ATRT Information Security Manager FAQs

Questions

How are patches, changes, and updates implemented and managed using ATRT Information Security Manager?
How is ATRT Information Security Manager different from ACAS and eEye Retina?
Which operating systems are compatible with ATRT Information Security Manager?
Does ATRT Information Security Manager require special permissions or ports?
Does ATRT Information Security Manager provide reports and in which formats?
Does ATRT Information Security Manager create information assurance (IA) documentation?
What are the network requirements for ATRT Information Security Manager?

Answers

How are patches, changes, and updates implemented and managed using ATRT Information Security Manager?

All operating system functions, modifications, and actions are designed with an innovative, graphical drag-n-drop workflow interface. Much of the user interface allows for abstraction of the technical details. This means patching and policy/compliance updates can be performed by users with any skill level and on any operating system. When applying changes to an operating system, ATRT Information Security Manager will first check if the system is already compliant. If the system is already compliant, then no changes will be made.

How is ATRT Information Security Manager different from ACAS and eEye Retina?

ATRT Information Security Manager integrates with scanning tools such as ACAS and eEye Retina to retrieve asset and finding information which is later used by ATRT Information Security Manager to create automated remediations.

Which operating systems are compatible with ATRT Information Security Manager?

ATRT Information Security Manager works with an simple agent installed on a Windows XP/ 7 or Red Hat 4/5/6 operating system. An Oracle Solaris agent is currently under development.

Does ATRT Information Security Manager require special permissions or ports?

The ATRT Information Security Manager agent does not listen or bind to any port. It operates in a ‘pull’ concept where the agent checks in to the ATRT Information Security Manager master to get its updated patching and compliance policies. This allows for an offline, currently being rebuilt, or disconnected system to obtain its remediations once it comes online. However, the agent does operate with privileged permissions when making registry changes or modifying privileged files.

Does ATRT Information Security Manager provide reports and in which formats?

ATRT Information Security Manager provides many in-tool charts which can be exported to a CSV format. Charts include average remediation lifecycle times, remediation burn-down, remediation by group, findings by type, finding by CVSS score, and more.

PDF reports can also be generated for remediations (history of the remediation activity) and assets (details of the asset and the remediations carried out on that asset over time).

Does ATRT Information Security Manager create information assurance (IA) documentation?

ATRT Information Security Manager can provide documentation on open vulnerabilities and non-compliance, pending remediations, and findings that are to be marked as false positives. ATRT Information Security Manager allows a user to apply a rule so that false positives are filtered out of all charts and reports. A user can also upload a POA&M or exception document that will be associated with the rule.

What are the network requirements for ATRT Information Security Manager?

ATRT Information Security Manager is accessed using a Java-enabled web browser. The ATRT Information Security Manager master can run anywhere as long as the agents can communicate with it over a single TCP port. The ATRT Information Security Manager agents use very little resources, if any, as they are sleeping until the next agent check-in interval.