What ConfigScan Does

ConfigScan streamlines and standardizes network risks assessments, this results in a significant cost reduction in both time and labor. The ConfigScan tool performs an automated network evaluation that delivers a detailed network assessments on your layer 2,3 & 4 devices and gives you the remediation step recommendations.

Understanding the Issue, How Network Device Configurations are performed today:

Today, security and compliance audits for network devices are performed manually, either done as ‘free-form’ or based on a templates.

Issues with the Free-form process:

If freeform, it must be assumed that the auditor is familiar will all aspects of the unique and specific regulatory requirements for the network. Furthermore, the level of expertise to understand and audit a six-hundred-line configuration falls into a specific skill set that the ‘big four’ charge premium rates. When we encounter a configuration with thousands of lines, it is easy to see that human error can easily be introduced and, depending upon the compliance law, monetary penalties can accrue for failing. The cost of a manual audit for an organization can become astronomical. A sampling method of the network configurations can be accomplished, but the risk of a breach due to non-compliant configurations that were not part of the sample could damage the organization – even if the audit is successful with the sample.

Issues wit the Template-based process:

For the template-based products, there are three significant drawbacks.

1. Most templates are both incomplete and inaccurate.
2. Many of the available template based tools require an expert knowledge in networking in order to develop the template.
3. Technical expertise is required to understand several different compliance laws and the exact application of those rule.

A significant drawback of a manual audit is the assurance that the testing is sustainable over a period of time. Another drawback on a template audit is that the template may not include specific items that may recently been enacted under new law or, that the template itself contains errors or omissions.

To summarize the above, the two forms of auditing (manual or template) have been the only approaches to network device audits. The time required to complete a single device audit can take many hours or days depending upon the skills of the auditor. Multiplying the time it takes to complete one device by the number of devices within the current sample provides the amount of time required. If an external firm is retained, the time for the sample size multiplied by the hourly rate provides the total cost. This cost multiplied by the total number of audits and samples increases the total audit costs almost exponentially. Coupled with the inherent human error, not only can the costs become exorbitant, the results may not be sustainable, repeatable or ultimately reliable. The following table provides the out-of-the-box regulations and best practices currently shipping with the product.