Change and Configuration Compliance
Blue Turtle offers solutions that will deliver continuous protection against known and emerging cyber security threats.
Our preferred solution uses automated File Integrity Monitoring agents to provide non-stop, real-time detection of vulnerabilities.
Combining SIEM, CCM and FIM in one easy to use solution, NNT enables organisations to see which events take place, automatically honing in on those of concern; this solution will identify what changed, who made the change and which changes were planned or unplanned, all in real-time.
NNT has the following features:
- NNT Security Information and Event Log Management (SIEM)*
- NNT’s multi-platform security correlation enables you to securely gather and review daily logs from all devices, including network devices, UNIX and Window servers, applications and databases.
It will show:
- who has accessed what device;
- if there is an on-going security vulnerability;
- whether confidential data is impacted
Blue Turtle’s Change and Configuration solution will reduce manual effort by automating the CCM process, removing the need to fire-fight whilst identifying the root cause of issues and preventing recurrence of the incident. It will eliminate the breach to detection time gap, alerting on unauthorised changes that introduce security risk or non-compliance and will enable you to make continual improvements to your compliant state by ‘learning with each alert’ to refine process and policy.
NNT Change & Configuration Management (CCM)
The NNT solution starts with a compliance or device hardening audit option to ensure the devices are set up securely from the outset. On-going forensic detection of changes to this compliant state will be tracked in real-time or as part of a scheduled report, controlling and minimizing configuration drift and ensuring system configurations don’t deviate away from established standards and policies.
This solution will confirm the following:
It will confirm:
- Which devices were affected
- Who made the change
- Whether the change was approved
- Whether it has affected your compliant state
NNT File Integrity Monitoring (FIM)
A vital stance in the bid to protect systems from breaches is to monitor unusual or unapproved changes to the Application file systems. NNT FIM verifies program and operating system files have not been compromised, with host intrusion prevention (HIP) pinpointing anything malicious installed on the in scope device.
It will identify:
- Unusual changes
- Which specific attributes changed and who made the change
- Adds, moves or deletes
- Checksum/hash based changes
Blue Turtle offers Change Tracker, which will enables an organisation to bring IT systems into compliance with a ‘known good and secure’ state using ‘out of the box’ or user-definable auditing policies. Once IT systems are considered to be within compliance of your required hardened build standard, as well as configured and set up properly, Change Tracker then uses non-stop, continuous configuration auditing and change tracking to ensure they remain that way. If something does change, Change Tracker will immediately report what changed, when, by whom and crucially, whether that change was part of a Planned Change.
Dynamic Compliance Dashboards also provide ‘at a glance’ reassurance of your continued safe and compliant state.
Change Tracker will provide you with the following information:
- What the real threats are – intelligently evaluating all events and changes within the IT estate to highlight only genuine security threats or points of note.
- What the risk profile is – via real time or scheduled auditing of key devices ensuring they remain hardened, secure and compliant at all times. Any unauthorised changes are notified including ‘who made the change’ and crucially, whether or not the change has affected your compliant state.
- What changed – utilizing real-time and scheduled comprehensive tracking, NNT Change Tracker notifies you of exactly what changed, who made the change, when and what impact that has had on your security profile. Vital in the fight against internal and external threats.
- Which changes were planned or unplanned – the detail of the changes are documented and reconciled with what actually changed via NNT’s ‘Closed Loop Change Management’ process. All planned changes can be authorised and scheduled, providing the ability to separate planned changes and unplanned changes to cut down the number of false alerts and assist you in driving a culture of zero tolerance to unplanned changes throughout your infrastructure.
NNT Change Tracker provides a comprehensive solution, and it is easy to scale across any organisation.
NNT Change Tracker has the following features:
- Real-time File Integrity Monitoring (FIM)
- Fully featured change and configuration management (CCM) solution for your entire IT infrastructure
- Best practice-based configuration hardening reports pre-packed
- Complete system policy management and protection
- Support for all platforms and environments (Windows, Unix/Linux, Oracle and SQL Server Database systems and all network devices and appliances)
- Choice of agentless or agent-based monitoring
- Certified support of CIS Benchmark Checklists to give you the most secure hardened build-standard * Supports OVAL and SCAP checklist content for both compliance reporting and continuous monitoring of compliance that is both more efficient and more effective than traditional ‘snapshot’ vulnerability scanners
- Non-Stop Host Intrusion Detection System operation so that if the worst case scenario arises and you are breached, you will know immediately
Change Tracker will assist you in detecting and alerting any suspicious activity that may represent a security or performance threat.
This solution audits and monitors changes to:
- Files, file contents, file attributes and folder structures;
- File secure hash value, to give a unique DNA Fingerprint for each file, essential to detect Trojan malware;
- Running processes (checked against blacklists and whitelists);
- Windows registry keys and values;
- Installed applications and patches;
- Services’ start-up and running states;
- Windows audit and security policy settings;
- Command line process output, for example a netstat query;
- Enforces CIS Benchmark Checklists for vulnerability mitigation.
For more information, visit: www.newnettechnologies.com