About the Author
Jim is an experienced IT practitioner with 14 years experience in both academia and industry, working with renowned companies including British Airways, Oracle, BSkyB and Cloudera.
Whether you see compliance as a burden or an aspiration we are frequently mandated to meet a certain set of security requirements around our information assets. One important aspect is being able to demonstrate to yourself and to others that your systems meet the criteria set by your compliance regime. How do you ensure that your systems are compliant with your policies or those mandated by compliance standards? A program of auditing your systems will help you understand the state of your estate.
Titania’s Paws Studio provides a means to audit Windows and Linux systems and provide compliance reports against a defined set of policies. It sets out to provide clear and detailed reports of the system’s level of compliance. Policy templates are editable and Paws Studio comes with predefined templates based on established policies and best practice including PCI, SANS and DoD STIG.
Policy templates are essentially a group of compliance audit checks built from the check library provided by Paws Studio. Checks range from high-level tests such as the presence of antimalware software right down to individual file permissions and registry settings.
There are two ways of creating and customising policy templates. The first is a wizard that guides you through creating your policy. Here you can define the rules that comprise your policy by clicking through a series of screen and selecting checks from the library. The interface is straightforward and self-explanatory and it is a great tool for less advanced users. However, the more technically minded user might find it time consuming and prefer to use the supplied Policy Editor instead which is undoubtedly the more powerful tool.
The Policy Editor provides you with a tree layout of your policy, giving you a bird’s eye view on the ability to quickly navigate through the rules.
In addition clicking on the advanced tab gives you a syntax-highlighted view of the raw policy XML. Whatever tool you choose, the result is an XML file defining the compliance checks for your policy and metadata used to generate the final compliance reports.
 |
The third option is to use the portable data collector software, a small executable that can be run from a thumb drive. This is particularly useful where you need to audit a system that is not on the network or is air gapped from your audit workstation. Run the Data Collector, choose an audit policy and it will create a .paws file with the audit results.
Once you have collected your audit data you can produce a report on the audited system. Reports contain the result of each test on the system as well as summary charts showing percent tests passed and a breakdown of tests that failed by severity. Paws Studio creates a compliance audit report that can be saved as HTML, PDF, PostScript or Microsoft Word document. CSV and XML formats are also available so you can feed machine-readable reports into other reporting systems or build your own applications to consume your compliance data.
Paws Studio is available for Windows, Mac OS X and various flavours of Linux and currently supports auditing of Windows and Linux systems. This software pitches to the SME market who could be priced out by enterprise-grade auditing software though they are unlikely to benefit from the bells and whistles these tools provide. If you need a cost effective and easy to use compliance reporting tool, Titania’s Paws Studio certainly merits a second look.
No comments:
Post a Comment
Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.