Automated, universal IT system compliance and security enforcement.

Introduction

Security and IT teams need SaltStack Solutions

Escaping Compliance Hell

Built on an Intelligent, Event-Driven Foundation

Additional SaltStack Management Capabilities

SaltStack for Enterprise IT Security

Customer Success

Contents

3

3

4

6

8

9

12

Introduction

Security and IT operations teams must work together to keep modern data centers compliant and secure, but their efforts are often crippled by disparate toolsets, misaligned workflows, and competing priorities. It’s time for that to change. SaltStack SecOps is a new solution that harnesses SaltStack’s event-driven automation technology to deliver full-service, closed-loop automation for compliance and security. With SaltStack SecOps, security professionals and operations teams can work together to define a compliance policy, scan all systems against it, detect issues, and actively remediate them—all from a single platform.

Security and IT teams need SaltStack SolutionsThe Problem: IT innovation is outpacing security operations

Gone are the days when IT security could be managed by simply ensuring the firewall was up and that employees weren’t forwarding around malicious email attachments. While the era of digital business is delivering faster innovation and better customer experiences, it also requires that the underlying IT systems that support those experiences grow larger, more distributed, and more exposed.

As a result, security professionals and IT operations teams must be vigilant about maintaining compliance with corporate security profiles or else critical systems will become exposed to threats. For most security and operations teams, however, the industry-standard tools and processes they employ are siloed, inefficient, and insufficient. Simply put, manual methods to detect, investigate, and respond to threats are leaving companies with waste, frustration, redundancy and significantly increased exposure and risk.

3

Gartner, Inc.

“By 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.”

SaltStack SecOps

The Solution: Proactive and reactive compliance enforcement

IT Operations, DevOps, and Security teams at the largest companies in the world use SaltStack’s unique and profoundly powerful technology to tackle pervasive IT challenges like configuration automation, orchestration, hybrid cloud management—even security and compliance remediation—at a speed and scale that simply can’t be matched.

SaltStack SecOps is a powerful solution that provides both proactive and reactive security and compliance enforcement. More specifically, SaltStack SecOps combines industry standards from organizations like the Center for Internet Security and DISA with SaltStack’s intelligent IT automation. This combination allows SaltStack to define, identify, and remediate security holes within any infrastructure.

Escaping Compliance Hell

Compliance audits are performed on a scheduled or ad hoc basis. The latter typically occurs because an executive requests a report on the company’s security posture or because an auditor visit is fast approaching. Here’s what a compliance audit and remediation exercise looks like for many companies today:

1. The security team runs a compliance scan and then hands a report off to the appropriate platform, cloud, or network operations team to carry out the required remediation steps.

2. Operations translates the security report into a useable format and then allocates already overextended resources to address the reported issues.

3. Operations reports back that the issues have been addressed and the security team runs another scan to confirm. This new scan often surfaces additional or unaddressed issues, and the process becomes rinse and repeat until the report comes out clean.

4. Once the report is clean, operations returns to business as usual and any new compliance failures go unresolved until another scan is run, and the entire process begins again.

Today, security and operations teams are forced to address compliance issues with separate toolsets, vocabularies, and measurements for success. SaltStack SecOps brings both teams together through a unified, automated, and action-oriented approach.

Stan Engelbrecht, Director Of Cybersecurity Practice At D3 Security

“The right automation and orchestration tool offers more than just task automation—it facilitates process improvements and enables security operations that are more business-aligned and quantifiable in their results.”

How Automation Helps Security Managers SecurityWeek, September 10, 2018

4 SaltStack SecOps

Access a live, hosted library of compliance profiles

SaltStack SecOps includes access to a live, growing repository of standard compliance profiles for major Linux, Unix and Windows operating systems and containerized environments such as Docker and Kubernetes. Each profile includes hundreds of up-to-date issue scans, detailed descriptions, and the automated remediation actions for each. Available profiles include:

• Center for Internet Security (CIS)• Defense Information Systems

Agency Security Technical Implementation Guides (DISA STIGs)

• National Institute of Standards and Technology (NIST)

• Industry-specific cross references: PCI, HIPAA, 800-53, 800-171, Cyber Security Framework, and many more.

Deploy real, automated remediation

SaltStack SecOps uses SaltStack’s event-driven automation and orchestration capabilities to automatically detect and remediate policy violations anywhere in your systems. Alternatively, it can create jobs that can be reviewed and approved before changes are executed. SaltStack SecOps can also automate and extend existing change management processes or security workflows by integrating seamlessly with third-party systems like ServiceNow, Jira, Cherwell, and others.

Build custom policies for your business

When it comes to corporate security policies, there’s no such thing as one size fits all. SaltStack SecOps offers complete policy customization. Create your own company-specific checks, turn off pre-built checks that don’t apply, or create exemptions and rules as needed.

Use the Command & Control Center to edit corporate policies, run ad-hoc checks, create

audit-ready reports, and more.

5 SaltStack SecOps

Built on an Intelligent, Event-Driven Foundation

SaltStack’s event-driven automation technology allows it to manage massive, complex, and rapidly changing infrastructure. In this section we’ll outline how SaltStack works, what makes it fundamentally different from any other solution on the market, and why it’s a crucial part of any security and compliance management operation.

How SaltStack event-driven automation works

Managing and securing modern environments requires almost constant monitoring and reaction that no amount of human resources can keep up with.

With SaltStack’s event-driven automation, operations teams can turn a collection of disparate systems into a central IT nervous system that senses, learns, and reacts to important events anywhere in the digital environment.

SaltStack is the only solution that both listens for events and automatically responds by triggering an intelligent action or series of orchestrated actions. An “event” in SaltStack can be virtually anything happening in your systems, including:

• file system changes - including keys, certificates, and application footprint

• processor load• compliance violations• unauthorized access

SaltStack’s flexible system can manage and secure a broad range of systems, including cloud, on-prem, VMs, network and IoT devices.

• Event-driven automation• Orchestration• Remote execution

Managed IT Systems

Public Cloud

Private Cloud

On Prem

Network DevicesEvent-Driven Automation

Operations Framework

Command & Control Center

Pluggable Solutions

NetOps

DevOps

ITOps

Roles

SecOps

6 SaltStack SecOps

SaltStack’s flexible system can manage and secure a broad range of systems, including cloud, on-prem, VMs, network and IoT devices.

Reactor

EVENT BUSMaster

Minions (intelligent agents)

• Auto-scaling• File-level control• Self-healing actions• Autonomous config • Security remediation

Let’s take a look at SaltStack’s event-driven architecture:

Nimble Master and Minion architecture:Intelligent agents, known as minions, manage each machine—including servers, virtual machines, public and private cloud instances, even network devices. Minions can run on device, or as a proxy, depending on your needs. These nimble, low-impact agents intelligently detect events in your infrastructure and relay them to a master. Lightning-fast event bus:A master server maintains high-performance communication with every minion via the SaltStack event bus. This allows bidirectional communication between the Master and minions, while preserving scalability and security.

SaltStack’s unique event-driven architecture is intelligent, autonomous, and massively scalable.

Beacons and Reactors:Beacons are special processes that allow a minion to listen for specific events that happen on any machine or endpoint, such as security breaches or compliance drift. Reactors automatically respond to events by triggering an intelligent action or orchestrated routine that executes commands on the target machine or in external systems—ensuring your response is always fast and precise.

7 SaltStack SecOps

Additional SaltStack Management Capabilities

In addition to event-driven automation, SaltStack includes a wide range of powerful capabilities designed to help security and operations teams manage and secure digital infrastructure at scale.

Ultimate flexibility

SaltStack is the only IT automation and orchestration platform that offers on-device agent, agentless, and proxy-agent deployment options, supports both push and pull communication methods, and offers multi-OS support for Linux, Unix, Windows, and MacOS. As a result, operations teams can take advantage of SaltStack’s flexible options to maximize the benefits and reduce the limitations of any single approach. For example, agentless models make provisioning new resources simple and fast, but they don’t offer the event-based management or scale that comes with SaltStack’s intelligent on-board minions. IT teams can take a “best-of-both-worlds” approach that includes provisioning new machines agentlessly and then simultaneously installing on-board minions for ongoing, event-driven management and orchestration. SaltStack’s nimble minions can manage anything that can run a few lines of python code—virtual machines, public cloud instances, bare metal servers, even desktops and network devices.

In addition, SaltStack offers proxy minions for managing devices that can’t run python. Proxy minions abstract away the device management layer, allowing IT teams to manage and secure older network devices, IoT, or edge devices just like any other node in their environment.

Automation and orchestration

SaltStack does IT automation. And it does it very well—it will configure and load software onto every node you control, from Windows on a laptop to Linux on a cloud VM. It does all of this while maintaining system speed, whether you have ten thousand or two hundred thousand machines. In addition, SaltStack understands orchestration and how the sequencing of various steps needs to occur. SaltStack can handle the necessary conditional logic that controls configuration and installation steps. For example, it will orchestrate the provisioning of Windows servers that require multiple system reboots throughout the process. By handling automation and orchestration from a single platform, IT operations and security teams can speak a common language and reduce the complexity inherent in enterprise security and compliance management.

Remote execution

SaltStack was originally built as an extremely fast and powerful remote execution engine, allowing users to execute commands asynchronously across thousands of remote systems in milliseconds.

8 SaltStack SecOps

This remote execution capability allows SaltStack to act as a command and control abstraction layer so IT professionals can execute complex tasks across tens of thousands of heterogeneous systems with the click of a button. Using SaltStack remote execution, IT tasks that used to require three of your best engineers and a week to complete can now be performed in seconds by anyone on the team.

Simple, dynamic management options

SaltStack can be managed through a simple, interactive management console or via a command line. The best part? It runs on standard Python and human-readable YAML.

There’s no need to learn a new domain-specific language or know a complex, increasingly-obscure language like Ruby. The result is low technical debt, increased efficiency, and no worrying about who will update your configurations if one of your engineers takes a day off.

SaltStack for Enterprise IT

SaltStack provides the utility, support, and security features required for enterprise operations and security teams running regulated, production environments at scale. SaltStack training and professional services engagements are also available for all SaltStack customers.

SaltStack includes dozens of out-of-the-box charts and reports like job performance, system health, and compliance monitoring.

9 SaltStack SecOps

See (& audit) the big pictureWith SaltStack, your system data is persistent, encrypted, and archivable via an optimized and integrated PostgreSQL database. Explore and analyze what’s happening in your environment with SaltStack reports and dashboards, or in third-party analytics tools. Available reports Include:

• Infrastructure control and security assurance

• Audit-ready system compliance reports

• Configuration state assurance• OS auditing• User control and

security assurance Now, when you need to run a report on system security posture for an executive or an auditor, you can simply run the appropriate scan and generate an audit-ready report in SaltStack.

If there are issues that need to be addressed in the report, simply run the pre-defined remediation procedures directly through the same window, and you’re done. No more vicious cycle of scanning and remediating through separate systems.

Manage and secure 30 nodes or 300,000

Whether your growing IT requirements are based on organization, geography, or resource usage, SaltStack offers a powerful API-based operations framework that allows large organizations

to scale horizontally with multi-Master management. In addition, the SaltStack Operations Framework provides failover and SLAs to ensure your systems are always up.

Pluggable and integrated

SaltStack exists to help businesses get the most out of their IT investments. SaltStack is built to efficiently integrate with your existing open and proprietary systems management and security software portfolios. SaltStack provides deep integrations to enterprise products from ServiceNow, Hewlett Packard Enterprise, VMware, Cisco, Nutanix, Zenoss, SUSE, and more.

Manage and schedule jobs

Build a job once and then execute it as needed or run it on a scheduled basis, rather than constantly rebuilding and repeating ad-hoc jobs. Targets and jobs in SaltStack are persistent, and can be reused over and over again, maintaining consistency and repeatability for the most efficient and scalable enterprise data center environment. Stay in control of your growing infrastructure with the insight into all the jobs that are scheduled, in progress, and completed in the system. Schedule automated jobs that run on a defined basis, freeing up time to address critical tasks day to day.

10 SaltStack SecOps

Role-based access with Active Directory and LDAP integrationMaintain strict control over your infrastructure by creating user roles that designate who has access to jobs, targets, and Minions. Plus, integrate with your existing Active Directory and LDAP systems to implement existing definitions. This makes it easy to provide self-service control of systems across diverse teams and departments.

Give users access to run specific jobs or manage designated machines without exposing access to out-of-scope systems.

11 SaltStack SecOps

Featured Customer Use Cases

Origami Risk: Securing Windows infrastructure

The challenge: The Origami Risk team needed to secure Windows infrastructure but vulnerability scans from their existing tools weren’t actionable and they struggled to maintain consistent NIST 800-53 compliance enforcement.

The solution: Fast, SaltStack-based Windows patch management with Rapid7 integration to identify patch needs and auto-remediate them. Plus, built-in NIST compliance remediation and reporting. The result: Significantly reduced exposure and increased system hardening with fully-automated vulnerability remediation and continual compliance audit and enforcement.

David Christiansen, IT Operations Director & CISO, Origami Risk

“When you combine infrastructure, DevOps, and security into a single platform, you create a security culture because you’re working together on a single system.”

12 SaltStack SecOps

Adobe: Event-driven policy audit and remediation The challenge: Adobe needed to actively manage and maintain compliance of 100,000 hosts spread across on-premises and Azure cloud infrastructure. The solution: SaltStack provided simplified, universal host control across hybrid cloud servers and event-driven policy audit and remediation. The result: Savings of $1 million annually through redundant tool consolidation and performance improvements. Drastically Improved system compliance.

Ready to see how SaltStack can transform your business?

Ask your SaltStack representative for more information about SaltStack SecOps or visit https://www.saltstack.com/secops/

Richard Steck, Director of Architecture, Adobe

“SaltStack is the glue that connects and orchestrates our massive, complex digital infrastructure.”

13 SaltStack SecOps

© Copyright SaltStack, Inc. 2019

SaltStack, Inc.2801 N. Thanksgiving Way, Suite 150Lehi, UT 84043USA

+1 801.207.7440info@saltstack.comwww.saltstack.comProduced in the United States of America

THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT.

SaltStack products are warranted according to the terms and conditions of the agreements under which they are provided.

Statements regarding the future direction and intent of SaltStack are subject to change or withdrawal without notice, and represent goals and objectives only. ♲ Please Recycle