Plano, TX Sept 1, 2011– TDi Technologies, the leader in IT Foundation Management, today announced the general availability of the Privileged Access Platform efficiency module. The Privileged Access Platform brings privileged user activity under management control with complete transparency over all activity performed by those users.
With the Privileged Access Platform, individual user-sessions are created for each access to a privileged interface. Unlimited user-sessions per interface are supported, directly addressing the challenge of managing multiple people accessing key IT infrastructure assets concurrently (root accounts, databases, etc). The Platform also supports unlimited private sessions per user, making it easy for administrators and engineers to perform multiple concurrent work activities.
“The individual user-sessions are created under a unified security model that includes automatic documentation, down-to-the-keystroke, of all privileged user activity,” said Pam Johnson, Director of Solutions Marketing for TDi Technologies. “The Platform provides the ability to document, scan, and detect threats in real-time, so that security and compliance policies can be proactively enforced. In addition, the automatic recording of privileged user activity produces the records needed to prove the compliance practice.”
The Privileged Access Platform enables ConsoleWorks© to secure, control, and document all privileged user sessions in the IT infrastructure.
“With the ability to multi-task while also enabling complete transparency of all activities, the Privileged Access Platform enables enormous efficiency gains to our clients,” said Terry Schurter, Vice President of Marketing at TDi Technologies. “With fewer administrators managing more servers, the added flexibility and oversight really extends the capabilities of the IT resources so that they are free to respond more quickly with less effort.”
The Privileged Access Platform is an optional efficiency module available for the ConsoleWorks Server platform. The ConsoleWorks Server is the high-performance engine that handles information flow processing, business rule execution, pattern matching, role-based security, and signed log-file generation. It handles all input and output for the IT foundation, serving this data up as needed and is capable of managing over 1000 connections per server invocation. The ConsoleWorks Server is a complete IT Foundation Management solution package. For more information on the ConsoleWorks Server, click here.
TDi Technologies is the leader in IT Foundation Management, delivering IT Foundation Management solutions to a global customer base with key verticals including Financial Services, Telecommunications, Utilities, Healthcare, and Government. The company’s solutions help customers reduce operating costs, meet foundational compliance requirements, secure the IT foundation, and improve IT Service delivery. TDi Technologies is the first solution provider to offer a unified system of operation and management over the IT foundation. The company’s patented technology provides automation, optimization, control and management capabilities that dramatically improve the ability of IT to meet the demands of the business.
CIP-003-4 is focused on Security Management Controls. Section R3 is titled “Exceptions” and is further defined as:
Exceptions — Instances where the Responsible Entity cannot conform to its cyber security policy must be documented as exceptions and authorized by the senior manager or delegate(s). R3.1. Exceptions to the Responsible Entity’s cyber security policy must be documented within thirty days of being approved by the senior manager or delegate(s). R3.2. Documented exceptions to the cyber security policy must include an explanation as to why the exception is necessary and any compensating measures. R3.3. Authorized exceptions to the cyber security policy must be reviewed and approved annually by the senior manager or delegate(s) to ensure the exceptions are still required and valid. Such review and approval shall be documented.
For every rule there is an exception, and compliance policies are no stranger to this fact. There will be exceptions and when they occur, they must be properly handled and properly documented. IT Foundation Management has the ability to document exceptions that occur in the IT Foundation (by asset) and to report on exceptions as a separate entity in the reporting engine.
In many cases, IT Foundation Management can automatically detect and document exceptions to the cyber security policy. The ability to apply business rules that encode the policy into the IT Foundation Management software is an ideal way to address exception management. Time is only spent on embedding the rules (once). From there, the IT Foundation Management software programmatically applies the rules to activities, automatically detecting when an exception occurs and raising an alert to that fact. In addition, IT Foundation Management can automatically record much of the activity associated with an exception including any activity a privileged actor takes on a cyber security asset. There is also the ability to force users to provide comments on many actions before they are taken or completed to ensure the proper audit trail is in place.
From a compliance perspective, the primary concern with exceptions is that they are properly identified, handled and documented. The primary concern from the business perspective is to minimize the amount of work associated with handling exceptions – both initially and after-the-fact in order to prove the practice. In both cases IT Foundation Management can programmatically address the majority of the exception cases in the IT Foundation.
TDi Technologies Announces NERC-CIP Whitepaper Addressing Security Implications of Configuration Ports on Cyber Assets
Plano, TX – Aug 23, 2011– Published for the recent NERC-CIP Drafting Team meeting in Atlanta, TDi Technologies, the leader in IT Foundation Management, today announced the availability of a new whitepaper “Understanding the Importance and Relevance of Configuration Ports to Utility Cyber Security”. The paper discusses how configuration ports apply to the NERC-CIP standard.
The NERC-CIP standard is the primary knowledge resource used by the Utility industry to ensure our nation’s power grid is protected from unintentional (accidental) and intentional (malicious) disruption.
Topics covered in the whitepaper include:
- Examination of configuration ports and how they apply to the NERC-CIP standard
- Description of the role configuration ports play in managing Critical Cyber Assets
- Discussion on the severity of the Cyber Security threat to the critical infrastructure
- Guidance on Best Practices for active monitoring and control of the configuration ports
To download a copy of the whitepaper, please visit: www.tditechnologies.com/our-customers/utilities
About TDi Technologies
TDi Technologies is the leader in IT Foundation Management, delivering IT Foundation Management solutions to a global customer base with key verticals including Financial Services, Telecommunications, Utilities, Healthcare, and Government. The company’s solutions help customers reduce operating costs, meet foundational compliance requirements, secure the IT foundation, and improve IT Service delivery. TDi Technologies is the first solution provider to offer a unified system of operation and management over the IT foundation. The company’s patented technology provides automation, optimization, control, and management capabilities that dramatically improve the ability of IT to meet the demands of the business.