Background
Some key points to consider:
- SORINTians solved a long-standing problem for a client in the banking and finance sector, achieving a major result in terms of satisfaction and trust.
- The client was looking for an alternative to an existing vendor’s solution, which was now limited in terms of customization and flexibility, and whose end of support had been announced.
- The requirements were clear and ambitious: develop an automated and highly customizable tool for generating security insights, with multiple reporting modes. It was critical to meet a detailed brief, shared by multiple internal stakeholders from different divisions of the bank.
- Thanks to the team’s commitment and expertise, SORINT.lab has delivered a tailored solution capable of responding precisely and scalability to all needs.
- The tool-while omitting some sensitive details for security reasons-is designed to collect data on users configured on all storage and network devices, monitoring the activities of hundreds of accounts
- It allows a high level of observability of user behavior, with the goal of identifying anomalies such as, for example, non-compliance with internal security policies, incorrect backup configurations, and choice of password complexity. This is based on a set of predefined commands and a security checklist shared and validated by different business areas.
- Through a fully automated flow, the tool generates and distributes daily-and on demand-customized reports to contact persons in the bank’s various divisions in response to specific audit and compliance needs.
- The introduced tool, unlike the vendor’s previous solution, provides advanced control over device firmware, including version monitoring and other safety-critical parameters.
- Equipped with an intuitive user interface, it effectively meets the customer’s functional needs.
- Developed by SORINTians, it is compatible with IBM, Cisco, NetApp and Dell Data Domain storage devices, and will also support Dell ECS in future releases.
- Scalable and highly customizable, it also fully meets customer-defined non-functional requirements.
Gabriele Bravi, SORINT expert in Data Storage & Solutions, shared his views with us:
In an environment where security is a top priority for IT companies, ensuring proper infrastructure configuration and compliance with corporate standards is increasingly complex, costly and time-consuming. Among the most heartfelt challenges is the generation of comprehensive, reliable and large-scale security reports.
San Devices Analysis was created to address these needs.
It is a tool developed with Ansible and Python, designed to collect a large amount of data from heterogeneous IT devices, analyse it automatically, and return detailed reports to support security and compliance processes.
With integration with an intuitive web interface and a centralized dashboard, access to data is immediate and the work of system administrators is significantly simplified
Key Features
🔹 User Revalidation
Report with updated list of local users configured on each device.
🔹 Detailed inventory
Comprehensive data on firmware, FQDN, IP (primary and secondary), OS code and more, for each individual device.
🔹 Compliance and security check
Compliance status of devices based on customized parameters. Some examples:
- Control over the complexity of passwords
- Password expiring date setting
- Presence and change default password
- Configuration of NTP, Syslog, SMTP
- …and many other audits adaptable to each vendor and corporate policy
Strong points
✅ Multi-vendor
Compatible with major vendors: IBM, NetApp, Cisco, Dell and others.
✅ Automation and scalability
Automated and customizable flows to meet specific customer needs.
✅ Customized reports
Flexible analysis tools that can be adapted to different business stakeholders.
✅ Simple and accessible interface
Intuitive dashboard for an immediate and smooth user experience.
✅ Extended coverage
In addition to SAN devices, it can be configured to analyse network equipment, servers and operating systems, providing complete control of the entire infrastructure.
With its combination of automation, flexibility and ease of use, San Devices Analysis is a robust and competitive solution for all entities that want to strengthen their IT security posture.