NNT security monitoring and change detection
Combining SIEM, CCM and FIM in one easy to use solution, NNT enables organizations to see which events take place, automatically honing in on those of concern - it will identify what changed, who made the change and which changes were planned vs unplanned, all in real-time.
The solution will reduce manual effort by automating the CCM process, removing the need to firefight whilst identifying the root cause of issues and preventing recurrence of the incident. It will eliminate the breach to detection time gap, alerting on unauthorized changes that introduce security risk or non-compliance and will enable you to make continual improvements to your compliant state by ‘learning with each alert’ to refine process and policy.
NNT Security Information and Event Log Management (SIEM)
NNT’s multi-platform security correlation enables you to securely gather and review daily logs from all devices, including network devices, UNIX and Window servers, applications and databases.
It will show:
- Who has accessed what device
- Is there an on-going security vulnerability
- Whether confidential data is impacted
NNT Change & Configuration Management (CCM)
The NNT solution starts with a compliance or device hardening audit option to ensure the devices are set up securely from the outset. On-going forensic detection of changes to this compliant state will be tracked in real-time or as part of a scheduled report, controlling and minimizing configuration drift and ensuring system configurations don’t deviate away from established standards and policies.
It will confirm:
- Which devices were affected
- Who made the change
- Whether the change was approved
- Whether it has affected your compliant state
NNT File Integrity Monitoring (FIM)
A vital stance in the bid to protect systems from breaches is to monitor unusual or unapproved changes to the Application file systems. NNT FIM verifies program and operating system files have not been compromised, with host intrusion prevention (HIP) pinpointing anything malicious installed on the in scope device.
It will identify:
- Unusual changes
- Which specific attributes changed and who made the change
- Adds, moves or deletes
- Checksum/hash based changes