System Center 2012 R2 & the Security Frontier
In a cloud-connected world, information security and technical vulnerability are a rapidly evolving landscape. It seems every week there are reports of some new hack or exploit that can afflict small businesses and large corporations alike.
The good news is – you may already have some powerful tools at your disposal to help guard your network, such as the Microsoft System Center 2012 R2 suite. While System Center won’t remove the need for dedicated security appliances and procedures, it can be used as a versatile toolset to complement your defense arsenal.
Patching with Windows Server Update Services (WSUS) keeps systems up-to-date and is the first line of defense against known exploits. For instance, when a recently released Microsoft security update like KB3002657 is announced, WSUS integrated into System Center Configuration Manager (SCCM) will report in the console on which machines need it; it can then be scheduled and pushed out as per corporate policy within defined maintenance windows.
Within SCCM, several other mechanisms can be useful for security purposes. Machines can be pre-provisioned with BitLocker, a full disk encryption feature and SCCM can push Microsoft BitLocker Administration and Monitoring (MBAM) agents. Baselines and compliance can auto-install corporate mandated software, like Endpoint Protection for antivirus, or trigger uninstalls of unapproved applications. Software inventory and application metering provides an overview of software present in the environment. In case of a vulnerability, such as the recently disclosed critical CVE-2014-6332, SCCM can perform file gathering operations to report on things like version information and date/timestamps so administrators can more quickly identify affected systems. Used in conjunction with the Enhanced Mitigation Experience Toolkit (EMET), remediation can be undertaken.
System Center Operations Manager (SCOM) has a component called Audit Collection Services (ACS), which can collect logs from domain controllers into a database for analysis and reporting; or author a management pack to present a subset of this information directly within the SCOM console. SCOM can be used to coordinate approvals for Change Management when conducting emergency patching, so the process can be reviewed and tracked later. Further customization could be implemented with Orchestrator, such as to pull and parse data from other security systems. If there is need to restore in the event of corruption, call on Data Protection Manager (DPM).
The System Center suite itself aspires to be secure, as many elements utilize computer or web certificates to secure communications between agents and servers when available, for things like IIS and SQL Reporting Services. Role Based Access Control (RBAC) is implemented to provide granular access levels for various tiers of IT support staff in order to grant rights only to those who need it.
SWC has a knowledgeable staff of IT security professionals that can help take your security infrastructure to the next level with network intrusion detection, perimeter defense mechanisms, audits, penetration testing and security as a managed service.
As previously stated, System Center won’t remove the need for dedicated security appliances and procedures but can be used to compliment your defense arsenal. So, if you’ve got it, leverage it! And, if you’re thinking about deploying it, ask SWC what you can do to maximize your ROI with Microsoft System Center!
Recommended Microsoft System Center Posts
If you enjoyed this post from Kurt on Microsoft System Center, please check out a few of our past related posts:
Microsoft System Center Endpoint Protection 2012 R2
Using Service Manager As A Complete Help Desk Solution
Making Optimized IT Delivery A Reality In Your Organization
Why We Love Microsoft System Center Virtual Machine Manager (And You Should, Too!)
The Sky is the Limit: Improve Operational Efficiency with System Center Orchestrator 2012 R2
Why You Need to Upgrade to Operations Manager 2012 R2
Let’s Talk Backup: Microsoft System Center Data Protection Manager 2012 R2
Integrating Microsoft System Center Endpoint Protection 2012 R2
Microsoft System Center Licensing Key Points
Integrating Microsoft System Center Configuration Manager 2012 R2
One System Center To Rule Them All
Better Together: Microsoft System Center and Windows Server 2012 R2
Recommended Security Posts
If your organization is concerned about cyber-security, check out a few of our past posts on related topics:
Ask SWC: How Can You Protect Your Organization From An IT Security Breach?
Don’t Take the Bait – Tips for Protecting Yourself Against Phishers
SWC Best Practices: Security Managed Services
SWC Best Practices: From a Security Perspective, What is the Worst Case Scenario?
Ask SWC: Malware Protection | How to Prevent Another Sony Hack
SWC Best Practices: What Are Some Mobile Security Risks?
SWC Best Practices: What Industries Are Facing the Most Security Issues?