You are a customer that has purchased NetMRI to perform network change and configuration management. You are using the NetMRI to discover and monitor your devices for any changes (authorized or not) while adhering or determining that you are not adhering to compliance policies. You may even NetMRI to perform automated software upgrades. Life is good.
Mind the GAP
However, you may be missing something:
- Do you ever get PSIRT (product security incident response team) notifications from Cisco?
- Do you ever get Juniper bulletins?
- How do you know your devices are end of sale and/or end of support?
To cover for these issues, you do the following:
- Manually discover devices and associated software versions on your network.
- Get security advisories from your device vendors.
- Manually cross reference the advisories with what NetMRI discovered.
- Manually identify the risks and vulnerabilities.
- Remediate the vulnerabilities based on the advisory recommendation (ie software upgrade or configuration change).
How would you like to be able to the following:
- Use NetMRI to discover the devices, device vendor, and OS version.
- Automatically update the security policies for your discovered devices using NetMRI Advisor.
- Using the security policies to compare against the devices.
- Getting proactive alerts and notifications via NetMRI Advisor.
- Automate the remediation options.
NetMRI Advisor solves these problems:
- PSIRT information on your Cisco devices
- Bulletins from Juniper
- Infoblox Advisories
- End of sale/end of support information on discovered devices
- Other security feeds
The data comes from constant monitoring of vendor’s websites for security advisories and EoX information. It is then curated into rules and policies, then downloaded to the NetMRI appliance. By combining continuous updates of multi-vendor advisories with rich device discovery, NetMRI Advisor will:
- Compare the potential risks to your network devices.
- Alert you if the devices are vulnerable.
- Allow you to automate the remediation to keep your network locked down.
- NetMRI Advisor also helps plan future requirements by monitoring end of sale and end of support information.
What does NetMRI Advisor look like in action
When you first log in to NetMRI, you get the issues screen with the general view. Under the Views drop-down menu, there is a ‘PSIRT Advisor Vulnerabilities’ view that is installed. When selected, only the PSIRT items are shown:
You can then click on one of the policy violations and get the details. The screen below shows all of the devices within the device group ‘All Cisco Gear’ that are affected by this PSIRT in addition to how often the policy detected the problem. For each device, you see how many rules were applied to the device, the number of passed rules, and the number of rules that produced an error.
Under Policy Compliance, the policies that NetMRI Advisor created automatically are shown when deployed. Most of the devices passed on the policies except for one policy. The passed policies have a green check mark and the failed policies have a red X mark.
You can then click on any of the failed policies to get more details. You see in the Rules Summary that one rule passed and one rule failed.
Scroll down to see the rule that failed. There is the remediation section. Depending upon the rule, it could be a configuration change or in this case, it is a link to the advisory. In the advisory, there will be the remediation steps.
The next benefit NetMRI Advisor offers is detecting devices that are end-of-sale date, end-of-support date, and end-of-x (ie end-of-support or end-of-sale) status. This information is updated daily. These fields are added when NetMRI Advisor is installed. Based upon the EoX column, you may act on the ‘End of Support’ status or ‘End-of Sale’ status by replacing the device with a newer model.
NetMRI Advisor creates a couple of reports; a PSIRT report and an EoX report. These reports can be scheduled and emailed on a periodic basis. The reports can be viewed on the screen or exported as CSV files.
The PSIRT report shows the devices that have at least one failed rule. This helps with determining which devices need remediation.
The EoX report shows all of the devices that are either end-of-support or end-of-sale. This helps with device replacement planning.
The Core of NetMRI Advisor
NetMRI Advisor populates the rules and policies in the Policy Design Center. In order to test these rules and policies, they must be deployed just like any of the existing rules and policies.
For more information, contact Infoblox at www.infoblox.com or your Infoblox reseller.