McAfee Change Control

McAfee Change Control Overview:

McAfee Change Control delivers continuous detection of system-level changes being made across distributed and remote locations, and uniquely provides change prevention that blocks unauthorized changes to critical system files, directories, and configurations. Change Control tracks and validates every attempted change in real time on your server, enforcing change policy by a time window, source, or approved work ticket. This continuous control minimizes the impact from ad hoc or unauthorized changes.

Description:

Critical IT systems such as financial systems and those running mission-critical IT services are usually governed by complex policies that define the proper procedure for making a change. These policies may include the proper procedure for approving changes, the correct approval authorities for different types of changes, in what time windows approved changes are to be implemented, and who/what applications are allowed to implement changes. Administrators often make changes that violate these policies without realizing the impact of their actions. Such violations can cause outages and cause material weaknesses in compliance standards, such as Sarbanes-Oxley and PCI DSS.

McAfee Change Control turns policy into reality by automatically enforcing change policies on enforcement-enabled servers. When a change attempt is made, it is first examined to see if it conforms to the defined policy, and if it does, the change is implemented on the system. If any out-of-policy change is attempted, it is blocked and a record is made of the change attempt. If blocking is not desirable, the system can also be configured to allow a change, and send out a policy alert in real-time, as well as provide detailed reporting.

Improved compliance management — Unauthorized changes can violate policies, leading to possible outages and material weakness in compliance standards. Change Control provides categorical management, enabling IT to fulfill and validate compliance requirements efficiently and cost effectively. This supports many compliance standards, including PCI and SOX, as well as healthcare and energy industry requirements. It is flexible enough to enforce corporate policies as part of an overall Governance, Risk & Compliance (GRC) solution.

Streamlined monitoring and control — Change Control is operationally friendly and allows for normal system changes to seamlessly occur. It delivers the capability to create and deploy new policies that take effect immediately for targeted field or data center servers. With the McAfee ePolicy Orchestrator (ePO) platform, you can set change policy profiles, specify change event notifications, and prioritize alerts — all from a single console. Continuously monitor and get alerts to unauthorized changes, while enforcing stronger policies to prevent changes to critical server files, directories, and configurations. Change Control lowers risk, reduces the cost of reacting to unauthorized changes, and eases the implementation of new compliance requirements.

Benefits and Features:

Real Time Change Control Solutions:

Most IT organizations today recognize the centrality of change to their operational effectiveness. Many have invested in process automation tools such as a Change Management system or a Service Desk. Yet, a gap persists between actual change activity and the documented Change Management process. This change control gap results in manual activity by IT departments to control and minimize the costs of change.

McAfee Change Control bridges this gap by adding control to change management. This is accomplished by providing customers with real-time detection of changes being made, accountability to validate change activity and real-time change prevention to block unwanted changes. McAfee Change Control easily automates PCI and SOX controls for compliance reporting, locks down critical systems to ensure only trusted applications run, and prevents change-related outages for improved service availability and accelerated ITIL adoption.

McAfee Change Control is an operational-friendly, low-touch and low overhead software that can be deployed on a wide range of hardware platforms. McAfee Change Control provides change control on servers, network devices (including switches, routers and firewalls), and databases.

Real-Time Change Control
Unlike scan-based solutions which take and compare snapshots of the state of a system, McAfee Change Control continuously tracks and validates every attempted change in real-time. This approach has several important benefits:

• Every change across the infrastructure is recorded in an independent change database the moment it happens
• Every attempted change can be validated in real-time, before the change is applied
• Very little overhead on the endpoint helps eliminate spikes in resource utilization that could interfere with operations.

McAfee’s capabilities for capturing all change events across servers, network devices and databases in real-time allows administrators to configure immediate alerts to exceptional changes, which can be fed to the McAfee Change Control dashboard or to an external monitoring application. McAfee Change Control also creates a change database that is comprehensive and always up-to-date. Intelligent filtering ensures that only relevant changes make it to the database, minimizing consumption of network bandwidth. The McAfee change database becomes the foundation for McAfee’s powerful search capability, which provides the rich forensic information needed to quickly pinpoint the root-cause of any change-related incident. This capability is also fully-functional when the system in question is offline.

Because every change is captured at the exact moment it occurs, and because it includes rich information about the change, highly accurate reconciliation with change tickets is possible.

McAfee Change Reconciliation, which can operate in concert with McAfee Change Control, correlates the changes made on servers to change tickets documented in existing ticketing systems, and can integrate with popular change management systems such as HP Service Manager and BMC Remedy. McAfee also integrates with popular configuration management databases (CMDB) such as BMC Atrium and HP Universal CMDB.

McAfee Integrity Monitor is designed to help enterprises and service providers quickly, easily and costeffectively address the database and network device audit trail requirements specified by PCI DSS category 10, as well as the continuous file integrity monitoring requirements specified by PCI DSS category 11. McAfee PCI Pro captures all changes to files, allowing administrators to quickly see where compliance policies are being challenged. The solution identifies and alerts on transient violations, such as when a file is changed inappropriately and then changed back, and also captures specific details about every change including the exact time of the change. In accordance with PCI DSS section 1, McAfee Integrity Monitor also allows organizations to establish configuration standards for network devices and provides the capability to monitor the compliance of the devices in real-time. All configuration changes are tracked and versioned to meet the PCI DSS section 10 requirements for audit trails. Policies can also be set to rollback to a “Trusted Device Configuration” when any unauthorized configuration change is detected. The product provides outof- the-box PCI reports to demonstrate compliance to auditors with minimal effort, thus reducing the cost of PCI compliance verification.

Finally, the ability to detect and validate attempted changes in real-time enables IT organizations to technically enforce the change policy. The IT organization can now disallow out-of-policy changes attempted on select systems before they occur. This greatly reduces change-related outages and compliance violations.

Enterprise Solutions

Meeting and sustaining PCI DSS compliance
Achieving Payment Card Industry Data Security Standard (PCI DSS) compliance requires merchants and service providers to address approximately 180 individual requirements in 12 categories. However, categories 10 and 11 of the PCI-DSS, which specify the use file integrity monitoring and audit trails, have proven to be the most difficult to fulfill and least satisfied according to recent research. These requirements have been difficult to satisfy because existing tools have merely provided “periodic” file integrity monitoring capabilities that would detect changes through resource-intensive system scans. McAfee Change Control provides categorical control over IT infrastructure, enabling retailers and those who process credit card transactions to fulfill the difficult PCI requirements and validate PCI compliance in an efficient and cost-effective manner.

To help merchants of all sizes easily and cost-effectively address the file integrity monitoring and audit trail requirements outlined in sections 1, 10 and 11 of the PCI DSS, McAfee offers the PCI Pro software. Many of the world’s leading qualified security assessors (QSAs) are certifying and recommending these solutions as an essential element of a comprehensive PCI compliance strategy.

Self service Sarbanes-Oxley auditing
The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with the implications of SOX to their businesses, one thing is clear: a SOX compliance program is not a one-time project but a sustained effort to gain visibility and accountability into business processes that affect the accuracy of financial reporting. An additional note is that most of the IT controls around SOX compliance are manual, error prone and resource intensive.

McAfee Change Control has helped a number of customers solve their SOX compliance challenges by building a self-service, automated IT control framework in which all the information required to verify compliance is available in a single reporting system - at the click of a button. McAfee’s real-time change detection capability along with its automated and highly accurate change reconciliation provides an automated way to validate changes against authorizations. Out-of-process changes (for example, emergency fixes) are automatically documented and reconciled for easier auditability. Customers using McAfee Change Control for Sarbanes-Oxley auditing have realized significant benefits both in terms of reduced risk as well as reduced cost. In most cases, the first phase of benefits comes in the form of automating the existing manual controls. The second phase of benefits comes from rationalizing and reducing the control set, based on demonstrating to auditors that control capabilities are built into the fabric of the environment.

Improve service availability
Most unavailability today is caused by change. IT organizations recognize the centrality of change to their operational effectiveness. The statistics are well-known: 80% of unplanned downtime is caused by unauthorized or untested change. Additionally, 80% of the time taken to restore availability is spent in discovering what changed. Despite this, a gap persists between actual change activity and the documented change process. This change control gap results in manual activity by IT departments to control and minimize the high costs of change and change-related outages.

McAfee Change Control enables IT organizations achieve higher service availability by bridging this change control gap. With McAfee Change Control, changes are tracked in real-time for up-to-thesecond change visibility. The rich set of change information McAfee captures is accessible via a powerful and flexible search and reporting interface, dramatically improving forensic ability and speeding diagnostic time. McAfee Change Control enables the selective enforcement of change policies, to prevent unknown changes from occurring before they cause a problem. Customers using McAfee Change Control for continuous service availability have seen dramatic improvements in the number of unavailability incidents (as measured by Mean Time between Failures), as well as recovery time per incident (as measured by Mean Time To Repair). The resulting cost savings, while dependent on the specifics of the environment, is significant.

Accelerate ITIL adoption
Most medium and large-sized organizations are examining ways in which to improve operational efficiency, and ITIL is fast emerging as the de-facto standard in defining a set of best practices around IT operations. The major technical barrier to achieving quick returns on ITIL investments is the lack of control of change across the infrastructure. Without a controlled change environment, all investments in automation and efficiency produce poorer returns than they should because they are essentially operating on a moving target. The major cultural barrier to successful ITIL projects is demonstrating return on investment to the business, particularly since ITIL projects tend to be large, multi-phase implementations.

Customers use McAfee Change Control to dramatically accelerate the pace at which they are able to demonstrate ROI to the business. When McAfee Change Control is deployed, it maintains a controlled environment on which to enable automation. With McAfee Change Control, customers get real-time visibility into change, automated and accurate reconciliation of changes against approvals, and finally, the ability to selectively enforce change policies. They are also able to translate all of this into meaningful returns on investment to the business.

System Requirements:

Supported Operating Systems (OS)

• Windows NT
• Windows 2000/2003/2008
• Windows XP
• Windows XPE
• Windows Vista
• Windows XP (64-bit/AMD64)
• Windows 2003/2008 (64-bit/AMD64)
• Windows Vista (64-bit/AMD64)
• Windows XP (64-bit/IA64)
• Windows 2003/2008 (64-bit/IA64)
• Windows Vista (64-bit/IA64)
• Windows CE 6.0
• Red Hat EnterpriseLinux 3/4/5
• CentOS 4/5
• SUSE Enterprise Linux 9/10
• Oracle Enterprise Linux 5
• Solaris 8/9/10
• HP-UX 11.00/11.11/11.23
• AIX 5.2/5.3
• IBM i5/OS (AS400) V5R3/V5R4/V6R1
• IBM 4690 OS V5

Documentation:

Download the McAfee Change Control Solutions Datasheet (PDF).