In this unpredictable world, disaster can strike at any time. Businesses must protect themselves against natural disasters, power outages, cyberattacks and other events that could jeopardize their day-to-day operations.

Disruptions can lead to lost revenue, reputational damage, and unhappy customers. The longer the recovery time, the greater the impact will be. According to ITIC, the hourly cost of downtime ranges from $1 million or higher for 40 percent of enterprises, exclusive of the costs associated with potential legal fees, fines, or civil or criminal penalties.*

To ensure continuity and protect their customers, enterprises must have a recovery plan that protects their assets, data, and applications in an increasingly dynamic and diverse IT environment. Those modern infrastructures now include software-as-a-service (SaaS)-based applications with a microservices architecture deployed on the cloud and in containers alongside monolithic applications housed on legacy servers.

Given the fast pace of development and numerous updates to the IT environment, it has become increasingly difficult to maintain accurate information about each business service’s deployment architecture; the different technology stacks that support them; and the dependencies between services and IT resources. Maintaining an accurate, up-to-date snapshot of these details is critical to ensure that the right failover mechanisms are in place.

How do you know what to protect?

BMC Helix Discovery’s SaaS-based, agentless discovery and dependency modeling solution helps IT teams discover detailed information about all of their assets and applications. Within minutes, business continuity managers can obtain an up-to-date list of hardware and software versions and patches across cloud-native or on-premises environments.

How does it work?

Disaster recovery is challenging when continuity managers cannot obtain an up-to-date landscape of their IT infrastructure after disaster strikes. Understanding the impacted business services and technical dependencies and their design helps IT teams prioritize recovery, which results in faster response time and minimal disruption.

BMC Helix Discovery helps enterprises discover assets and their dependencies across on-premises and cloud environments. Using a lightweight outpost that runs within the customer’s data center or public cloud, combined with IP ranges and credentials, it scans the environment to securely identify all assets across the entire infrastructure.

In addition to discovering dependencies between IT services, BMC Helix Discovery highlights communications between IT resources. Its intelligent pattern language identifies activity between software, hardware clusters, and their dependencies. This helps enterprises define rules that automatically identify the entities that constitute a business service.

When disaster strikes or a failure occurs, BMC Helix Discovery allows enterprises to quickly understand which services have been impacted and prioritize restoration of critical business services to manage service level agreements (SLAs) and minimize the downtime of those key elements.

Ensure business continuity

By properly monitoring and managing their assets and applications, IT organizations can:

• Maintain higher levels of business continuity
• Increase response times
• Minimize disruption
• Protect customer data

BMC Helix Discovery helps IT organizations easily track asset and application deployment across any complex infrastructure. By maintaining an up-to-date backup and recovery environment, enterprises can avoid catastrophic failure; ensure reliability; and prevent service downtime to protect their business, brand, and customers.

Learn more at bmc.com/discovery.

*Information Technology Intelligence Consulting, “ITIC 2020 Global Server Hardware, Server OS Reliability Report,” April 2020

With the ever-growing number of internet-connected devices, enterprises must now secure communications between a multitude of devices and their end users. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates provide a layer of encryption between sites to prevent intruders from acquiring sensitive information such as user IDs, passwords, and credit card data.

While SSL/TLS certificates are key to managing security, they present a significant logistical challenge. Each certificate has its own activation, expiration, and renewal date, which forces enterprises to manage thousands, if not millions, of individual checkpoints to ensure every device and application is protected.

Unfortunately, many IT operations and security teams are still tracking their enterprise-wide list of security certificates using spreadsheets or other manual methods. In many cases, this results in losing track of each certificate’s location and renewal date, which leads to unplanned expirations and increased security risks.

According to Tag Cyber’s 2021 Security Annual, “74 percent of IT and security experts believe their organization does not know how many keys and certificates they have, much less where to find them when they expire.”

So, how do you know what is being protected?

BMC Helix Discovery’s software-as-a-service (SaaS)-based, agentless discovery and dependency modeling solution helps IT teams discover security certificates on all of their assets and applications. Within minutes, security professionals can obtain an up-to-date list of security certificates and their expiration dates across cloud-native or on-premises environments.

With an accurate assessment of the security landscape, IT teams can manage each certificate’s lifecycle and help their organizations maintain a high level of security across the entire infrastructure. This single view of certificate information also makes it easy to proactively plan certificate refreshes and prevent service interruptions.

How does it work?

While performing a deep scan within your operating system, BMC Helix Discovery identifies all of the software instances running on each secure socket. It then establishes a connection with each socket to obtain the details on every security certificate in use—across web and application server environments and applications running on-premises or on the cloud.

In the case of network devices, BMC Helix Discovery performs a Simple Network Management Protocol (SNMP) query to obtain the list of virtual servers that are using SSL profiles. It then makes API calls to collect the information about each respective TLS certificate. BMC Helix Discovery also integrates with native cloud services such as Amazon Certificate Manager (ACM) to obtain the list of certificates managed by the ACM service.

Once the certificate information is collected, BMC Helix Discovery automatically stores certificate information in its central datastore, which can be used for queries and post-processing. For organizations that consolidate and maintain their inventory information using BMC Helix Discovery’s out-of-the-box CMDB sync, these certificate details are automatically updated into the CMDB.

Using BMC Helix Discovery’s certificate dashboard and reporting features, IT professionals can observe the software and the node on which each certificate is installed. End users can also obtain detailed information about each certificate’s lifecycle such as its location, organization, encryption type, validity dates, and IP host. Having easily accessible, up-to-date information gives organizations the ability to understand the potential impact of each certificate’s status so they can plan and prioritize refreshes while maintaining high performance and availability.

Increase your security landscape

By properly monitoring and managing their SSL/TLS certificates, IT organizations can :

• Minimize risk
• Avoid unplanned expirations
• Strengthen data security and encryption
• Protect customer data
• Increase productivity
• Offer secure, safe online experiences

BMC Helix Discovery’s SaaS-based, agentless asset discovery and dependency modeling solution helps IT organizations easily track the latest certificate status across the infrastructure. This puts organizations in an ideal position to proactively plan certificate refreshes; prevent service downtime; build trust; and protect their business, brand, and customers.

Visit the BMC Helix Discovery webpage to learn more.

Today’s IT environments have never been more complicated. With the ever-growing use of public cloud and container technologies and the frequent delivery of modern, microservices-based applications, IT faces a daunting task in understanding what’s out there and how its assets support the business.

How do you know what you have?

A modern asset discovery and dependency mapping solution must have a broad set of capabilities across datacenter, cloud, and container technologies while keeping up with the rapid infrastructure changes caused by current development practices. Without this comprehensive and “near real-time” view of the world and the ability to understand and model business services, it becomes increasingly difficult for IT to effectively discover and manage those critical applications that help run the business.

Obtain up-to-date insight with BMC Helix Discovery

BMC Helix Discovery provides instant visibility into hardware, software, services, and dependencies across multi-cloud environments. Its discovery capabilities are designed to handle the complex management of mainframe, traditional, and hyper-converged infrastructures; software-defined storage and networks; containers; and cloud services.

BMC Helix Discovery’s software-as-a-service (SaaS)-based, agentless, start anywhere application modeling capabilities empower organizations to discover assets and create application models from any point in the IT infrastructure within minutes. Combined with a content library containing thousands of asset types, including containers and cloud infrastructure, BMC Helix Discovery gives teams the ability to detect blind spots, meet compliance and regulatory standards, and manage costs across complex infrastructures.

Benefits include:

• Up-to-date service awareness: Rapid discovery, relationship modeling, and visualization of the hardware and software landscape provide accurate asset, relationship, and service model views from any point in the complex IT infrastructure.

• Reduced costs: Access to updated infrastructure configuration information enables IT teams to continually evaluate the use of assets so businesses can right size their infrastructure.

• Lower risk: Complete visibility into the IT infrastructure helps teams identify misconfigured and vulnerable software, which results in quicker remediation, reduced downtime, and improved security and compliance.

• Increased productivity: On-demand discovery helps IT teams become more efficient and productive for service and data center management and software auditing.

Maintain visibility across the IT landscape

On-demand asset discovery and dependency modeling are just the beginning of the story. Due to today’s continually changing cloud and container-based infrastructures, IT teams need a dynamically updated view of their environment across the IT operations and service management (ITOM-ITSM) environment.

BMC Helix Discovery solves this problem by generating detailed datasets and topologies using Dynamic Service Models, which provide an up-to-date, integrated data store. Dynamic Service Models act as the single source of truth across BMC’s IT landscape. This enables artificial intelligence for IT operations (AIOps) and AI service management (AISM) to leverage the latest infrastructure configurations and ensure accuracy and efficiency across the organization.

How are IT teams kept informed of significant changes? As BMC Helix Discovery discovers additional relationships and dependencies, it automatically updates Dynamic Service Models. If significant updates have occurred, the service model is moved into a “review state” so users can evaluate changes on a dynamic basis.

Dynamic Service Models complete the picture by ingesting data from third-party solutions such as application performance and network monitoring tools through open integrations, which can be used independently or by other BMC Helix Platform services such as BMC Helix Operations Management with AIOps, BMC Helix Continuous Optimization, and BMC Helix ITSM.

Conclusion

With constant configuration changes in cloud- and container-based implementations, IT teams need up-to-date visibility across ITOM-ITSM environments. BMC Helix Discovery provides teams with a complete, dynamically updated service view so they can improve service performance, availability, efficiency, and customer experiences while also lowering costs. This ensures optimal results as enterprises strive to achieve digital transformation.

Visit the BMC Helix Discovery web page to learn more.

If you haven’t already taken Self-Driving Remediation (a new feature of TrueSight Cloud Security) for a test drive, then you probably are wondering what it means for you and your cloud security posture management.  Let me clarify before discussing why one should use it.

You know the difference between a car and a self-driving car.  In the former, you drive the car, making numerous, seemingly instinctive decisions as you manoeuvre through traffic.  In contrast, in self-driving mode – admittedly something most of us do not have a lot of personal experience with – probably all you need to do is tell the car the destination and then just sit back and relax, perhaps using your commute time for higher value activity than just moving from Point A to B.  With TrueSight Cloud Security, On-Demand Remediation and Self-Driving Remediation operate in similar fashion.

Difference between On-Demand Remediation and Self-Driving Remediation

As a cloud operations member or an application developer, one of your primary tasks is to ensure that the configurations of all cloud resources are consistent with security standards.  Depending upon how frequently you make changes to your cloud resources, you would login to TrueSight Cloud Security (TSCS) and look for any violations reported for the resources which you own. Then you go through each violation, look at the resources which have violated a specific rule, and then click the “Remediate Violations” button. This is On-Demand Remediation, an automated means of fixing cloud resource misconfigurations with a simple click of the mouse.

As our Cloud SecOps processes mature, we may become increasingly comfortable with remediating certain violations, under certain conditions, without any human intervention.  For non-production environments like DEV, TEST, or STAGE, we may even have a zero-tolerance policy for any violation and would like to remediate all violations immediately as soon as they are reported.  This fully automatic remediation gives a powerful mechanism to ensure that configuration security is assured and that any exceptions are documented, added to “Exceptions” in TSCS, and approved for production.  To enable Self-Driving Remediation in TSCS, simply set the remediation trigger “Auto” for specific policies.  In this case the remediation is automatically triggered when the violation is identified, thereby eliminating the human bottleneck and rapidly closing vulnerabilities from cloud resource misconfigurations.

Why Use Self-Driving Remediation?

First, it saves lot of time going through each known violation and clicking the Remediate Violation button.  Although automated, such repetitive tasks, while comforting in that they offer a sense of control, are begging to be handed over to the solution for completely automatic handling.  For example, if you know a specific violation must be remediated every time it is identified in certain cloud accounts, just enable the “Auto” remediation trigger from the violation page.  The time you save can be spent elsewhere.

Secondly, Self-Driving Remediation helps enforce certain security practices without fail.  You don’t have to wait for someone to log into TSCS to identify the violations and initiate remediation, or wait for someone to act on a compliance summary or new violation notification email.  As an enterprise, if you don’t want any S3 bucket to be publicly accessible, then simply go to the Manage Policy page and set the remediation trigger to “Auto” for that rule.  Anytime a violation is reported for that rule, remediation will be initiated then and there.  Doesn’t that bring you more peace of mind?

Next, if you worry that you may not want to perform same remedial action for all accounts, and for some you want a separate action to be invoked, you can do that too.  You can configure one remedial action for a certain group of accounts and another remedial action for another group of accounts.  You can even create your custom actions.

Finally, if you fear that you may not be aware of all the remediations that are happening, or you want an approval process to kick in for certain resources before they are acted upon, then let me assure you that you can enable change management for remediation.  In so doing, you will have a formal change approval process for your most critical applications.

In summary, you are still in control.  You decide the conditions in which Self-Driving Remediation takes the wheel.  So, take the plunge now and see for yourself if it saves your time and helps you concentrate on more challenging things and make your time count!