This section provides a brief overview of the security aspects of BMC Discovery. It is intended to provide network administrators with the information required to run BMC Discovery in their environment. It also provides the information required to enable security teams to verify that BMC Discovery is secure and does not compromise the security of their network.
Discovery in secure environments
BMC Discovery offers a powerful solution to index the infrastructure and map the business services of the large and complex environments typical of Fortune 1000 enterprises.
Several techniques can be used to gather data, such as port scanning, protocol probing, agent-based monitoring and remote login. However, credentials are required to achieve the accurate, trusted, and detailed configuration data discovery that enterprises require to manage IT.
Why? Simply put, because this is what information security is about: protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Enterprises spend millions to secure their systems and ensure their access is protected by using credentials to authenticate users. Providing this type of permission ensures that BMC Discovery does only what it is authorized to do.
However, there is a side effect to this need for granular visibility. IT operations are organized in functional groups, or silos. Applications span silos, so there is rarely one team in charge of all credentials. In fact, too frequently they are not sure whether they can find all the credentials. IT administrators expect that automated discovery tools will solve problems caused by the lack of knowledge about where their systems or applications are (including their credentials). Additionally, in large and complex environments some parts of the networks are segregated for confidentiality, business or even historical reasons such as acquisitions, creating even more silos.
BMC Discovery offers a unique approach to these challenges and concerns by providing:
- A robust and secure delivery platform
- Clear deployment requirements
The following topics are covered in this section:
- Advantages of an appliance-based solution
- Appliance hardening
- Security audits
- Information security
- System communications and network ports
- Discovery communications
- Network ports used for discovery communications
- Dark space scans
- Firewall port summary
- DISA Secure Technical Implementation Guidelines
- Running in FIPS compliant mode
- PCI Data Security Standard compliance