Video: NNT Change Tracker Enterprise: Managing the Enterprise Attack Surface
Breach Prevention Strategy – Can anything provide 100% protection?
If there was a security product that gave 100% protection wouldn’t we all be using it? Instead the breaches just keep coming –
- Target - 40 million payment cardholder details stolen
- The Australian Information Commissioner reports a 20% increase in reported personal information breaches
- More occurrences of malware to non-Windows platforms
- For many, security defenses are falling well short of the effectiveness needed.
Vulnerability Management – Assessing and Reducing the Attack Surface
When developing an information security strategy, prevention is still better than cure. Organizations get breached because they leave gaps in their defenses. Gaps that are subsequently exploited. Protection is provided by layered, overlapping defense measures and operational procedures. Any gap leaves the enterprise with a Cyber Security Achilles Heel, a weak spot or vulnerability that an attacker can exploit. We call this the Enterprise Attack Surface.
How prone is your organization to an attack right now? How do you assess or measure this? Change Tracker Version 6.5 provides the most powerful and comprehensive array of vulnerability assessment reports yet.
Alongside reports that intelligently audits any network device or firewall - or operating system platform such as Windows Server 2012, 2008R2, Red Hat Enterprise Linux and Solaris.
Database Hardening Checklist – PCI DSS and CIS Benchmark Checklists
Change Tracker Enterprise will now analyze your Database Systems too – probing the system to look for vulnerabilities that leave you prone to attack. Plain English reports describe the vulnerability and settings needed to mitigate the associated threat
And it isn’t just NNT saying that Hardening and Vulnerability Management is one of the most effective preventative security best practices.
Leading security standards, such as the PCI DSS, all place Device Hardening at the top of the list when it comes to security best practices. In fact Version 3 of the PCI DSS prioritizes hardening second only to installing a firewall as THE most important security initiative one can take.
Requirement 2 of the PCI DSS is to remove vulnerabilities relating to default settings and known exploits to skinny down device configurations as much as possible. The requirement is to “Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards” When it comes to industry-accepted sources, the most authoritative, consensus-based hardening checklists are maintained by the Center for Internet Security and NNT have now joined the exclusive group of product manufacturers that are CIS Certified Vendors.
Real-Time FIM for Continuous Compliance Monitoring
One of the cool things about NNT Change Tracker Enterprise is that the reporting and monitoring templates are flexible and extensible.
This means that we can not only ensure your database systems and other platforms remain vulnerability-free but that all other elements of your Operational Build Standard are being maintained too.
Change Control and Configuration Management are core principles of secure, professional IT operations, and Change Tracker Enterprise provides complete visibility of changes as they are made, in real-time, even to custom or bespoke applications. Change Tracker Enterprise not only keeps your IT operations secure, but on-line too, exposing any configuration or system file changes as they are made.
So in terms of preventing breaches by mitigating vulnerabilities, Change Tracker plays a vital role in both the initial hardening process and the on-going detection and correction of any configuration ‘drift which could render the enterprise vulnerable to attacks.
Cyber Security Breach Detection
FIM provides a Real-Time Host Intrusion Detection System
However, every plan needs contingency to cater for the ‘what if’ scenarios. Security threats are always evolving, and, in a complex, fluid IT environment, mistakes can be made, bad config changes that inadvertently affect security and/or service delivery. And of course, inside man threats are always hardest to prevent.
Change Tracker Enterprise Version 6.5 features an all new, cross platform Agent. Running as a native 64 bit process, even the most demanding File Integrity Monitoring requirements can be handled. Any malware that finds its way onto systems, or any subtle changes to services, processes, the registry, configuration settings or system files will be detected in real time.
Crucially, the agent works from a one-time baseline, assessing changes only as and when they happen, so there isn’t the need to run repeated heavy baselining workloads like the FIM agents used by SIEM systems in the traditional Tripwire manner.
Real-Time FIM versus Vulnerability Scanner
The Agent operation brings other advantages too - Unlike vulnerability scanners like Qualys, nCircle or Nessus that need to logon to the host via the network and run network and host-resource intensive scans, being self-contained on the host itself means the agent is more resource-efficient and more secure.
Being resident on the host also means a FIM agent can provide continuous protection But where the need to run agentless is preferred or there simply is no other option, such as for legacy Unix hosts or network appliances, Change Tracker also provides a high performance scanning option. Once the agent has its baseline image of the filesystem and security settings for the host, it then watches for change activity. Again, no changes means no host or network resources used by the agent, but with real-time detection when changes are made. Real-time Agent-based FIM delivers the most sensitive, High security protection, but with the highest resource efficiency too.
The baseline includes all file attributes and a secure hash value for each file, with the option to also record the content of text-based config files.
When any file change is made that meets the Change Tracker monitoring policy, the agent runs an immediate assessment against its baseline. Any change to the file attributes, contents and crucially, secure hash value means there has been a change. The security officer will be notified by email but to simplify investigation of this potential breach, the change details are summarized in a clear, plain-english report, including the file name, whether the change is unexpected/unplanned or part of a scheduled planned change, and crucially, who made the change.
Quick, decisive investigation of potential security breaches is essential when operating secure but dynamic IT services, but prevention of cyber security attacks is still the priority. Change Tracker Enterprise 6.5 provides market-leading File Integrity Monitoring technology, to continuously identify vulnerabilities and detect breaches when they occur. Change Tracker Enterprise - Minimize the enterprise attack surface - Continuous protection in real-time.
Read more by downloading the white paper…