With the goal of reducing the time in the management of the security council, the CCN-CERT, centre National Cryptologic, has developed the solution ANA (automation and Standardisation of audits). Through efficient management of the detection of vulnerabilities and notification of warnings, as well as offering recommendations for appropriate treatment of the same, this new solution increases the capacity of monitoring and enables you to discover the area of exposure.
Among the main advantages of this new solution are as follows:
- Evolution: use the most avant-garde technologies
- Fluidity: saves in many functions
- Centralization: allows the integration with other tools
- Versatility: promotes multi-display
One of the interesting features of ANA relates to centralization, because its functions heightens, integrating this tool with alternative solutions to the CCN-CERT. Specifically, ANA can integrate with LUCÍA, PILAR and Clear.
In the words of Pablo López, head of the regulation and Área cyber security Services centre, “ National Cryptologic, notification of incidents without undue delay is a fundamental aspect, alerts and incidents should be reported in the shortest possible time. Therefore, integration with a tool like LUCÍA it is essential. ”
In addition, ANA also measured the management of risk over time through the continuous assessment, which allows the integration with the solution Pillar. Finally, this solution may be integrated with CLEAR tools for analysing the characteristics of technical security, and an especially useful for configuration issues of the system, because “ brings together the vulnerabilities with your security settings, ” says López.
To sum up, ANA is a tool that has the following functions:
- In real time access to localized problems continue, replication and their evolution over time.
- Reports generated dynamically the true state of the entity by department, server, application or any assets defined.
- To organize the information to provide multiple views/dashboard users
- To centralise and standardize all security inspections carried out.
- Early warning systems through direct interaction and detailed information of the problems encountered, allowing a timely notice without undue delay.
Within the tasks of prevention, ANA links related all the work of the auditors, who go loading vulnerabilities, with the work of the administrators. this way, the team of incident response can add any type of audit of any company, leaving all knowledge in the agency.