Security researchers continue to study the Classified Security Protection of China and CIS Benchmark, and continue to promote more support for baseline standards. The product currently supports common operating systems such as Centos, Debian, Red Hat, SUSE, Windows Server 2008, Windows Server 2012, and covers more than 10 databases and web services applications such as Apache, mongoDB and mysql.
On the basis of fine-grained inventory of assets, the system and application baseline that need to be checked on the server are automatically screened out according to the information of operation system and software application of the selected server. At the same time, it supports one-click batch baseline task, which is easy to use.
Compliance baseline feature designs a flexible and configurable task-based scanning mechanism. Users can quickly create a baseline scanning task, and select the workload and baseline that need to be scanned according to the needs of the detection. After the detection is completed, the results of the baseline detection will be divided into detection items view and host view visualization presentation to meet the customized baseline of enterprises.
According to the practical scenarios, enterprises can define their own baseline detection items, such as defining the detection threshold, customizing the detection catalogue, customizing the display template of detection results, customizing the remediation scheme of detection items, etc. to meet the diversified internal supervision requirements of enterprises.
The product builds a one-stop security compliance solution from scanning to processing: automated task-based baseline scanning, visual server compliance, effective repair suggestions accurately to command line for each unconventional checklist, and provides baseline export and whitelisting to provide a more convenient management mode for baseline remiediation.
The product currently supports 1500 + checklist knowledge base, while security researchers continue to focus on baseline standards , and constantly enrich the Checklist knowledge base of the baseline configuration detection system. At the same time, according to the relevant baseline specifications of different industries, customized management of knowledge base can be realized to match the security configuration requirements of various industries.
Compliance baseline products can provide API baseline detection strategy, return the information of inspection results, and seamlessly integrate with enterprise security management platform. The security management platform can control the process according to the different detection criteria of the security baseline and the detection results for different purposes, understanding the process of remediate the weaknesses of the baseline detection configuration, and provide more advantageous process control information for the security management.
The agent-based white-box discovery mechanism can automatically detect the type and version of the checked operating system and application, and automatically discover the installation path of middleware and database, which make scan more intelligently and accurately.