New service: Compliance
Protect your systems
Compliance is an automated tool that allows organizations to check if their networks, systems, and applications have security vulnerabilities that could expose them to attacks. Vulnerability scanning is a common practice and is often required by industry standards and government regulations to improve the security posture of an organization. Compliance allows you to scan virtual and physical machines for security threats.
Identify common server vulnerabilities and configuration issues, including antivirus, network, and password requirements, using Compliance.
- Scanning servers for compliance with modern security standards
- Search for vulnerabilities in operating system and software installed on a server
- Auto-fix detected vulnerabilities
- Automatic scan schedules
- Sending and exporting scan results
Automation and Integration
You can automate and integrate Compliance into your infrastructure. This allows your technicians to focus on what matters most and fix security issues early.
Web service Compliance allows you to scan servers for compliance with information security requirements without any harm to the servers and their software. The test results are provided in the form of detailed reports.
How Compliance works
- Import Windows or Linux server
- Select the type of scan and run it
- View results as a report
- Apply auto-fix for vulnerabilities
Preparing server before scanning
Before the first scan, tweak the intrusion prevention software or firewalls so that Compliance can run scans. You also need to make sure SSH is configured for Linux servers and winrm for Windows servers.
Find, fix and prevent vulnerabilities
Compliance checks servers for system reliability in case of unauthorized access attempts and cyber attacks. Each server software will be checked for network settings, prohibited services, password requirements, resource protection, guest account restrictions, firewall, antivirus, etc. Upon completion of the scan, Compliance will provide you with a report that you can use to make decisions and fix issues.
If a vulnerability is found during scanning, the service will mark it and offer to apply auto-fix. If a vulnerability can only be fixed manually, it will be flagged accordingly. This significantly saves time spent on maintaining the security of systems.
Planning security audits
Compliance allows you to conduct both single on-demand server checks and set up automatic scans with auto-fix vulnerabilities.
There is a “Statistics” page for administrators in the service. This page displays a list of users the administrator is standing over, a list of servers for each user, and summary statistics on scan statuses (compliant, incompliant, or unknown). The ability to export the scan history of all servers with information about them. Also, for convenience, the list can be filtered by security policies.
Working with reports
The functionality of the service allows you to compare the results of two scans in a separate window. The user is presented with a report comparison table, where the security requirements are listed in the left column, and the verification results for the two selected reports are shown on the right. This feature is useful for identifying differences in vulnerabilities over two different periods.
Also, Compliance allows you to share the added servers with other users or set up automatic reports mailing to the selected users.
Continuous Vulnerability Management
Performing a monthly or quarterly vulnerability scan only provides a snapshot in time and does not reflect the security status of the tested systems between scans. This can lead to significant blind spots, which is why the security industry recommends increasing the frequency of vulnerability scanning as part of an approach called continuous vulnerability management.
Regular scans of your virtual and physical machines identify weaknesses that could be exploited by attackers. Understand your risks and find out which vulnerabilities need to be fixed first with Compliance.
Compliance is a server security testing tool designed to help small and medium-sized organizations take control of their web security.We believe security teams can mitigate risks for all types of web applications through fast crawling, comprehensive results, and intelligent automation.
Cybersecurity is important because it includes everything related to protecting our confidential data, personal information, health information, intellectual property, and data from theft and damage caused by criminals.