See the next generation of breach prevention technology - Change Tracker Gen 7™
Video Transcript : Part 1
Welcome to NNT and the first in a 3 part series introducing the all-new Change Tracker Gen 7™.
Effective Breach Detection demands tight Change Control – you just can't have one without the other. And tight Change Control requires forensic-level visibility of system integrity changes.
Because without knowing the full context of configuration changes, it is impossible to distinguish between malicious hacker activity, and regular system admin tasks...
Likewise at a file-level, there isn't any obvious difference between a legitimate patch, and an A.P.T. trojan.
Change Tracker Gen 7™ marks the next generation of continuous breach prevention and detection, powered by Closed-Loop, Intelligent Change Control.
Speed of detection is critical for Breach Detection. And Change Tracker Gen 7™ is the fastest file integrity monitoring solution on the market continuously tracking integrity changes and reporting potential security events in real-time: the file change has already been recorded on the Dashboard and is presented for review...
Summary details of changes detected to file attributes and content are presented clearly, together with who made the change.
In this instance, the file looks the same, but the hash value is different, exposing the presence of changes to the binary content. Is it just a patched iteration or a malicious trojan?
Want peace of mind and to short-cut investigation work? Gen 7™ integrates with Threat Intelligence feeds, including authoritative File Whitelisting repositories to verify file lineage.
This is just one of the many innovations that makes Gen 7™ the easiest-to-use FIM solution. But where it leaves behind all the other configuration control and compliance solutions is via its self-learning, intelligent change control capabilities.
With a traditional FIM solution like Tripwire®, regular, repeated changes are simply promoted to the baseline but in doing so, this results in all future changes being ignored.
This may remove the 'change noise' but also creates a hacking blind-spot that could be exploited.
Change Tracker Gen 7™ provides a really simple, point-and-click process where you decide how change activity should be handled from a simple, one-time acknowledgment, through to a full, Intelligent Planned Change.
Gen 7™ Planned Changes are intelligent, because changes will be automatically evaluated based on past experience, literally learning what regular, legitimate system activity looks like.
In this instance, this is a file that is regularly updated, so I build an Intelligent Planned Change rule. The changes will be logged, but won’t raise an Unplanned Change alert.
With just a few clicks I can label the changes - I can use my Servicedesk R.F.C. or other reference then, decide if I want the same rules to be applied to all my devices, or just specified groups or types and finally, decide if I want the rules to be used forever, or for just a specified period of time.
Intelligent Planned Changes are the perfect way to manage ‘Change Noise’ associated with patch rollouts. See the change once, on one device, then automatically apply the same intelligence to all other devices even for thousands of changes, across thousands of devices, and even if the patches are deployed over a prolonged period of time.
The Intelligent Planned Change is immediately activated and will retrospectively review all previously qualifying changes.
Of course, the Intelligent Planned Change rule was specified to be Continuous, so new changes will also be reviewed against the rules defined, and for the next update of the file we reviewed earlier, we can see that it is recorded as Planned.
Video Transcript : Part 2
Welcome back to NNT and the second in this 3 part series introducing the all-new Change Tracker Gen 7™. The same forensic event analysis that powers Intelligent Change Control allows fine grain review and reporting on configuration changes in the Events screen.
Just dial-in the time and date range, select the event-types of interest - for example, Device and Alerts, then drill-down further for the types of changes to review - just click the trackers in the list.
And finally, whether you want to filter by Planned or Unplanned changes.
You can go further still, to search for specific File Hash values, User Names and even use a Free Text search to focus in on exactly the activity of interest.
Of course, I can also filter events by Device Group or individual Devices just by checking them off.
Provided with such a clear view of system integrity changes at a microscopic level, I can expose any unexpected, unplanned changes, even in busy estates with lots of change noise.
You can't always Stop the Breach, but you should always be able to Spot the Breach.
We need to review this Unplanned Change - I can query the file hash recorded against an authoritative File Whitelist, such as Kaspersky's Whitelist, or VirusTotal.
I can run an on-demand lookup like this, or, I can fully automate a whitelist query for every file change recorded.
The automated assessment is especially valuable - I can choose to assign Whitelisted file changes to a Planned Change in other words, 'known-safe' file changes - like the overwhelming majority of mainstream system files and patches - can be automatically reviewed for me.
The net result is that I am left with only truly-suspicious activity to review.
The really cool thing? Because the change noise has been silenced, not only are these changes clearly isolated, but I also have the time to properly assess unexpected changes – this file checks out as OK.
The Gen 7™ Event Filter is so good, you'll want to save and re-use your most useful and regularly used filters - and you can do just that. I have isolated the events I want, now I can save and name the filter for future use.
But this isn't simply a manually activated filter for reviewing events, it's going to be much more useful than that.
Any Event Filter can be saved and scheduled to run automatically on a repeated, regular basis and the results of the Saved Query can even be delivered direct to your InBox via email.
We've covered Intelligent Change Control, and the powerful Event filtering and reporting in Gen 7™.
But how is the configuration monitoring for a device set-up?
Devices are automatically assigned to Device Groups based on their characteristics and, as a result, the assigned Configuration monitoring template for the Group is applied.
The make-up of the Configuration Monitoring template can be reviewed - the paths and files, the registry keys and values, and all other configuration attributes included in the template.
The Device home page also presents a summary of all events, with shortcuts to the Events page and a graphical representation of recent activity.
The Device Group also determines the Compliance Report schedule. C.I.S. Benchmarks are used to assess how hack-proof the device is, and how security can be improved.
C.I.S. Benchmarks are the security industry's primary authoritative source of secure configuration guidance, and are the keystone of any Governance, Regulatory or Compliance initiative.
The Compliance Report identifies any security vulnerabilities present for the device, summarized as a compliance percentage score.
And, for every vulnerability assessed, detailed test results are presented, together with clear, plain-English remediation guidance for the specified security issue. For more background on the vulnerabilities reported, a detailed Rationale is also available to help understand the issues further.
Video Transcript : Part 3
Welcome back to NNT and the last in this 3 part series introducing the all-new Change Tracker Gen 7™.
To edit the Device Configuration Monitoring template or the Compliance Reports applied to the Device's Group, just follow the link.
Any number of Compliance Reports can be assigned and scheduled for the Device Group - you may need to demonstrate compliance with a number of different G.R.C. standards.
Similarly, Configuration Monitoring templates can be layered and combined for a Group, for example, a common O.S. base template could be overlaid with an Application template.
The Configuration Monitoring template can be edited directly from the Group.
Complete control over FIM is provided - selectable Secure Hash algorithm, file/folder match rules and any exclusions needed, for example, streaming log files.
Likewise for registry keys, subkeys and values - the whole key can be tracked or selective values pinpointed using regular expression matches. Security Best Practice guidance and all GRC standards require unnecessary services and daemons to be removed or at least disabled. Change Tracker Gen 7™ tracks compliance in real-time.
The other direct link from the Device home page is to any Planned Changes that the Device is subject to. This is Change-Control Made Easy - absolute visibility of all Planned Changes, and which Devices had which changes.
The whole package means that any organization - large or small - can implement, manage and operate Compliance and Security Best Practices - without breaking sweat!
NNT Change Tracker Gen 7™ really is the Easiest to Use, Most Fully Featured and Most Affordable breach prevention and detection solution ever. In summary, Gen 7™ provides
- Real-Time, Continuous FIM: NNT Change Tracker Gen 7™ has transformed the way that FIM is used. Other manufacturers may claim to have invented FIM, but NNT have perfected it.
- Continuous Compliance - Cyber Security Controls: All major security standards are covered and built-in and multiple standards can be assessed simultaneously.
- Breach Detection – Host Intrusion Detection Solutions: Forensic-level intrusion detection, self-learning about the good to expose the bad – you can’t always Stop the Breach, but at least make sure you can Spot the Breach.
- System Hardening and Vulnerability Management: Full range of CIS Benchmark hardening reports are built-in at no extra cost. NNT are one of a handful of CIS Certified Vendors.
- And finally, Configuration Management with Intelligent Change Control: No more guesswork. Identify exactly what changed, where, when and by whom. This is the intelligent solution to FIM Change-Noise.