Policy Checking and Compliance

Policy Checking and Compliance:
An Automated Solution that Includes Self-Healing Reconfiguration

In order to become compliant with regulations and frameworks such as FIPS, PCI, ISO27001, ITIL, SOX, HIPAA, and others, network device configuration should conform to these policies. They can include a number of different requirements to ensure that certain regulations are in place and standards are fulfilled. Since standards and policies are constantly being updated and changed, keeping track of revisions can be overwhelming. Manually checking for compliance to these policies is not only resource-intensive, but also radically increases the risk of errors as well as cyber-attacks.

While regulatory bodies establish best practices for industries, what about your company-wide policies? A next-generation, automated solution needs to do more than scan for compliance… it needs to fix the problems it finds. Each company needs the flexibility to establish their own policies and guidelines that matter most to them. And finally, this information needs to be fed into an automated reporting system for internal checks, submission to external agencies, and violation reporting analytics.

Simply put, configuration policies bring together a set of devices and apply a set of rules. The policy compliance and governance engine in StableNet^® allows you to create automated policies in order to scan & analyze configurations of the infrastructure environment. These rules can be based on: simple text ‘strings’ to help find items present or missing in configuration files, powerful configuration snippets with ‘section’ matching and ‘regular expression’ searching, or advanced scripting languages (i.e. XML, Perl). Uniquely, the same rule can be created for different vendor hardware, meaning an organization can create a single corporate policy within StableNet^® to encompass all hardware vendor equipment. Finally, the Group Analyzer makes it easy to create dedicated compliance reports that conform to your particular standards.

With StableNet^®, not only can you automate backup jobs and the execution intervals for policy checks, but you can also enjoy the benefits of automated reconfiguration in the case of policy violations. Once compliance configurations are defined, the Policy Config workflow will scan your infrastructure and exectute Config Jobs in order to automatically make configuration changes in line with your policies. And with the Config Diff tool, you have an audit log that is constantly updated in order to track any and all changes that are made. Finally, the Group Analyzer makes it easy to create reports, tables, and violation analytics.

Figure 2: Snippets Violation Table Config snippets are the backbone of how vendor-independent, End-to-End services are configured, defined and automated within StableNet^®. The Violations Table is one option to view compliance with the entirety of your company-wide policies in one place. In the case of violations, you have a quick overview of the level of severity and the ability to drill-down to specific instances. This consolidated view supports multiple technologies and vendors.

Compliance should not be seen as a troublesome burden, but rather as an invitation to embrace best practices and a healthy network infrastructure. With an automated solution, this is easier than you think. Regardless of the business continuity or regulatory standards, StableNet^® can offer significant improvement by simplifying the process, drastically reducing your risk, and driving compliance consistency throughout your infrastructure. This helps ensure sustained levels of service availability and compliance. The flexibility of the policy and compliance engine in StableNet^® allows for complete customization and automation of your services, i.e. standard-, enhanced- and premium-defined service compliance. With support for multiple OEMs and vendors, along with multiple technologies, StableNet^® offers a truly unified solution to policy checking and compliance automation for your specific network requirements.

• Config diff to track and monitor any
  configuration changes that are made
• Automation leads to greatly reduced risk of
  cyber-attacks and input errors along with
  significant savings
• Simplified violation report generation