Increase visibility of the IT environment to improve security and regulatory audit compliance with Lumension Enterprise Reporting

Compliance and IT Risk Management Business Issues & Challenges

The expanding influence of security and business regulation and the increasing need to demonstrate compliance with internal polices make corporate governance and risk management a top priority for organizations worldwide. As companies plan for the future, the link between IT and business consistently ranks as one of the top three priorities for CIOs¹.

IT senior executives need timely, accurate system visibility, configuration conformance data, vulnerability management analysis and reporting to help assess business risk and meet regulatory compliance.

Overview

IT senior executives need timely, accurate system visibility, configuration conformance data, vulnerability management analysis and reporting to help assess business risk and meet regulatory compliance.

Lumension Enterprise Reporting, is a fully customizable, centralized business intelligence solution that enables organizations to:

• Provide centralized visibility of IT assets and consolidates vulnerability and configuration data across the enterprise
• Assess business risk through powerful and granular data vulnerability, configuration and inventory analysis
• Demonstrate security policy and regulatory compliance status through flexible, customized vulnerability and security reporting
  

How it Works

1. Gather data snapshots from multiple Lumension Patch and Remediation servers in your environment, on a pre-defined, automated basis. The data is uploaded to a separate Enterprise Reporting server, via secure RSA encrypted transmissions. This ensures that data analysis does not interfere with critical assessment and remediation activities. Once uploaded, the data is consolidated into the central Enterprise Reporting data warehouse repository for centralized analysis and reporting. 2. Start your analysis at a global level, and then drill down to view specific Patch and Remediation Servers. For granular analysis, you can further drill into the results for individual groups or network devices. Graphical representations for vulnerability management, asset management, configuration conformance and trending analysis are also available. 3. Role-based access to data and reports makes it fast and easy for users to identify data that is critical to their area of responsibility. This ensures information is viewed only by individuals with proper authority. Lumension Enterprise Reporting’s open database schema integrates with any ODBC/OLEDB compliant reporting tool, including leading third party report generators from Business Objects, Crystal Reports and Microsoft. 4. Create policy-based vulnerability management reports that accurately demonstrate in real-time the status of your security posture. The reports you create will support internal policy enforcement and compliance with IT security aspects of government regulations such as Sarbanes-Oxley, HIPAA, PCI and FISMA.

Features & Benefits

Key Product Features	Benefit
Auto Report Generation & Distribution Schedule automated report generation and immediate email distribution of reports to authorized users.	Improves Efficiency of IT Operations Optimize IT staff productivity and improve information flow with the organization.
Comprehensive Pre-Defined Report Library 29 standard reports for vulnerabilities, patch deployment, configuration, inventory, compliance, and more are included Further, these reports are not fixed and may be extended to meet the organization’s needs.	Ensures Audit Readiness Eliminate and automate routine administration tasks to provide productive immediately actionable system information.
Data Mining Interactive reports allow you to “drill down” into report data, drilling from a global view of all users down to individual groups and entire Update servers down to individual devices.	Delivers Multiple Views of Information Linked data allows IT and compliance staff to efficiently find and process the system and regulatory information.
Efficient Data Consolidation Enterprise reporting utilizes a separate server to minimize disruptions to Lumension Patch and Remediation, enabling you to run reports without interrupting key vulnerability management tasks.	Maintains Security Reporting system independence ensures no degradation of security within your enterprise.
Enterprise Dashboard Global view of vulnerability status for all enterprise assets provides a unified look at the health of your enterprise.	Delivers Quick, Unified View of All Assets Provide your organization an at a glance understanding of risk and system status.
Extensible to 3rd Party Reporting Tools Works seamlessly with third party reporting tools including SQL Reporting Services, Business Objects, Crystal Reports, and more.	Integrates with Existing Systems Integrate vulnerability management information into your existing IT management systems to provide a unified solution for enterprise reporting.
System Configuration Reporting Allows information targeting to an organization’s specific functional groups, as well as summary views and trending.	Provides Easy Risk Assessment Provide the ability to assess enterprise wide risk due to configuration conformance.
Instantaneous Results View current status of vulnerability management efforts with up-to-minute reports.	Ensures Audit Readiness Timeliness of reporting ensures no hidden compliance or security system status will be overlooked.
Open Reporting Schema Data views make it easier to find reporting data; underlying queries are exposed to easily create custom reports.	Increases Productivity Improve IT productivity through easy to use, rapid report creation.
Policy-Based Reporting Flexible policy-based reporting enables you to substantiate compliance with security aspects of government regulations such as Sarbanes-Oxley, HIPAA, FISMA and others.	Maintains Compliance By aiding in the achievement of regulatory compliance, the enterprise helps to minimize its legal, financial, and reputational concerns.
Automated Data Transfer Data from multiple Lumension Patch and Remediation Servers is automatically transferred to a secure central repository using RSA encryption.	Saves IT Time and Enhances Communication Reduce your operational IT staff burden and improve information flow within the enterprise.
Data Purge Management Remove dated data and conserve disk space.	Saves IT Time and Costs Reduce system storage requirements to minimize implementation and maintenance costs of reporting.

Requirements for the host server

Minimum System Requirements:

	< 5,000 Devices	>5,001 to 10,000 Devices	> 10,000 Devices
Processor*	One Single Core 3.0 GHz Intel® Xeon®	One Single Dual-Core Intel® Xeon®	Please contact Lumension Professional Services
RAM	4 GB	4 GB
Disk Capacity	125 GB	150 GB
Network Connection	Single FE (100Mbps)	Single FE (100Mbps)

*Note: If SSL will be implemented, an SSL Acceleration card is recommended.

Minimum Software Requirements:

	< 5,000 Devices	5,001 to 10,000 Devices	> 10,000 Devices
SQLr	Microsoft SQL Server 2005 Standard (or Enterprise) Edition SP2 Microsoft SQL 2005 Reporting Services SP2	Microsoft SQL Server 2005 Standard (or Enterprise) Edition SP2 Microsoft SQL 2005 Reporting Services SP2	Please contact Professional Services
Other	Microsoft Internet Information Services (IIS) 6.0 SP1 Microsoft .NET Framework v 1.1 SP1 and v2.0 Microsoft Internet Explorer 6.0 SP1	Microsoft Internet Information Services (IIS) 6.0 SP1 Microsoft .NET Framework v 1.1 SP1 and v2.0 Microsoft Internet Explorer 6.0 SP1

Supported Operating Systems:

• Microsoft Windows Server™ 2003, Standard Edition with SP1 or later
• Windows Server 2003, Enterprise Edition with SP1 or later
• Windows Server 2003 R2, Standard Edition (SP2 recommended)

* Note: If SSL will be implemented, an SSL Acceleration card is recommended.

Sources:

1. Gartner EXP's annual CIO survey 2007 and 2008