Use case: Assess assets that have suspicious configurations

Organizations use corporate security policies to define risks and the communications that are allowed between assets and networks. To assist with compliance and corporate policy breaches, organizations use Policy Monitor to assess and monitor risks that might be unknown.

PCI compliance dictates that you identify devices that contain cardholder data, then diagram, verify communications, and monitor firewall configurations to protect assets that contain sensitive data. Policy Monitor provides methods for quickly meeting these requirements and allows administrators to adhere to corporate policies. Common methods of reducing risk include identifying and monitoring assets that communicate with unsecured protocols. These are protocols such as routers, firewalls, or switches that allow FTP or telnet connections. Use Policy Monitor to identify assets in your topology with risky configurations.

PCI section 1 questions might include the following criteria:

  • Assets that allow banned protocols.
  • Assets that allow risky protocols.
  • Assets that allow out-of-policy applications across the network.
  • Assets that allow out-of-policy applications to networks that contain protected assets.