Top Tips & Tricks
Taking on a hardening project can be an intimidating task, and with so many different types of systems, it is difficult to know where to start! Nevertheless, the benefits of hardening are clear to see and from a security perspective, hardening is one of the most worthwhile projects.
NNT Change Tracker has the ability to capture malicious or breach activity by utilizing a “Change Manifest” with its Planned Change feature. A Change Manifest is a ruleset within Change Tracker that has captured the exact change details of a patch/update that has occurred on a patch testing system.
NNT has integrated its award-winning Change Tracker™ Gen7 R2 with QRadar to enable a closed-loop environment for change management. This will allow you to validate all of the approved and authorized changes with a full audit trail of what actually changed and reconciled with the Change Request(s).
The clue is in the name, Change Tracker detects changes in an organization’s infrastructure. But so what? Why is that a useful thing to do? How am I benefitting from knowing what has been altered within my environment? The terrifying answer? To detect malicious activity.
Product integration has always been the utopia for IT shops. Managing and monitoring an organizations infrastructure and applications requires a diverse set of tools to address operational needs. Occasionally there is overlap between the gathered data which various tools collect or one tool may contain information that would benefit another tool.
The foundation of NNT Change Tracker is the grouping system. Deployed agents and devices monitored by Change Tracker’s agentless operations are placed into groups which carry monitoring templates for that group.
As an NNT Change Tracker user, it’s likely you spend a reasonable amount of time in the Events Tile of Change Tracker and have often used the Filter option to find events of interest.
NNT is a proponent of ensuring that systems are fit for purpose, the art of configuring a system to be as secure as possible. In order to aid our customer’s in this endeavour, we utilize the research carried out by the Centre for Internet Security (CIS).
Those of you who use Change Tracker will know that Change Tracker Gen 7 provides the most accurate and effective solution to guarantee the integrity of your secure IT systems and reporting any changes as they occur.
The leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry attack that started on May 12, 2017.
Understanding what the correct baseline configuration is for your IT system components is a keystone of security best practice. Compliance mandates, in particular, NERC CIP, require baselines of installed software, updates, and open ports to be captured and reported against.
Any Compliance Auditor is going to ask to see evidence that a full audit trail of user and device activity is retained, requiring all audit log events to be securely backed up to a central log server.
NNT Change Tracker Gen 7 has been designed to be simple to set-up and use. This is a key differentiator from the more cumbersome legacy products such as Tripwire® Enterprise with complex combinations of Tasks, Actions, Rules and Policies all with regular expression pattern matches to configure.
As we have mentioned in previous Tips and Tricks, here at NNT we are big fans of system hardening, the science of rendering servers, database systems, firewalls, EPOS systems and all other IT devices fundamentally secure.
Network-accessible IT systems are all potentially vulnerable to tampering and cyber attack.
We often find when monitoring communication equipment, that there is a need to exclude lines from the gathered configuration that would cause false positives if left.
As Change Tracker users you’ll be familiar with the automated process used for on-boarding devices. Namely, when a new device registers, it is placed into a grouping structure based on the detected operating system.
When reviewing file integrity changes with Change Tracker, you’ll have undoubtedly noticed the hash value within the events.
NNT provides a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified.
System Hardening / Vulnerability Management – the science of rendering servers, database systems, firewalls, EPOS systems and all other IT devices fundamentally secure is still the most effective - but often the most neglected - security best practice.
We’ve all been there, a patch run has been kicked off and the associated Change Tracker Planned Change was not configured – disaster, and possibly a couple of hundred thousand unplanned changes to boot!
As users of NNT Change Tracker, we know the benefits of Windows File Integrity Monitoring, namely associating a user account with identified file changes, but there is additional value in also understanding at a granular level what specifically changed within the file including the actual line in and to what?
A hardened server is a happy server! NNT maximizes the use of compliance reports with a partnership from the Center for Internet Security (CIS). NNT’s compliance reporting provides you with the tools you need to ensure a hardened build standard across your entire IT environment...
NNT has a range of training and managed service offerings to help you get the most of your solution.
Call (844) 898-8362 or click here to request more information.