System Quarantine Policy

In today's dynamic cybersecurity landscape, maintaining a secure and compliant IT environment is paramount. Vulnerability Manager Plus's system quarantine policy helps organizations proactively manage system compliance, reduce vulnerabilities, and enhance overall security posture.

This document will explain you on the following:

Key Benefits of System Quarantine Policy
Rules in System Quarantine Policy
Executive Options
Steps for System Quarantine Policy deployment

Key Benefits of System Quarantine Policy

Real-time Compliance Management: Ensure system compliance by proactively identifying security vulnerabilities and non-compliant issues
Automated Enforcement: Streamline compliance enforcement with automated checks and actions. Mandate compliance policies for all systems present in the network
Enhanced Security Posture: By quarantining non-compliant systems, the policy contributes to a robust security posture, safeguarding sensitive data and critical infrastructure.

Rules in System Quarantine Policy

OS patches: Ensure OS updates are deployed to systems within a specific period to enhance security.
Software: Your system will be marked as non-compliant if certain applications are installed/uninstalled. Refer software name from Control Panel.
Service: Your system will be marked as non-compliant if certain services are running/not running. Refer service name from Service Manager.
Vulnerability: Your system will be marked as non-compliant if certain vulnerabilities are detected. You can categorize vulnerabilities based on their CVSS score and exploit availability.
Registry and File checks: Your system will be marked as non-compliant if the given criteria for Registry Value, Registry Path, Folder Path, File Path, or File Version is not adhered to.

Execution Options

System Quarantine Policy has two primary options for enforcing compliance:

Audit Systems for Non-Compliance: Perform regular audits to identify systems that do not adhere to the compliance rules. Audit results provide insights into the non-compliance status, allowing for proactive remediation.

Quarantine Non-Compliant Systems: In cases of severe non-compliance, administrators have the authority to quarantine systems. Quarantined systems are isolated from the network to prevent potential security risks. You can perform the following network restrictions to isolate your systems:

Block all network access: Your system will be isolated from the network except for the components of Vulnerability Manager Plus
Block only intranet in range: Your system will be isolated from the local network.
Block custom domain & IP:Your system will be isolated from specific domains and IP.

Steps to deploy System Quarantine Policy

Follow the following steps for successful deployment of system quarantine policy

Open Vulnerability Manager Plus console and navigate to Compliance->System Quarantine Policy

Click on Create Policy.
Select the target custom group to deploy this system quarantine policy
Start selecting the rules to conduct compliance checks according to your requirement
If you want to audit the systems for compliance, choose Audit and set the warning message according to your requirement.
If you want to quarantine the non-compliant systems, choose Quarantine and choose the type of network restriction.
Now, set the alert message and grace period for the end-user.
Click on Save to proceed.
Once deployed, you can view the status of the policy.
You can also modify, suspend, and delete the policy.

FAQs of System Quarantine Policy

What happens when a system is quarantined?

When a system is quarantined, it is isolated from the network to prevent potential security risks. Users will be notified, and administrators can take necessary actions to remediate compliance issues.

Can quarantined systems be restored to normal operation?

Yes, once the compliance issues are addressed, administrators can lift the quarantine, allowing the system to resume normal operations.

How often should audits be conducted?

Regular audits are recommended, with the frequency determined by organizational policies. Monthly or quarterly audits are common, but more frequent checks may be necessary for highly dynamic environments.

Can the System Quarantine Policy be customized for specific needs?

Absolutely! The policy is highly customizable to accommodate the unique requirements of your organization. Administrators can define rules tailored to specific compliance standards and security policies.