Those of you who use Change Tracker will know that Change Tracker Gen 7 provides the most accurate and effective solution to guarantee the integrity of your secure IT systems and reporting any changes as they occur.
Here at NNT, we like to think that we provide the ‘change proof’ for any schedule change activity, such as patching and applications upgrades as well as any changes committed outside of a scheduled window (Disclaimer: It is very naughty to implement changes outside of a scheduled change window!).
Nevertheless, whether the changes you receive are expected or unexpected, the question remains, how can I be certain these changes are good?
Enter NNT’s File Approved-Safe Technology or FAST. Available in NNT’s secure cloud, FAST is powered by external Threat Intelligence feeds and really does take Change Control to the next level. Click here to view a short features video: https://www.newnettechnologies.com/nnt-fast-cloud-threat-intelligence.html. Utilising a file’s unique hash value (sha1 or sha256) changes are automatically analyzed against FAST’s approved whitelist and instantly verified as planned, should a successful match be confirmed.
If you are thinking, ‘how can I get this amazing Change Tracker feature?’ fear not, a call to your friendly NNT account manager will start you on the right path. The setup is also very simple, once you have a FAST key, the configuration is no more complicated than configuring a Change Tracker planned change as the following steps will demonstrate.
Slight caveat here, FAST is hosted at NNT Towers (not a real place ) and so your NNT Change Tracker server needs to be able to reach the NNT cloud infrastructure. Details of the NNT cloud address will be provided with the FAST key.
Once the key has been entered:
Configure the FAST Planned Change:
- Move to 'Settings' and 'Planned Changes'.
- Press the button - 'Schedule a Planned Change' and fill in the details as below. Once complete click 'Update'
- Click the 'Rules' button on the right-hand side of your new FAST Planned Change
- Once again, fill in the details as shown in the following screenshot. It is important that your configuration mirrors the below exactly!!
- Click the 'Update' button and you are all set!
That is all there is to it. Any file integrity changes for the ‘All Device’ group will now be assessed by the NNT FAST service.
FAST Usage Considerations
NNT FAST is a truly powerful solution to change detection, however, with great power comes great responsibility and to get the most from FAST it is imperative that your Change Tracker is configured correctly. Here are a few dos and don'ts to be aware of when working with the NNT FAST Cloud:
- Do be specific with your monitoring - Take some time and work with your NNT Support representative to compile monitoring templates which accurately represents your organization. Bear in mind that while the FAST whitelist contains millions of files, common to all major operating systems and available applications, the cloud will not contain a record of all files in your environment!
- Don't monitor the entire drive! - The temptation with FAST is to simply point Change Tracker at all files on a single drive! This, however, will create a large number of change events, particularly from files which will never be listed by FAST such as log files and will leave you with a massive amount of unplanned changes to review.
- Do use planned change rules - If you have proprietary files which need to be tracked but will obviously never be listed in the FAST Cloud, work with NNT Support to create a planned change rule set so these files are picked up by a FAST alternative rule and marked as planned.