Virtualization became one of the biggest game-changers in the IT industry, Across the world, organizations of every size are making the move to virtual, cloud-based and hybrid systems that cut down their costs while improving business continuity and IT management processes. Virtual assets need to be secured and audited exactly as they are in physical network-server environments. Such measures include the familiar procedures and checklists that we've used all along: System hardening and security, change control, blocking of unauthorized equipment and applications, network segmentation, monitoring, logging, alerting, and documentation that supports audits of these processes.
There are many commercial and open source tools available to audit change control in a virtual infrastructure that will generally audit against the main regulatory framework requirements as well. They also include their view of compliance to several frameworks, including: VMware Hardening Guide, PCI-DSS, SOX, HIPAA, GLBA and ISO 17799 (in short, most frameworks except for JSOX). It is a common practice to create new virtual machines from gold images(Templates). These are VM images that are completely installed and customized to a particular environment and security standard, which promotes a consistent, auditable server environment. However, there is a hidden risk in this approach, which is the potential for misconfiguration of servers and systems as they replicate, spin up, spin down and move around in the dynamic virtual environment.A carefully implemented change control process along with these commercial tools helps the organizations to keep track of the changes and keep their virtual asset as compliant as possible. Often these tools fall short of one's needs and eventually organization will fall back to manual audits which involves a document based audit and remediation process.
This blog post will introduce an approach to eliminate those manual audits and leverage orchestration to automate some of those compliance audit tasks and remediation procedures.Compliance is a tool set that enables administrators to certify ServiceNow data for correctness and fix any discrepancies found in the data. You can read more about the Compliance Module in docs wiki page
In this blog post we will see how we can extend Scripted Audits feature of the compliance to integrate orchestration to conduct compliance audit.
To explain the approach let us study the following use case and see how we can adopt the process to address the business problem.
Use Case:
- Infrastructure team receives a request to provision a VM.
- Corporate security policies mandates VM to adhere to a few custom registry settings
- For example : Autoplay should be disabled on each drive that is connected to the System.
- End of every month a report is generated with list of VMs that deviate from the above settings
- IT team need to make sure that all VMs adhere to this security settings all the time by setting the value to the desired state.
In the absence of commercial tools IT team need to spend hours to make sure all VMS are adhering to such above custom settings. In this blog we will see how our approach can address some of the issues by automating the process using scripted audits and orchestration.
Step 1: Create Filter for selecting the desired audit targets.
Using the Filters menu create a filter to select the Audit targets
Example 1: A filter created on Virtual Machine Instance ( cmdb_ci_vm_instance)
Example 2: A filter is created on MSFT SQL Instance( cmdb_ci_db_msssql_instance)
Step 2: Create a new Scripted Audit Record and attach your Orchestration Flow.
Create a new Scripted Audit record using the Audits menu and Scripted Audits module.
- Select the filter created in step 1 as the target for the audit.
- Select how frequently you want to run this Audit (On Demand, Periodically, Monthly etc…)
- Select Checkbox to create tasks after the Audit is finished and select the group to whom the tasks will be assigned to.
- In the script area create a new Certification Processing task as show in the below diagram.
- Create an orchestration workflow which will conduct the Audit process and call the workflow from the script area and pass the certification glide record to the workflow as input.
Step 3: Automate your audit process using orchestration workflow.
Automate your audit process using orchestration workflow. Now at this point you can call external auditing tools using REST/SOAP Activities or you can run your own customized audit scripts using Run Script activity, the following example show running a PowerShell based audit to check a registry record for a given VM.
For both Audit fail and pass conditions record the result by updating the Audit record and creating related tasks.
Step 4: Run the Audit
Run the security audit at your desired interval and it will create Audit records and their status as shown in the following example.
Additional tasks will be created for the assigned group for additional remediation or change to bring the target CI (here in this example it is a virtual machine instance) back into compliance mode.
The Dashboard View of the corresponding CI record will also reflect the status of the Audit.
The Asset owner/ Admin/ Operator will also get to know the compliance status of the asset.
A detailed report of such audits can also be configured for reporting purposes
Step 5: Remediation to bring the Asset back into compliance mode.
Once you Identify an Asset as audit failed, you can apply all the ITSM based processes such as Change Management etc… and finally you can remediate the same using a custom orchestration flow to remediate the issue. After the remediation workflow is successfully run, if you run the audit again it will update the status of the record to audit compliance mode.
In this example, the remediation workflow sets the registry settings to the desired value to bring the VM back into compliance mode.
To conclude, this approach will leverage the CMDB data to conduct scripted audits on your asset but also have the following advantages
- Integrate custom orchestration for audits
- Create Master orchestration flow to have a combination of external audits and custom audits
- Build gaps where commercial auditing tools or custom manual processes are not yielding a faster audit results.
- A Closed Loop Automation and Remediation process to keep your assets always in compliance mode.
This is one of the many approaches you can build on top ServiceNow platform, feel free to share your thoughts.
1 Comment
