Once you’ve done something a few times, you learn what works well and what doesn’t. This is true for a lot of things in life and has certainly proven to be the case for the Bandolier audit file development process. The big lesson learned for Bandolier: vendor participation in the audit file development is extremely helpful to produce the most effective set of checks.

We’ve always known that getting vendor support for the audit files would be a key factor in asset owner adoption. In case you don’t know, the industry tends to follow application vendor recommendations religiously and depends heavily on a their blessing for any changes or security enhancements.

I think the surprise for us was the difference in the amount of information we are able to glean in a vendor’s lab (or at least having access to their security talent) versus just visiting an asset owner’s site. A good case in point was the assessment we did for the Telvent OASyS DNA application. They take security very seriously and have been incredibly cooperative in providing resources. In the on-site lab where we did our assessment, they had a complete environment that included a Windows domain controller and each component of their system for which we agreed to produce audit files. Within just a couple of days, many of the checks you’ll find in the OASyS DNA audit file were already developed. This is a direct result of having time to test the checks as we developed them and having the resources available to answer questions along the way. Asset owners do not always have the ability to provide this level of support and in most cases the window of time you have to work with their test or backup servers is limited.

That said, we have a handful of asset owner partners that have helped us from the beginning of the project and we cannot thank them enough. In many cases they have helped us get started or encouraged their vendors to participate. Fortunatlely for everyone, nearly all have agreed to participate. I’ll be announcing those and the final list of Bandolier audit files at PCSF Annual Meeting next month.