By Delivering Real-Time File Integrity Monitoring for Linux and UNIX, and Augmenting Agent-based and Agentless Deployment and Operability
New Net Technologies, (NNT), a global provider of IT security and compliance software solutions, today announced the availability of Version 6 of NNT Change Tracker, its flagship system auditing and change detection solution. Change Tracker Version 6 is designed to improve scalability, performance and security by delivering a new generation of cross-platform agents.
In common with the existing Windows-agent, real-time file integrity monitoring can now be delivered for Ubuntu, RedHat, CentOS, Solaris and Mac OS X. Version 6 also improves efficiency and performance for Change Tracker’s agentless FIM capabilities.
NNT Change Tracker provides a full suite of change management, file integrity monitoring, system hardening and policy management tools for all devices across heterogeneous environments. The system is typically used for security and compliance initiatives and gives users an efficient, easy-to-use auditing and change detection solution.
It works by identifying security incidents, such as a compromised server or device, and then correlating all suspicious events across the network in order to identify threats. The solution works at a forensic level by monitoring changes to configuration files, registry keys and values, user accounts, installed software, service and process activity and security policy settings to ensure systems remain hardened and secure. As significant changes are detected these get categorized as either Planned or Unplanned changes, giving a foundation to any secure Change Control procedure.
Change Tracker also tracks the integrity of the overall file system to provide protection from ‘Zero Day’ and Advanced Persistent Threat malware. All intelligence gathered is presented via a series of simple dashboards that ensure systems are, and remain, secure and compliant.
The new UNIX/Linux agent works in real-time to provide immediate detection of potential security breaches as well as identifying who actually made the change. Only incremental change data is captured and sent across the network to significantly reduce the impact on host/network resources when compared to competitive agentless or scanning systems. All salient information is summarized in an ‘at a glance’ format to quickly establish whether changes made are a threat.
Deployment and maintenance of the Agent is simplified with auto-deployment scripts for installation of the Agent framework, as well as the ability for the latest patches and versions to be automatically pushed out to all Agents when the central Change Tracker server is updated. In this way, organizations will only pay the cost to deploy the agent-enabled technology once, rather than each time an update needs to be applied.
Within Version 6, Agentless deployment has been improved with a new web GUI for Linux and UNIX hosts for trouble-free set-up. Out-of-the box templates are provided for checklist or compliance based security configuration, along with configurable/customizable user-defined templates to govern and maintain the integrity of internal IT security standards.
Agentless performance has also been improved with the file integrity data now delivered in ‘concise’ mode, cutting down network load by up to a factor of 20. Typically, each time an agentless or scan-based FIM solution collects change data, all the data from each monitored device is recaptured and sent across the network, significantly impacting network performance. With Change Tracker v6 the manner in which the agentless model polls, collects and assess the changes has been improved by storing file integrity data in a pre-compared format for instant access and review.
Change Tracker Version 6 incorporates many other important enhancements, including:-
- Seamless integration and direct reporting with 3rd party SIEM platforms to augment their existing log management capabilities with FIM, in order to pinpoint and alert to configuration changes that weaken system security
- Bi-directional integration with service desk systems to provide a closed loop change management process where only ‘approved’ changes are implemented and a ‘zero tolerance’ approach to unplanned changes enforced
- Condensed summary reports make it easy to view and remediate failures. The information is presented in a spreadsheet format making it easy to identify the issue, review the failure and then fix the problem, even for thousands of devices
Mark Kedgley, Chief Technical Officer at NNT comments: “Change Tracker Version 6 is an important step for NNT and our customers around the world. With this release, we have introduced consistency of operability and performance for both NNT’s Agent-based and Agentless solutions. This means that the decision of which one to adopt is now purely one of corporate preference, infrastructure and the commercial framework.” Kedgley continues:
“More importantly, the extension of agent-based deployment across any platform has delivered real-time FIM into the Linux and UNIX environment. Many of our customers have already warmly embraced the Linux Agent option, citing real-time operation as a big plus, with the attendant benefits to performance and security also being highly desirable.”