Guide to Network Auditing and Compliance
Network auditing and compliance: How does it work?By Denise Dubie
Suppliers of several types of management software are addressing compliance concerns by delivering tools that do everything from sounding alerts when systems drift out of whack to automatically remediating problems and generating reports that can be used in audits.
The general idea is that once a company determines how to be compliant and has policies in place, network, system and security management software can automate the processes needed to stay compliant. That can range from tracking and documenting changes to monitoring system access and usage to producing reports specific to regulations. Configuration, desktop, and identity and security management wares are being pushed as compliance tools to help IT teams monitor and document compliance efforts.
Network auditing and compliance tools use scanning and monitoring technologies to track access to critical devices and ensure actions comply with policies. The products collect data and maintain detailed records, sometimes in the format required by regulatory compliance demands.
Network audit and compliance software, at times packaged in appliances, include components such as audit, compliance and database servers. Audit servers run scans, while the compliance service analyzes and processes the scan results, and the database server stores raw and processed data. Compliance managers typically tap a Web-based console to view data collected and generate reports.
Products used to audit environments typically run on a scheduled basis and alert IT managers of changes. The managers can then address the action and document the efforts, easing reviews by external auditors. Most tools don't take automated action to prevent a non-compliant behavior, but some can lock down access to specific systems if there is not a known policy to enable such access.
Compliance is a moving target so such tools must be updated with policies and continue to run after an audit proves successful to prevent compliance drift. At that point, the technologies are used to maintain an environment in a compliant state and provide documentation of the ongoing compliance.