NNT F.A.S.T. Cloud Threat Intelligence Integration

A Mute button for FIM Change Noise
Change Tracker™ Gen7 R2 provides the most accurate and effective FIM solution guaranteeing the integrity of your secure IT systems and reporting any changes as they occur. But how do you distinguish between:

‘good’ - intended, desirable changes such as updates and patches, and
‘bad’ - malicious activity following a breach?

The smart response is to leverage cloud-based Threat Intelligence to automatically validate file changes as they are detected using an authoritative file whitelist. And now you can use the NNT FAST™ (File Approved-Safe technology) Cloud to do just this, in real-time.

fastcloud logo

shield icon

Is the new or changed file detected known to be safe?
The overwhelming majority of file changes in a secure IT estate will be attributed to regular patching, for example, Windows Updates.

Given that your estate is inherently secure and subject to change control and other security best practices, >99.99% changes recorded will be ‘safe’. Not always expected or operationally desirable, but at least files have been provided by the manufacturer and not a hacker.

shield icon

Isn’t this the job of Anti-Virus technology?
Anti-Virus is Signature-based, in other words, AV operates using a blacklist of all known bad files.

Millions of new viruses are released into the wild every day, and accordingly, AV vendors add updated signatures as soon as the malware has been identified. It’s simple: blacklisted files are removed before they do harm.

Unfortunately, Zero Day Malware is invisible to AV. Zero Day = Never-Before-Seen, so no signature. Millions of viruses, Trojans and APTs do not exist on the blacklist and are free to do damage until caught.

So how do you spot Zero Day malware if it can’t be identified?

shield icon

If a Blacklist approach is flawed, will a Whitelist work better?
A Whitelist is also signature-based, comprising all known good files. Using a whitelist as a ‘safety-first’ decision basis prioritizes security above all else. Not whitelisted? Assume harmful.

A truly comprehensive whitelist is an ambitious objective, but with zero day malware production rates relentlessly spiralling upwards, it’s a more realistic goal than that of the AV vendors.

By collaborating with a range of security researchers, manufacturers and crowd-sourcing data from the global community, while factoring in other trust indicators such as signing certificates, a reliable and effective whitelist is readily within reach.

shield icon

Can a Whitelist Verification process be automated?
Using the NNT FAST™ Cloud, powered by external Threat Intelligence feeds, Gen 7™ makes this whole process even easier by automating the analysis and approvals process.

By integrating the FAST™ Cloud File Reputation repository into Gen 7™, file changes can be automatically and instantly verified as ‘known safe’ as they are detected. But it doesn’t stop there – other changes associated with patching can also be queried and automatically approved using the NNT FAST™ Cloud. For example, Software/Update changes, Windows registry changes, or even new services/processes being created can all be reviewed and, where pre-selected as ‘known safe’, automatically reviewed and approved for you.

 

shield icon

So a Whitelist and Blacklist combined in a Real-Time FIM scenario guarantees Security?
The challenge for security professionals is that you need to know when changes are made to systems, but sorting the ‘everyday/ok’ from the ‘unusual/suspicious’ changes always required a time-consuming, manual review.

IMPORTANT: the whitelist knowledge is being combined with the blacklist of your AV system, not replacing it. If a file is known-harmful, the AV will still quarantine it. Likewise, if a file is known-safe, the whitelist will confirm this. All that is left for you to manually review and approve is the tiny minority of ‘not-yet whitelisted’ files - for example, bespoke in-house developed applications.

BUT - if you are unfortunate enough to be breached, files related to this cyberattack will also be exposed in this ‘no man’s land’ of neither blacklisted, nor whitelisted files.

 

NNT Change Tracker Gen7™ R2 with NNT FAST Cloud Threat Intelligence:

With Gen7™ R2 automatically assessing and approving changes confirmed as ‘on the whitelist’, the reduction in FIM change noise - and therefore your time to review FIM changes – will transform your ability to properly investigate the genuinely suspicious events, thereby delivering a solution that actually meets the true security purpose of system integrity monitoring.


change tracker gen7r2 logo

Isn’t it time for you to stop making token gestures towards cyber security and start taking it seriously?

USA Offices
NNT logo New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
email [email protected]
UK Office
NNT logo New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.