Updates to Security Products Inventory and Virtual Infrastructure Management

BCM supports OPSWAT Endpoint Security Integration SDK (OESIS) framework v4, an OEM technology, that is used to gather security inventory information from BCM managed devices. OPSWAT v4 introduces support for some new Security Products Inventory types, no longer supports some of the earlier inventory types, and has updated the Virtual Infrastructure Management.

See the OESIS v4 website for more detailed information. 


This topic lists the changes as a result of upgrading the OPSWAT v4.

What's changed in BCM after upgrading to OPSWAT v4?

  • New Security Products Inventory types
  • Unsupported Security Products Inventory types
  • Operational rules using new Security Products Inventory types
  • Operational rules using new browser operations
  • Unsupported browser operations in operational rules
  • Queries using new inventory types
  • Compliance rules using new inventory types
  • Reports using new inventory types
  • Virtual Infrastructure Management
  • View database log files

Operating systems affected

  • Linux (64 bit and 32 bit)
  • Windows (64 bit and 32 bit)
  • MAC OS X

Viewing OPSWAT v4 entries

After upgrading to BCM 12.6, verify that the Update Manager displays the Security Product and Virtualization v4. The status must be Up to Date.



Updates to Security Products Inventory types with OPSWAT v4

This section lists the updates to the Security Products Inventory types after upgrading to OPSWAT v4.
The Security Products inventory list is updated to add some new inventory types, while some existing inventory types are no longer supported in OPSWAT v4.

OPSWAT v3OPSWAT v4What's changed in OPSWAT v4

P2P

Public File Sharing

Renamed

Antivirus/Antispyware

Antimalware

Categories merged

URL Filtering

Not supported

DeviceAccessControl

Not supported

SoftwareSuite

Not supported

DesktopSharing

Not supported

SystemManagement

Not supported

CloudStorage

New Inventory type

The Security Products list reflects the updated categories that are supported by OPSWAT v4.

Operational rules

This section explains the changes to operational rules that are defined with the Security Products Inventory types.

Operational rules created in BCM 12.5 or earlier will continue to work only on devices that are running BCM 12.5 or earlier. These rules cannot be executed on devices that are upgraded to 12.6.

With OPSWAT v4, some browser operations are not supported, while some browser-related parameters are merged into new parameters.

The following steps that are used to create operational rules are not supported:

  • Set Browser Home Page
  • Set Default
  • Check Antivirus presence
  • Check Antivirus signature File Date

 While creating operational rules from the steps listed under Security Products Management, BCM displays the supported steps.

The following browser-related parameters that you see while defining operational rule steps have changed:

OPSWAT v3OPSWAT v4What's changed in OPSWAT v4?
Delete HistoryDelete Browsing HistoryNo Change
Delete CacheDelete CacheNo change
Delete AddressesMerged with Delete Browsing History
Delete PasswordsMerged with Delete Forms and Passwords Data
Delete Form DataDelete Forms and Passwords DataNo Change
Delete Download HistoryDelete Download HistoryNo Change

The Operational rule step displays the new browser-related parameters.

Queries

This section describes the changes to queries because of some changes to the Security Products Inventory type.

BCM ensures that queries based on criteria that not supported by OPSWAT v4 are retained in BCM 12.6.

Queries built on inventory types that are merged into a new inventory type. The antivirus and anti-spyware inventory types are merged into the antimalware inventory type in OPSWAT v4. BCM ensures that merged inventory types (antivirus/anti-spyware) point to the corresponding new inventory type (antimalware) in BCM 12.6. During the upgrade, BCM merges data from the Antivirus and Anti-spyware into the Antimalware table.

Queries built on inventory types that are not supported in OPSWAT v4, are retained. The data is available in the BCM database, even though devices upgraded to BCM 12.6 do not upload information for the unsupported inventory types to the BCM database.

If a query impacted by the upgrade is assigned to a Dynamic Device Group, the group is set to inactive. 

As a BCM administrator, there are no changes because of updates to the inventory type.

Compliance Management

This section describes the changes to compliance rules because of some changes to the Security Products Inventory type.

After upgrading to BCM 12.6, under the Out of the Box compliance rules, BCM ensures that older compliance rules are retained in addition to the new entries for Antimalware. During the upgrade, BCM merges data from the Antivirus and Anti-spyware into the Antimalware table. 

BCM ensures that antivirus and anti-spyware inventory data is merged into antimalware in the BCM database. So, BCM 12.6 displays both inventory types with the same data. You can continue to use the same compliance reports either by renaming the rule name or creating a new one.

 If a compliance rule impacted by the upgrade is assigned to a Dynamic Device Group, the group is set to inactive. 


Reports

This section describes the changes to reports because of some changes to the Security Products Inventory type.

BCM ensures that older reports based on antivirus and anti-spyware are retained after upgrading to BCM 12.6. During the upgrade, BCM merges data from the Antivirus and Anti-spyware into the Antimalware table. The important change is that all report data for Antivirus and Anti-spyware data is now stored in the Antimalware table. The older reports can still be used after the upgrade.

For a BCM administrator, there are no changes to reports because of updates to the inventory type.

Security Products support matrix

The table shows the supported security products across different operating systems.

Security ProductsWindows (BCM 12.6)Windows (BCM 12.5)Linux (BCM 12.6)Linux (BCM 12.5)macOS (BCM 12.6)macOS (BCM 12.5)
PUBLIC FILE SHARING (P2P)
BACKUP
ENCRYPTION
ANTIPHISHING
ANTIMALWARE (Antivirus)
BROWSER
FIREWALL
MESSENGER
CLOUD STORAGE
UNCLASSIFIED
DATA LOSS PREVENTION
PATCH MANAGEMENT
VPN CLIENT
VIRTUAL MACHINE
HEALTH AGENT

Virtual Infrastructure Management

With the upgrade to OPSWAT v4, there is improvement in the BCM agents performance to discover virtual machines on a device that hosts a hypervisor.

View Database log files

The DatabaseUpgrade.log file logs the database changes that happened during the BCM upgrade. You can view the database log file after the upgrade is complete.

A sample log file. 

2017/03/28 11:27:58 Vision64Database I [10004] -------- OpswatV4 Migration Start
2017/03/28 11:27:58 Vision64Database I [10004] Add a new table SPMInv_ObjType_819 for Cloud Storage object
2017/03/28 11:27:58 Vision64Database I [10004] Antivirus object is renamed Antimalware
2017/03/28 11:27:58 Vision64Database I [10004] Merge Antispyware and Antivirus data into Antimalware table
2017/03/28 11:27:58 Vision64Database I [10004] The compliance rule Anti-Spyware Installation has been modified to use Antimalware table/attributes instead of Antispyware
2017/03/28 11:27:58 Vision64Database I [10004] The compliance rule Anti-Spyware Update has been modified to use Antimalware table/attributes instead of Antispyware
2017/03/28 11:27:58 Vision64Database I [10004] The compliance rule AntiSpyware has been modified to use Antimalware table/attributes instead of Antispyware
2017/03/28 11:27:58 Vision64Database I [10004] The device group AntiSpyware (Compliant) has been set to inactive, it is dynamically populated with a modified compliance rule
2017/03/28 11:27:58 Vision64Database I [10004] The device group AntiSpyware (Not Compliant) has been set to inactive, it is dynamically populated with a modified compliance rule
2017/03/28 11:27:59 Vision64Database I [10004] The IAntispyware object has been removed
2017/03/28 11:27:59 Vision64Database I [10004] The SPMInv_ObjType_802 table has been dropped
2017/03/28 11:27:59 Vision64Database I [10004] The operational rule step Check Default Browser is disabled
2017/03/28 11:27:59 Vision64Database I [10004] The operational rule step Set Default Browser is disabled
2017/03/28 11:27:59 Vision64Database I [10004] The operational rule step Set Browser Home Page is disabled
2017/03/28 11:27:59 Vision64Database I [10004] The operational rule step Check Antivirus Presence is disabled
2017/03/28 11:27:59 Vision64Database I [10004] The operational rule step Check Antivirus Signature File Date is disabled

2017/03/28 11:27:59 Vision64Database I [10004 The database log files is stoed in master\log 

2017/03/28 11:27:59 Vision64Database I [10004] -------- OpswatV4 Migration End

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Nathalie Obadia

    Operational rules support matrix

    I don't understand this section. I think it is about Security Product.

    Data loss prevention is not a new 12.6 object.


    Jul 10, 2017 04:31