Most of the time, security configurations of network systems are unmanaged, improperly configured, or left as default. As organizations increasingly rely on complex IT infrastructures, the potential for misconfiguration grows. There might be chances for default credentials, inactive/disabled firewall and antivirus, elevated privileges, and open shares that might arise security concerns. A misconfigured system may leave an organization vulnerable to cyberattacks such as data breaches, ransomware, and denial-of-service attacks. Thus, identifying and addressing misconfigurations promptly is critical to maintaining the integrity, availability, and confidentiality of systems and data. In order to reduce the attack surface, Vulnerability Manager Plus continuously monitors all the systems in your network for security misconfigurations.
Vulnerability Manager Plus uses predefined templates for security configurations designed to harden your systems. These templates are curated from CIS (Center for Internet Security) and STIG (Security Technical Implementation Guide) benchmarks, ensuring adherence to industry standards. Any deviation from these templates will be as listed as a misconfiguration and the console will provide necessary fixes or resolutions to address the same without impacting critical operations.
To view the security misconfigurations present across the managed computers, click on Threats & Patches → Threats → System Misconfiguration.
In this window, all misconfigurations are listed. Under Category, you can see the misconfiguration type; under Affected Systems, you can see the count of managed computers with that misconfiguration. By clicking on that count, you can see the names of affected systems individually. Under Action, you can see whether the fix is available, and if it is, you can see whether a reboot is required under the Reboot Required section.
By clicking on the Filters button, you can filter and prioritize them as per your need based on specific criteria.
After filtering, select the misconfigurations for which you need to deploy the fix by enabling the checkbox present beside that misconfiguration and clicking on Fix. You will be redirected to the System Configurations window.
Name and Description: Under this section, you can name the configuration of your choice, and by clicking on Add Description, you can add the description if needed.
Add Misconfiguration: Under this section, you can see the selected misconfigurations for which you wanted to deploy the fix. Under the Post Deployment Issues section, you can see the impact this fix may have on the computer after deployment. If it won't have any impacts, No Impact will be mentioned. If you wish to add more misconfigurations to fix, click on Add Misconfiguration, filter, and add the required.
Define Target: After choosing the misconfigurations to fix, you can choose to include or exclude target computers of your choice under the Define Targets section. To learn more about defining targets refer to this page.
Execution Settings: After defining the targets of your choice, configure the Execution Settings, which is optional. Under this section, If you want to configure notifications about this activity, select the Enable Notifications option. To learn more about this, refer to this page.
After configuring the required settings, if you want to deploy the fix immediately, select Deploy Immediately.This feature will deploy fixes to a maximum of 50 computers immediately, with the remaining selected computers getting their fixes deployed in their subsequent refresh cycle. If you click on Deploy, the deployment of the fixes will happen in their subsequent refresh cycle for all the selected computers.
NOTE- 1. Sometimes, security settings might be inappropriately configured in Domain GPO and can't be overridden from the console. To manually resolve these misconfigurations, refer these articles.
2.You can track the status of security configuration deployments from Deployment→ Security Configurations.
3. In any computer, if any misconfiguration fix deployment has failed, you can see that computer listed under Attention Required view. To view those computers, click on Threats & Patches → Systems → Attention Required and under this section click on Failed Security Configurations, select the computers where the deployment has failed and click on Deploy Failed Configuration to reinitiate the deployment of that fix.