RE: Managing installed Agents

["Eggleston, Mark" <meggleston () healthpart com>]

Hi Helly,

I don't believe there is a magic bullet here, but I do understand your
predicament.  May want to ensure only minimal services/agents are
installed in your security practice so choose carefully what is
absolutely needed.  A couple other suggestions so your team will know
what to expect:
- Get vendor to confirm in writing the maximum CPU/Memory the agent is
expected to consume and hold them accountable; 
- Get vendor to confirm past frequency of updates on the agent and hold
them accountable;
- Preferably only install those agents which log their activity and stop
automatically once a configurable threshold is exceeded; 
- Ensure who is responsible to install/update the agents via your change
management process to ensure buy-in from your colleagues; and
- Treat your Network Admins to lunch as they may not be happy <grin>.

Hope this helps,

Mark Eggleston, CISSP, GSEC, CHPS
Manager, Security and Business Continuity 




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of John Morrison
Sent: Wednesday, January 05, 2011 3:25 PM
To: hellkyng () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Managing installed Agents

Helly,

Would a suite approach help? For example, McAfee uses a single
management console (ePO), a single agent (and a less functional
agent-less), and the ability to push the agent.

On 3 January 2011 18:01,  <hellkyng () gmail com> wrote:
> I was hoping to get guidance from the pros on how they are managing
agents installed on servers etc.
> It seems like a lot of security products I evaluate today require an
agent to be installed on any machine to be monitored (Such as file
integrity monitoring or configuration control etc). Given the work
involved in installing and maintaining these agents it typically makes
the server admins groan.
> How are you managing the increasing number of agents required by
security products?
> Thanks,
> Helly
This message, together with any attachments, is intended only for
the use of the individual or entity to which it is addressed. It
may contain information that is confidential and prohibited from
disclosure. If you are not the intended recipient, you are hereby
notified that any dissemination or copying of this message or any
attachment is strictly prohibited. If you have received this
message in error, please notify the original sender immediately by
telephone or by return e-mail and delete this message along with
any attachments, from your computer.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------