The clue is in the name, Change Tracker detects changes in an organization’s infrastructure. But so what? Why is that a useful thing to do? How am I benefitting from knowing what has been altered within my environment? The terrifying answer? To detect malicious activity.
The slightly more mundane answer? To identify a best intention change that, nevertheless, has impacted infrastructure operations.
Here at NNT, we are advocates of change. Change is essential to keep environments up-to-date and applications running smoothly and with as few vulnerabilities as possible. The key to change, the utopia, the Holy Grail if you will, is to provide some context to the change activity, the why did this change question.
NNT Change Tracker has a number of approaches to provide the answers.
Change Tracker’s Intelligent Planned Change
Add Change Tracker’s planned changes function into your change process and you’ll be able to prepare Change Tracker for any planned change activity before the changes are carried out.
The above screen is the start of a Change Tracker planned change creation, the first step to preparing the software for, in this case, a Windows patch run.
However, Change Tracker is very much a change detection solution and we all know that best practice pushes the organization to use an IT service management framework to control the change management process. Using an IT service management (ITSM) solution helps companies gain control of the planning aspects of change, providing a single location where change activity can be planned, authorized and reviewed. Here in the below example, we have similar change activity to the Change Tracker planned change, entered into an ITSM solution, ServiceNow in this case.
So immediately we can see that there is an element of duplication here, similar information is entered for the planning of change activity in ServiceNow, as for the detection of the change in Change Tracker.
It feels like an integration could help speed things up and reduce complexity!
NNT is now offering its ITSM integration for the Change Tracker solution. Available for an ever-increasing list of ITSM solutions. In the world of IT Service Management, when there is a need for change it follows a defined process. Request for proposed changes is submitted to a CAB (change advisory board). The CAB either approves or rejects the request for change.
If approved, a Release, Build, Test, Schedule and Deployment plan is created to take effect within a prescribed change management and maintenance window.
Via the ITSM Integration, NNT Change Tracker observes changes and reconciles these changes with the approved change request from ServiceNow.
By understanding the authorized and approved changes, NNT can highlight all the unknown, unwanted, unexpected and potentially malicious changes. These are the changes needing to be reviewed and investigated.
Continuing our example, the ServiceNow planned change highlighted earlier has made its way into Change Tracker via the ITSM integration. You’ll see it is currently disabled as the specified start date and time for the change has not been reached.
The details of the two planned changes mirror each other for date and time and Configuration Items, in this case, a Windows group.
The planned change within Change Tracker becomes enabled when the start date and time is reached. During this time period, the changes which meet the parameters of the planned change will be captured as planned within the Change Tracker monitoring solution.
Optionally, any change which is not detected as part of the planned change will be identified and reported as unexpected and unplanned.
Ultimately, the integration separates change that was expected from the change that was not. This can reduce the load on the poor embattled security professional and helps an organization keep a tight control over its environment.