Keeping abreast of regulatory policies, we continuously introduce baselines corresponding to CIS standards. Enterprises can use the compliance baseline module to automate one-click detecting, visualise the baseline results, and carry out repairs according to the remediation recommendations provided by the product to meet regulatory requirements.
For inspections by superiors or relevant regulatory authorities, you can customise the baseline function of the product to flexibly formulate standards of different inspection intensities for different inspection benchmarks, and formulate your own strategies for self-inspection in advance and timely rectification, so as to meet the needs of different inspection scenarios.
According to the relevant baseline specifications of different industries, combined with the personalised application scenarios of enterprises, the product can provide you with baseline custom development services, in order to quickly match the security configuration needs of various industries and enterprises.
Security researchers continue to study the CIS Baseline Standards, and continue to promote the support of more baseline standards. The product currently supports Centos, Debian, RedHat, SUSE, Windows Server 2008, Windows Server 2012 and other commonly used operating systems, and at the same time covers more than 10 kinds of database and web service applications such as Apache, MongoDB, Mysql.
Based on the fine-grained inventory of assets, it automatically filters out the system and application baselines that need to be checked on the selected workload according to the information of the workload's operating system and software applications. It also supports one-click batch creation of baseline tasks, which is easy to operate.
The Compliance Baseline function is designed with a flexible and configurable task-based scanning mechanism. Users can quickly create a baseline scanning task, select the wokloads and baselines to be scanned according to the inspection needs, and upon completion of the inspection, the baseline inspection results will be visually presented in both the Inspection Item View and the Workload View to meet the enterprise's individual inspection needs.
Enterprises can define their own baseline inspection items according to actual usage scenarios, such as defining inspection thresholds, customising inspection catalogues, customising inspection results presentation templates, customising inspection item remediation plans, etc., in order to meet diversified internal regulatory requirements of enterprises.
The product builds a one-stop security compliance solution from scanning to processing: automated task-based baseline scanning, visualisation of workloads compliance, effective remediation recommendations accurate to the command line for each non-compliant checklist, and provides baseline export, whitelisting functions, for baseline rectification to provide a more convenient way of management .
The product currently supports more than 1500 Checklists Knowledge Base, while security researchers continue to pay attention to global baseline standards and continuously enrich the baseline configuration check system Checklist Knowledge Base. At the same time, the Knowledge Base can be customised according to the relevant baseline specifications of different industries to match the security configuration needs of each industry.
The Compliance Baseline product can provide API to issue baseline inspection policies and return inspection result information at the same time, so that they can be seamlessly integrated with the Enterprise Security Management Platform. The Security Management Platform can carry out process control for different inspection specifications and inspection results for different inspection purposes of the security baseline, understand the rectification process of the weaknesses of the baseline inspection configuration to provide more favourable process control information for security management efforts.
Agent-based white-box discovery mechanism can automatically detect the type and version of the verified operating system and application, and automatically discover the installation paths of middleware and databases, which makes scanning smarter and more accurate.
