Architect’s Guide: Security Automation Using TNC & SCAP Technology
Security automation enables network and security systems to provide dynamic, responsive protection with automated handling of routine security tasks, allowing administrators to focus on critical areas such as threat analysis and policy development. This streamlined approach to enterprise security improves efficiency and reduces cost, and enhances an organization’s ability to monitor and respond to increasing and targeted network attacks.
Both commercial and open source developers as well as numerous U.S government agencies have embraced standards – such as the Interface for a Metadata Access Point (IF-MAP) from the Trusted Computing Group’s (TCG’s) Trusted Network Connect (TNC) work group, and the National Institute of Standards and Technology’s (NIST’s) Security Content Automation Protocol (SCAP) – to build products ideally suited for implementing security automation.
This Architect’s Guide shows enterprise security architects how they can design and deploy successful automated security solutions based on the open TNC architecture and standards along with interoperable compliance establishment through SCAP.
Critical strategies for architects include:
1. Automate assessment and continuous monitoring for real-time protection of the enterprise network and connected devices.
2. Control access to sensitive resources based on established corporate policies that can be reliably interpreted by network hardware.
3. Coordinate communications among security systems via open-standard protocols.
4. Monitor and respond to potential network threats using a combination of industry and government developed standards.