NNT F.A.S.T. Cloud Threat Intelligence Integration 
– A Mute button for FIM Change Noise

A Mute button for FIM Change Noise

no noise icon

Change Tracker Gen 7™ provides the most accurate and effective FIM solution guaranteeing the integrity of your secure IT systems and reporting any changes as they occur. But how do you distinguish between:

‘good’ - intended, desirable changes such as updates and patches, and
‘bad’ - malicious activity following a breach?

The smart response is to leverage cloud-based Threat Intelligence to automatically validate file changes as they are detected using an authoritative file whitelist. And now you can use the NNT FAST™ (File Approved-Safe technology) Cloud to do just this, in real-time.

Request a free trial of NNT Change Tracker Gen 7™

Is the new or changed file detected known to be safe?

Is the new or changed file detected known to be safe?

shield icon

The overwhelming majority of file changes in a secure IT estate will be attributed to regular patching, for example, Windows Updates.

Given that your estate is inherently secure and subject to change control and other security best practices, >99.99% changes recorded will be ‘safe’. Not always expected or operationally desirable, but at least files have been provided by the manufacturer and not a hacker.

Request a free trial of NNT Change Tracker Gen 7™

Isn’t this the job of Anti-Virus technology?

Isn’t this the job of Anti-Virus technology?

antivirus icon

Anti-Virus is Signature-based, in other words, AV operates using a blacklist of all known bad files.

Millions of new viruses are released into the wild every day, and accordingly, AV vendors add updated signatures as soon as the malware has been identified. It’s simple: blacklisted files are removed before they do harm.

Unfortunately, Zero Day Malware is invisible to AV. Zero Day = Never-Before-Seen, so no signature. Millions of viruses, Trojans and APTs do not exist on the blacklist and are free to do damage until caught.

So how do you spot Zero Day malware if it can’t be identified?

Request a free trial of NNT Change Tracker Gen 7™

If a Blacklist approach is flawed, will a Whitelist work better?

If a Blacklist approach is flawed, will a Whitelist work better?

target icon

A Whitelist is also signature-based, comprising all known good files. Using a whitelist as a ‘safety-first’ decision basis prioritizes security above all else. Not whitelisted? Assume harmful.

A truly comprehensive whitelist is an ambitious objective, but with zero day malware production rates relentlessly spiralling upwards, it’s a more realistic goal than that of the AV vendors.

By collaborating with a range of security researchers, manufacturers and crowd-sourcing data from the global community, while factoring in other trust indicators such as signing certificates, a reliable and effective whitelist is readily within reach.

Request a free trial of NNT Change Tracker Gen 7™

Can a Whitelist Verification process be automated?

Can a Whitelist Verification process be automated?
Even for hundreds of changes across thousands of endpoints?

cogs icon

Using the NNT FAST™ Cloud, powered by external Threat Intelligence feeds, Gen 7™ makes this whole process even easier by automating the analysis and approvals process.

By integrating the FAST™ Cloud File Reputation repository into Gen 7™, file changes can be automatically and instantly verified as ‘known safe’ as they are detected. But it doesn’t stop there – other changes associated with patching can also be queried and automatically approved using the NNT FAST™ Cloud. For example, Software/Update changes, Windows registry changes, or even new services/processes being created can all be reviewed and, where pre-selected as ‘known safe’, automatically reviewed and approved for you.

Request a free trial of NNT Change Tracker Gen 7™

So a Whitelist and Blacklist combined in a Real-Time FIM scenario guarantees Security?

So a Whitelist and Blacklist combined in a Real-Time FIM scenario guarantees Security?

recycle icon

The challenge for security professionals is that you need to know when changes are made to systems, but sorting the ‘everyday/ok’ from the ‘unusual/suspicious’ changes always required a time-consuming, manual review.

IMPORTANT: the whitelist knowledge is being combined with the blacklist of your AV system, not replacing it. If a file is known-harmful, the AV will still quarantine it. Likewise, if a file is known-safe, the whitelist will confirm this. All that is left for you to manually review and approve is the tiny minority of ‘not-yet whitelisted’ files - for example, bespoke in-house developed applications.

BUT - if you are unfortunate enough to be breached, files related to this cyberattack will also be exposed in this ‘no man’s land’ of neither blacklisted, nor whitelisted files.

Request a free trial of NNT Change Tracker Gen 7™

NNT Change Tracker Gen 7™ with NNT FAST Cloud Threat Intelligence

NNT Change Tracker Gen 7™ with NNT FAST Cloud Threat Intelligence:

FAST cloud icon

With Gen 7™ automatically assessing and approving changes confirmed as ‘on the whitelist’, the reduction in FIM change noise - and therefore your time to review FIM changes – will transform your ability to properly investigate the genuinely suspicious events, thereby delivering a solution that actually meets the true security purpose of system integrity monitoring.

Request a free trial of NNT Change Tracker Gen 7™

Isn’t it time for you to stop making token gestures towards cyber security and start taking it seriously?

Products

EASIEST TO USE – MOST FULLY FEATURED – MOST AFFORDABLE

USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
emailUSinfo@nntws.com
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
emailinfo@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
NNT Logo
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.