SecOps Security Operations

SecOps is the seamless collaboration between IT Security and IT Operations to effectively mitigate risk. BMC SecOps solutions enable your teams to prioritize and remediate critical vulnerabilities, and systematically address compliance violations through an integrated and automated approach across your multi-cloud environment, servers and networks.

OVERVIEW

Traditional approaches to security and compliance fail in multi-cloud environments, and are often ignored in the race to continuously deliver new applications. Organizations need better visibility and consistency to avoid undue risk and cost.
Three imperatives to drive effective security and compliance for multi-cloud

  • Operational Intelligence
Enrich security data with operational context for rapid action
Make security actionable with vulnerability information enriched by operational data to prioritize threats, plan remediation, and act based on the impact to your organization.
  • Find and fix risky configurations of AWS, Azure, and GCP cloud services and containers
  • Address, prioritize, plan and remediate threats based on policy and impact using TrueSight Vulnerability Management and exposes security blind spots with BMC Discovery.

  • Multi-tier Remediation

Identify and prioritize security actions based on severity and impact.

BMC SecOps Solutions provide a tiered approach to remediation based on policies which consider severity, environment, process, and application impact.

  • TrueSight Server Automation increases IT efficiency by up to 200% with a scalable, closed loop automated multi-tier remediation of vulnerabilities and change tracking.
  • TrueSight Network Automation natively performs scan-less and real-time detection of vulnerabilities across a diverse network environment without degrading performance
  • Easily prioritize impact of change and develop remediation plans at scale
  • Ingest vulnerability scans natively from Qualys, Tenable, and Rapid 7

  • Continuous Compliance Automation

Achieve continuous compliance and improved cloud security by leveraging policies and best practices to identify violations and remediate quickly.

  • Enforce operation and regulatory compliance and security policies across data center and cloud to reduce risk. with pre-configured policies for CIS, DISA, HIPAA, PCI, SOX, NIST, and SCAP
  • TrueSight Cloud Security checks public cloud service and container configurations to identify risks that can then be remediated before they are exploited
  • Combine with BMC Discovery with TrueSight Server Automation and TrueSight Network Automation, provide the full cycle of system discovery, monitoring, remediation (Simplify repair, rollback, and configuration), and integrated change control, providing continuous compliance with out-of-the-box integration with BMC Remedy Service Management Suite on a single pane of glass.

TRUESIGHT VULNERABILITY MANAGEMENT

TrueSight Vulnerability Management (formerly SecOps Response Service/BladeLogic Threat Director) helps security and IT operations teams prioritize and remediate risks based on potential impact to the business.
Get actionable data with cross-functional visibility
  • Powerful dashboards highlight vulnerability data, performance trends, and SLA compliance for quick prioritization of remediation tasks
  • Streamlined workflows match vulnerability scan information with remediation tasks, leveraging TrueSight Server Automation and Microsoft SCCM
  • Blindspot awareness enables you to identify areas of your infrastructure which are not being monitored, leaving you exposed
  • Rapid import lets you quickly consume vulnerability scanning reports with native integration to Qualys, Tenable, and Rapid 7
  • Data export enables deep analysis and custom reports to help meet audit requirements and fuel process improvements

TRUESIGHT CLOUD SECURITY

TrueSight Cloud Security (formerly SecOps Policy Service) automates security testing and remediation for multi-cloud resources and containers, to manage configurations consistently, securely, and with an audit trail.

Automated Security Testing and Remediation

Designed for the cloud, in the cloud, TrueSight Cloud Security takes the pain out of security and compliance for cloud resources and containers.

  • Cloud security scoring and remediation for public cloud services from Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP)
  • Container security for Docker and Kubernetes
  • Automated remediation built-in, to close gaps quickly
  • Extensive out-of-the-box security policies for rapid time to value
  • Flexible architecture with built-in connectors and policy extensibility for virtually any data source
  • Intuitive and powerful Graphical UI

DISCOVERY FOR MULTI‑CLOUD

The Discovery for Multi-Cloud automates asset discovery and application dependency mapping to build a holistic view of all your data center assets, multi-cloud services, and their relationships.
Model all your asset dependencies in minutes

No matter what solutions you use, you need a single trusted source of information to proactively manage IT spend.
  • See assets and dependencies in a single pane of glass, whether on premises or in the public or private cloud
  • Empower security operations to perform essential prevention and detection
  • Start mapping from any piece of information—multi-cloud, software, hardware, network, storage
  • Reduce service outages with predictable change and configuration management
  • Coming soon—consume as a service via BMC Helix as well as on premises

On average, organizations that use BMC Discovery for Multi-Cloud reported

GDPR COMPLIANCE

GDPR goes into effect May 25, 2018 and is destined to reshape the way organizations approach data privacy and data protection. Citizens in the EU and around the world have asked for the protections GDPR requires; now is the time to better align business practices with customer needs. By putting your customers first and upgrading security and data management practices today you can achieve GDPR compliance and create competitive advantage.

GDPR Compliance – What You Need to Know 
http://watch.bmc.com/watch/1dUrRwzYaff3Md3ttXTg77


Data Integrity
GDPR mandates that you have a provable process in place to ensure data integrity. With the explosion of new applications saving unstructured data, such as photos and recordings, as Db2 Large Objects (LOBs), the risks of data corruption and loss have increased. Now you can manage and validate unstructured data automatically to ensure that data is intact and in compliance with GDPR.

Featured Solutions:

  • LOBMaster for Db2 › Simplify maintenance of Db2 LOBs while reducing data integrity risk.
  • Control-M › Increase visibility into data workflows and secure automated file transfers, data integrity, secure scheduling, instant status visibility, and automated recovery in single pane of glass.
  • Control-M Workload Archiving › Simplify audit and compliance processing with advanced data archiving.

Security
Current tools and processes leave most organizations hard pressed to prove they comply with "state-of-the-art" security measures or are working to include "privacy by design" as GDPR requires. BMC provides the only security and compliance solution to deliver the ability to automatically link vulnerabilities to identified patches and create an attack plan to deploy countermeasures with a single click.

Featured Solutions:

  • TrueSight Vulnerability Management › A "state-of-the-art" solution designed to help organizations prioritize and accelerate the remediation of risks.
  • TrueSight Cloud Security › Deliver "privacy by design" by embedding compliance and security testing into the software development lifecycle.
  • TrueSight Server Automation › The industry-leading solution for automated management, control, and enforcement of server configuration change in the data center and the cloud.
  • TrueSight Network Automation › Industry-leading solution that closes the window of vulnerability with native, scanless detection of network security risks in real-time.
  • BMC Discovery for Multi-Cloud › See all your IT assets and dependencies whether on-premises or in the public or private cloud.
  • TrueSight Vulnerability Management together with BMC Discovery, enables organizations to identify security blind spots in the systems, previously unknown or unmanaged and adjust to reduce the attack surface.

TRUESIGHT SERVER AUTOMATION

TrueSight Server Automation (formerly BladeLogic Server Automation) allows you to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers.

Cross-platform server automation for better security, compliance, and agility

  • Threat remediation: Combine with TrueSight Vulnerability Management to link vulnerabilities to identified patches and create a remediation plan
  • Patching: Support maintenance windows and change management processes to ensure timely execution of patches
  • Compliance: Integrate role-based access control, pre-configured policies for CIS, DISA, HIPAA, PCI, SOX, NIST, and SCAP, documentation, and remediation
  • Configuration: Harden deployments, detect and remediate drift, and manage change activities to ensure stability and performance
  • Provisioning: Bare-metal through full application stack deployment via unattended installs, image-based, script-based, or template-based provisioning
  • Reporting: Assess change impact, get real-time status of jobs or complete an audit using multiple dashboard views

TRUESIGHT NETWORK AUTOMATION

TrueSight Network Automation (formerly BladeLogic Network Automation) accelerates reliable network configuration changes to increase agility, reduce costs, and lock down security.

Network configuration and automation for better agility, security, and efficiency

  • Configuration: Drive fast configuration changes across thousands of network devices with automated roll-back and change tracking.
  • Provisioning: Deploy new physical or virtual network devices rapidly with gold-standard configurations to respond to business needs.
  • Threat remediation: Perform scan-less detection of vulnerabilities. Combine with TrueSight Vulnerability Management to enhance visibility and respond to threats across servers and networks.
  • Patching/image updates: Leverage integration with vendor and NIST National Vulnerability DB security notifications to identify vulnerabilities, remediate device images, and upgrade devices with zero downtime.
  • Compliance: Control device access to view or change settings, deploy pre-configured policies for CIS, DISA, HIPAA, PCI, SOX, NIST, and SCAP, and remediate non-compliance.
  • Reporting: Browse real-time device configurations to troubleshoot, view status of jobs, or complete a compliance audit.