When it comes to managing security risks, enterprises face an increasing number of challenges. One of these challenges is managing the security health of the IT infrastructure and this is a critical, ongoing, constantly evolving need. As an enterprise, managing the security risks on your infrastructure without any disruption to the business has become a critical exercise.
The security of your infrastructure is no longer a concern only for the security roles in your organization. Security topics are repeatedly brought up in the C-suite and in board discussions. When the stakes are high and the health or your business depends on it, you need to have a game plan to stay ahead of these risks while keeping the operational costs in check.
The key challenges:
Although there are many different types of challenges organizations face, three key challenges that seem to be industry-agnostic are:
-
Infrastructure has grown across a hybrid cloud environment with deployments in both on-premise and multi-cloud environments. The ability to efficiently manage security across these complex deployments while keeping operations costs in check is essential.
-
Fewer resources are available to manage the environment as many organizations face cost pressures. This issue becomes a double-whammy as the infrastructure grows and the resources to manage it shrink.
-
An evolving threat landscape challenges you because it is both relentless and seemingly one-step ahead. Your data and intellectual property are valuable, not just to you -- it's valuable to attackers as well.
How can Red Hat Insights help enterprises address these challenges?
Red Hat Insights is an operational efficiency and security risk management solution that provides continuous, in-depth analysis of registered Red Hat Enterprise Linux systems and is included in your Red Hat Enterprise Linux subscription. Some users have referred to Insights as "like having an extra pair of eyes" to help you identify and manage risks for security, compliance, and operations across your evolving environments.
Red Hat Insights can directly help with the challenges cited above:
-
Red Hat Insights provides a single pane of glass for your infrastructure, including systems deployed on-premise and across multiple clouds. Once your systems are registered with Red Hat Insights, the ability to manage them through a single dashboard makes it considerably easier as your organization grows it’s footprint.
-
Red Hat Insights is integrated with Red Hat Ansible to find the risks and implement the remediations at scale using automation. The ease with which users are able to create Ansible playbooks and deploy patches helps to remove the resources challenges often encountered.
What about the security challenges?
Red Hat Insights has two services to help users manage the security challenges they may need to assess and monitor: vulnerability and compliance.
The Vulnerability service enables users to assess & monitor, remediate, and report on the CVEs that impact the Red Hat Enterprise Linux infrastructure.
-
Assess and monitor: Users have an easy way to triage and prioritize CVEs while keeping track of those that pose the greatest risk with user-defined fields. They also have the ability to identify and keep track of where a given CVE may be in the organization’s vulnerability management process, enabling them to keep relevant information in one place.
-
Ansible remediation allows users to easily add to existing playbooks or create new ones as needed to remediate the issues with automation, which reduces operational overhead.
-
Finally, users have the ability to download reports in PDF, JSON, and CSV format to keep stakeholders informed and up to date. WYSIWYG reporting is available today in JSON and CSV format and an Executive Report is available in PDF format. (See Figures 1 and 2.)
Figure 1. CVE view within the vulnerability service
Figure 2. Executive report generated by the vulnerability service
The Compliance service enables users to configure, monitor, remediate, and report on regulatory compliance policies that are pertinent to their organization via OpenSCAP.
-
Create and monitor: Users have the ability to configure and tailor compliance policies supported with Red Hat Enterprise Linux with the click of a few buttons and directly from within the compliance service. The compliance service then takes care of the rest and works behind the scenes with OpenSCAP to assess systems defined within the policy and providing reporting that enables customers to understand where gaps may exist.
-
Ansible remediation allows users to easily address any gaps identified in the previous step so that compliance gaps can be filled expeditiously so as to avoid penalties, disruption to business, or perhaps worst of all a security incident.
-
Users have access to in-app reporting that enables them to communicate compliance levels per policy or drill deep and understand which configuration rules are failing down to an individual system level. JSON and CSV reports are also available currently. (See Figure 3.)
Figure 3. Detailed view of a ASSC report for a RHEL system
The functionality that’s defined within the vulnerability and compliance services of Insights continues to evolve with feature rich developments underway. Reporting, usability improvements, and integration to third party ticketing systems to further automate and make the workflows within your organization more seamless are on the roadmap.
Customers with a subscription to Red Hat Smart Management will also have access to push-button functionality available with the “Cloud Connector” within Red Hat Insights. The Cloud Connector provides easy to use integration across the recommendations in Red Hat Insights to remediate at scale across on-premise and cloud instances for RHEL. (See Figure 4)
Figure 4. Cloud Connector via Red Hat Insights
Want more information?
We held a Red Hat Insights webinar about managing security and compliance risk recently that included a short demonstration of the Vulnerability and Compliance services as part of Red Hat Insights. You can watch its recording on-demand here. I encourage you to also check out the Red Hat Insights Ask Me Anything Webinar Library which includes a link to this replay, access to webinars on other aspects of Insights, and a schedule of upcoming events.
If you are not using Red Hat Insights, it is included as part of your RHEL subscription - find more information and get started today by visiting Red Hat Insights.
저자 소개
Mohit Goyal is a Senior Principal Product Manager for Red Hat Insights. Mohit brings a wealth of experience and skills in enterprise software having held roles as a software engineer, project manager, and as a product manager across software and travel industries. Goyal has a bachelor's degree in Computer Science from the Institute of Technology, University of Minnesota and a MBA from the Carlson School of Management, University of Minnesota. With his technical skills and business acumen, he helps build products to address problems faced by enterprises, with a focus on security, user experience, and cloud computing. When he's not writing user requirements, engaging with customers, or building product roadmaps, Mohit can be found running, cooking, or reading.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.