WHAT WE MONITOR
Server integrity is more than simply detecting changes in the case of File Integrity Monitoring (FIM). Integrity is the confidence and certainty that the appropriate controls, processes, and compliance requirements are in place to ensure the accuracy and consistency of data throughout its entire life cycle of operation.
CimTrak provides the necessary controls and integrity assurance that your servers have not deviated from a known and trusted state of operation through best practices of system hardening, configuration, and change management. By managing the process of authorized and expected changes, server integrity can be maintained on an ongoing basis.
It all begins with the identification of change. CimTrak utilizes a patented real-time, proprietary methodology for detecting changes to servers. Once identified, CimTrak will interrogate that change with a number of best practice controls and processes to determine if the change is expected or unexpected (good or bad). The "expected" change will be suppressed and stored for audit and forensic purposes. The "unexpected" change will undergo further review and investigation to determine if it was a circumvented process (non-malicious) or a security incident (malicious).
In either event, a manual or automated process can be triggered to roll back and remediate to any number of previously trusted and secure baselines of operation.
Trusted by organizations worldwide, CimTrak is a critical component of your multi-layered security approach, CimTrak for Servers allows users to detect and classify changes to vital computer server elements, including operating system files, directories, data files, file attributes, configuration settings, policies, port settings, Windows Registry, and more. CimTrak works on both physical and virtual servers such as VMWare as well as Cloud-based systems such as Amazon EC2 and supports many operating systems including Windows, Linux, UNIX, FreeBSD, and more.
CimTrak gives you deep insight into changes that are occurring on your servers. By letting you know “who” made a change, “what” exactly changed, and “when” it changed, users get actionable information, not just an alert that requires time-consuming, manual effort to investigate. Users can even drill down further and get a side-by-side comparison of what a particular file looked like pre-change vs. post-change and zero in on exactly what changed. This extraordinary level of detail saves already stretched IT staff time, money, and frustration by getting to the root of the problem.
While knowing that a change has occurred can be extremely helpful, knowing whether that change is good or bad takes change detection to the next level! Through its fully integrated, change ticketing module, CimTrak allows users to proactively plan changes so that expected changes can be simply promoted to the known, good baseline, eliminating significant time investigating changes. Instead of focusing on all changes, you can focus on those that are unexpected, maximizing the security of your environment. The CimTrak Ticketing Module can be used as a stand-alone solution for organizations that do not have their own system or integrated into an existing, third-party system.
CimTrak’s Trusted File Registry™ service goes one step further by automatically recognizing known, trusted vendor updates/patches and instantly reconciling them through promotion to the authoritative baseline. The Trusted File Registry™ provides the ultimate in system security and greatly minimizes the time spent by IT security personnel when it comes to investigating changes.
With a wide selection of reports that can be scheduled or created on-demand, CimTrak ensures you have the information you need for auditing, compliance, configuration, and change management purposes. With CimTrak’s ODBC driver, data can be sent from the CimTrak Master Repository to any reporting tool your organization utilizes including Excel, Crystal Reports, or Cognos.
Upon detection of changes, alerts can be sent to the appropriate personnel within your organization. Additionally, change details can be sent to a Syslog server or security information and event manager (SIEM) to assist in risk analysis and threat detection. CimTrak offers out-of-the-box integration with all major SIEM solutions including HP ArcSight, LogRhythm, IBM QRadar, McAfee Enterprise Security Manager, RSA Security Analytics, Splunk, and more!
CimTrak’s unique architecture gives it the unprecedented ability to go beyond change detection. Various modes of operation including “update baseline,” deny rights,” and “restore” give users extreme versatility, unlike any other solution on the market.
Users can deploy these modes of operation selectively to monitor a particular file or group of files as appropriate. This granular nature of deployment allows precision monitoring of your unique environment in a way that fits your operational needs.
Changes are logged and alerted and an audit trail is created.
An incremental “snapshot” of a file, configuration, or setting is taken and stored in the CimTrak Master Repository as changes occur. This feature allows for changes between snapshots to be analyzed and the previous baseline to be redeployed at any time with one click.
Denies any access to modify a file. Since CimTrak runs as the local system account, it does not matter what privilege access a user has, the ability to manipulate a file will not be allowed thus denying changes, deletions, or additions.
Instantaneously reverses a change upon detection. This effectively allows a system to “self-heal.”
When changes occur, CimTrak’s unique ability to take immediate action via the “Deny Rights” or “Restore” mode, helps to ensure the integrity and security of your business-critical servers, workstations, and devices. CimTrak protects against external attacks that slip by your perimeter defenses as well as internal attacks and occasional accidents that originate from inside your corporate perimeter.
While intrusion detection systems and anti-virus are essential, they are dependent on known attack signatures and are often useless against zero-day attacks, disgruntled employees, or programmer mistakes. CimTrak is not dependent on outside intelligence of new hacker or virus methods.
As cyberattacks, data breaches, and new forms of malware become more and more prevalent, new methods of defense are necessary. With CimTrak’s powerful and unique modes of operation, you can detect, respond, and recover from changes resulting from both malicious our circumvented activities. This ensures your environment is compliant and remains secure as new and evolving IT security threats try to wreak havoc on your IT systems.