
  • Command Control
  • Expect-Lite Routines
  • Actions
  • Tags

See the Resources Page for More Information

Access Control with ConsoleWorks

by

When it comes to security, ConsoleWorks offers many unique features to ensure consistent security practices across the entire IT infrastructure, including robust Access Control capabilities using a role-based/task-based permissions model.

Privileged users should be able to access only those interfaces needed to perform their work. Role-based access and control in the IT foundation ensures that interfaces cannot be accessed without permission. Users only see the interfaces assigned to them.

ConsoleWorks provides advanced role-based access and control capabilities with LDAP integrations for fine-grained control of access rights and privileges across all managed connections. Access Control Rules enable administrators more granular and graduated control over what specific users can do inside ConsoleWorks and how they can use ConsoleWorks to access and interact with managed assets.

In ConsoleWorks 4.6, the permissions model has been completely re-engineered. Significant enhancements have been made with new capabilities that allow very granular control over what any one person is allowed to do in ConsoleWorks, particularly with separation of duties.

View Datasheets in Resources

The ConsoleWorks Difference

by

ConsoleWorks is the leading Cybersecurity Operations Platform on the market. The ConsoleWorks Server is the high-performance engine that handles information flow processing, business rule execution, pattern-matching, role-based security, and signed log-file generation. It handles all input and output across the enterprise on the devices and application that it manages, serving this data up as needed.

ConsoleWorks is capable of managing more than 1000 connections per server invocation. The ConsoleWorks Server is a complete solution package for managing the IT foundation of the enterprise.

Some of the key features of ConsoleWorks include role-based access and control, secure remote management and monitoring, in-band and out-of-band management, bi-directional data capture, digitally signed logs and forensic files, and comprehensive automation. ConsoleWorks is also agentless and persistent to facilitate IT operations, enforce security, and maintain comprehensive audit trails.

View Datasheets in Resources

Change Management with ConsoleWorks

by

One of the biggest compliance challenges organizations must address is documenting the actions of privileged users. But this challenge often falls into the change management bucket as well. When implementing organizational change, documentation is key in ensuring that things are going according to plan. Unfortunately, traditional change management often requires privileged users to manually document their activity. This practice fails to meet one of the primary goals of change management – to minimize the impact of organizational change on workers. Not to mention the margin for error – missing records, inaccuracies, and inconsistencies will exist in this scenario.

Fortunately, ConsoleWorks solves this problem. By sitting between privileged users and privileged interfaces, ConsoleWorks can capture every keystroke of privileged users and automatically produce digitally signed records. This eliminates the need for manual documentation and provides an accurate way to verify practices across the entire IT environment.

ConsoleWorks can also be used to directly enforce policies with real-time control capabilities. Privileged user activity is captured in real-time and can be scanned for out-of-policy activity. Control capabilities range from generating an email or text message to programmatically terminating a user session.

View Datasheets in Resources

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us