To understand how Security Manager Plus functions, you will need to know about the various components in Security Manager Plus architecture. The primary components of Security Manager Plus (SMP) are :
The External Vulnerability Aggregator resides at the ManageEngine site and draws vulnerability information from various security advisories - mainly advisories from the CVE and SecurityFocus websites, bulletins from the Microsoft website, and other vendor specific advisories, through Email and RSS Feeds.
Vulnerability and Windows patch information consolidation, assessment for information authenticity and testing for functional correctness is also carried out by the Security Manager Plus Enterprise Security Team. The final analysis and data are correlated to obtain a consolidated repository of vulnerability information - a vulnerability database, which serves as a baseline for vulnerability assessment in the enterprise (customer site). The modified vulnerability database is then published to the Central Repository Server for further use. The whole process of information gathering, vulnerability assessment, patch analysis and publishing the latest vulnerability database occurs periodically.
The Central Repository Server is a highly secure comprehensive database of all thoroughly analyzed vulnerability and patch information, residing at the ManageEngine site. Any update to the Central Repository Server is automatically recognized by the Security Manager Plus server, situated at the customer site.
Security Manager Plus Server is located at the enterprise (customer site) and subscribes to the Central Repository Server, to periodically download the vulnerability updates. It performs device discovery and assesses/scans the devices in the heterogeneous enterprise network and lists the open ports, vulnerabilities and missing patches, and generates reports to effectively manage the vulnerability assessment process in your enterprise. All these actions can be initiated from a universally accessible, web-console in a few simple clicks.
The Security Manager Plus Agent is a light-weight software that is installed in a target machine. It acts as a worker to carry out the management operations as instructed by the Security Manager Plus server. The agent-based mode of management is an option that you can adopt, based on your enterprise network infrastructure set-up and requirements. It is an optional component that can be employed in target machines that are locked down or behind a firewall (or) to manage systems in present in remote geographical locations where a dedicated network tunnel is not feasible.
Vulnerability Assessment using Security Manager Plus can be broadly considered as a three step process.
Security Manager Plus discovers all assets on a given network, and provides detailed information, including operating system, IP address, DNS Name, Mac Address and IF Descriptor , of the discovered asset. IT Administrators are provided with a variety of options to customize the discovery of enterprise resources., like using TCP ping or ICMP ping for host discovery, Nmap or SNMP for OS detection.
Once the network resources have been discovered scan is performed on open ports for identifying which services or applications are listening in these ports. On identifying the service, tests are run to identify the service specific vulnerabilities and Windows specific missing patches. When a scan is complete, vulnerabilities are displayed in a color-coded list that indicates the severity of each potential problem.
Reports can be generated automatically from Security Manager Plus web-console in HTML formats and exported to PDF/CSV formats and even can be e-mailed to any number of recipients in PDF/CSV formats. Customization is simple as Security Manager Plus provides report customization templates, whereby report sections can be added, removed or re-ordered. The amount of technical detail can be adjusted, allowing reports to be tailored for any target audience.
Not only are Security Manager Plus reports flexible, but they also provide the required vulnerability information efficiently in color-coded and graphical format.
Remediating vulnerabilities comprises of many aspects like notifying IT personnel so that they can fix them, effecting configuration changes in systems, routers or firewalls, deploying missing patches and service packs in desktops and servers etc.
Security Manager Plus offers two forms of remediation :
1. Patch Deployment : Once the missing patches are detected for Windows systems, Security Manager Plus allows you to install the missing patches and service packs in these systems, thereby remediating all such vulnerabilities for software products from Microsoft that have patches released by the vendor.
2. Trouble-ticket system integration : Vulnerability reports contain information to quickly understand what the problem is and provide supporting evidence that the system is vulnerable. You can generate trouble tickets from the Security Manager Plus generated vulnerability notification mails provided you have a Helpdesk system, like ManageEngine™ ServiceDesk Plus, in your enterprise which recognizes notification mails generated by Security Manager Plus and converts them to trouble tickets. URL links to vendor advisories and downloadable patches make remediation straightforward.