Change Tracker Enterprise™

The best, easiest to use, most fully featured and affordable File Integrity Monitoring solution providing

  • Non-Stop File Integrity Monitoring

Information security is now a mainstream requirement for all organizations, of all sizes and industries

The range and variety of threats to your confidential data is not only vast, but growing and evolving all the time. Firewalls and anti-virus protection have been sidelined, only providing protection against a fraction of today’s threats to your information assets – zero day threats, mutating malware, APT's or advanced persistent threats, coupled with phishing and insider threats mean that your network and servers are exposed right now.

File Integrity Monitoring strengthens security in 4 key areas:-

+ Compliance

+ System Hardening/Vulnerability Management

+ Malware Protection + Breach Detection

+ Configuration Management and Change Control

Compliance

All governance, regulatory and compliance standards like NIST 800-53, SOX, PCI DSS, NERC CIP, HIPAA , FedRAMP, DISA STIG all mandate the need for cyber security controls. Maintaining system integrity is a key control for provably secure systems, as is vulnerability mitigation and malware protection. File Integrity Monitoring technology fulfils all requirements for all compliance standards including the application of a Hardened Build Standard.

All security standards and Corporate Governance Compliance Policies such as PCI DSS Version 3, SOX (Sarbanes Oxley), NERC CIP Version 5, HIPAA/HITECH, FedRAMP,DISA STIG, ISO27000 and FISMA require IT systems to be secure and configured properly in order to protect and secure confidential data.

Cybersecurity controls with respect to compliance are typically focused on guaranteeing data security and integrity and there are common themes applied across all policies, advocating the operation of security best practices to achieve:

System Integrity – to protect systems from insider tampering and cyber attack, ensuring software, firmware and information integrity.

Risk assessment – minimizing risk by determining vulnerabilities and applying system hardening and other countermeasures to threats where identified

Continuous Monitoring – Change control, security impact analysis and configuration management, build audit trails of user and system activity.

System Hardening / Vulnerability Management

The science of rendering servers, database systems, firewalls, EPOS systems and all other IT devices fundamentally secure is still the most effective - but often the most neglected - security best practice. Todays’ contemporary networked systems rely on inter-operation, ease of use and open access – all in direct opposition to system security. A Hardened System is one that has a ‘locked down’ configuration, removing all unnecessary function, access and other potential vulnerabilities that could be exploited by a hacker. The information security industry’s authority on secure configuration guidance is the Center for Internet Security. CIS Benchmarks are the recommended hardened build-standard for all security and compliance initiatives.

When developing an information security strategy, the emphasis should always begin with prevention of attacks before detection.

IT products are designed to be easy to use, quick to deliver results and requiring as little user intervention as possible.

All of which, of course, are in direct conflict with the objectives of maximizing system security. As a consequence, default security configuration settings for any operating system, database system or network device are typically weak. Hackers of the world know which moves and holds to try in order to break-into or disrupt systems so countermeasures are needed but you also need to protect systems from privileged internal users who may choose to abuse their system permissions.

Organizations suffer IT security breaches because they leave gaps in their defenses, gaps that are subsequently exploited. Protection from malware, hackers and even rogue insiders with admin rights requires tighter governance of system security than ever before.

Mitigation of known vulnerabilities through hardening of IT systems is the most effective way to render them secure, protecting the information being processed and stored. Other security defense measures will be used in a layered approach to protecting information assets, but system hardening is always the foundation security best practice.

Key Issues - System Hardening and Vulnerability Management

+ How do you make systems truly secure?

+ How do you get comprehensive and authoritative hardening checklists for all IT systems?

+ How do you measure and maintain compliance with your hardened build standard and governance standard?

Breach Detection and Malware Protection

Zero Day Threats, by definition, are invisible to Anti-Virus systems. Trojans that masquerade as legitimate system files can be hidden in plain-sight. Application Backdoors, once embedded, will remain operational forever unless regular file integrity checks are run. Breach and Intrusion detection requires forensic-level change detection for files, registry hives, service and process lists and other indicators such as operating network ports.

If there was a security technology that gave 100% protection, wouldn’t we already be using it?

The grim reality is that breaches continue to succeed despite the range and sophistication of cyber security products in use.

  • Sandbox technology won’t stop an insider threat
  • Firewalls won’t stop phishing attacks
  • Anti-Virus technology won’t even detect zero day malware, let alone stop it

A layered security approach is therefore essential to minimize the Attack Surface presented by your Enterprise and defend against the complete spectrum of threats. But while breaches continue to succeed it is necessary to put in place continegncy measures - in other words, when you can’t Stop the Breach, make sure you at least Spot the Breach.

+ Breach Detection? Surely prevention is better than detection?

+ How does Breach Detection technology differentiate between Host Intrusion activity and legitimate system admin?

+ Breach Detection/HIDS and Compliance

Configuration Management and Change Control

The only constant in IT is the perpetual state of change. Patching, upgrades, new users, new sites, new applications all require changes to the network, servers and workstations. Any change may re-introduce vulnerabilities that contravene your organization’s Hardened Build Standard, so continuous File Integrity Monitoring is essential for maintaining security

Change Control has always been a key security best practice. With every change made to IT systems comes a risk of a weakening of security defenses, not to mention operational problems, through misconfigurations. Changes also create ‘noise’ that makes it more difficult to detect a breach when a cyber attack succeeds.

For compliance, any security auditor will advocate a zero tolerance approach to unplanned changes in order to maintain a secure hardened build standard and to improve the chances of identifying a breach or malware infection.

With Change Control notoriously difficult to operate - especially at the forensic level of detail needed for security governance - a new approach has long been needed, one that gives the level of analysis necessary for breach detection but without requiring manpower-intensive manual review of every change detected.

NNT have introduced the concept of Closed-Loop Intelligent Change Control to deliver real-time, forensic analysis of changes to spot breach activity, but with automated intelligence to identify known and expected planned changes such as patches.

+ How does Change Control deal with patches in a secure environment?

+ How do you ensure configuration changes don’t affect security or impact compliance?

+ Change control: too laborious, too time-consuming and gets in the way of operating the business?

  • System Hardening – Vulnerability Management
  • When developing an information security strategy, the emphasis should always begin with prevention of attacks before detection.
  • IT products are designed to be easy to use, quick to deliver results and requiring as little user intervention as possible.
  • All of which, of course, are in direct conflict with the objectives of maximizing system security. As a consequence, default security configuration settings for any operating system, database system or network device are typically weak. Hackers of the world know which moves and holds to try in order to break-into or disrupt systems so countermeasures are needed but you also need to protect systems from privileged internal users who may choose to abuse their system permissions.
  • Organizations suffer IT security breaches because they leave gaps in their defenses, gaps that are subsequently exploited. Protection from malware, hackers and even rogue insiders with admin rights requires tighter governance of system security than ever before.
  • Mitigation of known vulnerabilities through hardening of IT systems is the most effective way to render them secure, protecting the information being processed and stored. Other security defense measures will be used in a layered approach to protecting information assets, but system hardening is always the foundation security best practice.

Key Issues - System Hardening and Vulnerability Management

+ How do you make systems truly secure?

+ How do you get comprehensive and authoritative hardening checklists for all IT systems?

+ How do you measure and maintain compliance with your hardened build standard and governance standard? 

  • Closed-Loop Intelligent Change Control

Within any IT estate, the only constant is change.

Change Control has always been a key security best practice. With every change made to IT systems comes a risk of a weakening of security defenses, not to mention operational problems, through misconfigurations. Changes also create ‘noise’ that makes it more difficult to detect a breach when a cyber attack succeeds.

For compliance, any security auditor will advocate a zero tolerance approach to unplanned changes in order to maintain a secure hardened build standard and to improve the chances of identifying a breach or malware infection.

With Change Control notoriously difficult to operate - especially at the forensic level of detail needed for security governance - a new approach has long been needed, one that gives the level of analysis necessary for breach detection but without requiring manpower-intensive manual review of every change detected.

NNT have introduced the concept of Closed-Loop Intelligent Change Control to deliver real-time, forensic analysis of changes to spot breach activity, but with automated intelligence to identify known and expected planned changes such as patches.

+ How does Change Control deal with patches in a secure environment?

+ How do you ensure configuration changes don’t affect security or impact compliance?

+ Change control: too laborious, too time-consuming and gets in the way of operating the business?

  • Real-Time Breach Detection

If there was a security technology that gave 100% protection, wouldn’t we already be using it?

The grim reality is that breaches continue to succeed despite the range and sophistication of cyber security products in use.

  • Sandbox technology won’t stop an insider threat
  • Firewalls won’t stop phishing attacks
  • Anti-Virus technology won’t even detect zero day malware, let alone stop it

A layered security approach is therefore essential to minimize the Attack Surface presented by your Enterprise and defend against the complete spectrum of threats. But while breaches continue to succeed it is necessary to put in place continegncy measures - in other words, when you can’t Stop the Breach, make sure you at least Spot the Breach.

+ Breach Detection? Surely prevention is better than detection?

+ How does Breach Detection technology differentiate between Host Intrusion activity and legitimate system admin?

+ Breach Detection/HIDS and Compliance

Real-Time Breach Detection

NNT Change Tracker Enterprise™ delivers market-leading File Integrity Monitoring for any security and compliance initiative: Stop the Breach or Spot the Breach

NNT Change Tracker Enterprise provides continuous protection against known and emerging cyber security threats in an easy to use solution, offering true enterprise coverage through agent-based and agentless monitoring options.

Unlike traditional scanning solutions, Change Tracker Enterprise uses automated File Integrity Monitoring to provide continuous real-time detection of vulnerabilities. And if the unthinkable happens, immediate notification when malware is introduced to your systems or other breach activity is detected.


New for Change Tracker 2015 – Closed-Loop Intelligent Change Control

CLICC reconciles the security benefits of forensic change control with the detailed workload necessary to review changes.

The solution is ‘Closed-Loop’ and ‘Intelligent’, because any changes made are automatically assessed against expected or permitted changes to the configuration baseline, delivering all the benefits of zero tolerance to unplanned changes and a super-sensitive breach detection capability, but without the time-consuming, resource-intensive (and boring) post-implementation review burden.

By automatically assessing changes, all expected/pre-approved changes such as known patching updates can be isolated leaving just unplanned changes – which may be breach activity - exposed, to then be properly investigated.


Operating at a forensic level within the IT infrastructure, ChangeTracker works across all popular platforms such as:

Platforms

Operating at a forensic level within the IT infrastructure, Change Tracker™ works across all popular platforms such as:

  • Windows, all versions including XP, Windows 7, Windows 8, 2008R2, 2012
  • Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat, Oracle
  • Apple MAC OS, all versions
  • Unix, all versions including Solaris, HPUX, AIX
  • Hyper-V and VMWare, all versions, including ESXi
  • Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL
  • Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper and Checkpoint

Activity monitored

Detecting and alerting to any suspicious activity that may represent a security or performance threat, Change Tracker™ audits and monitors changes to:

  • files, file contents, file attributes and folder structures
  • file secure hash value, to give a unique DNA Fingerprint for each file, essential to detect Trojan malware
  • running processes (checked against blacklists and whitelists)
  • Windows registry keys and values
  • installed applications and patches
  • services’ startup and running states
  • windows audit and security policy settings
  • command line process output, for example a netstat query
  • enforces CIS Benchmark Checklists for vulnerability mitigation

In the first instance, Change Tracker™ enables an organization to bring IT systems into compliance with a ‘known good and secure’ state using ‘out of the box’ or user-definable auditing policies. Once IT systems are considered to be within compliance of your required hardened build standard, as well as configured and set up properly, Change Tracker™ then uses non-stop, continuous configuration auditing and change tracking to ensure they remain that way. If something does change, Change Tracker™ will immediately report what changed, when, by whom and crucially, whether that change was part of a Planned Change. Dynamic Compliance Dashboards also provide ‘at a glance’ reassurance of your continued safe and compliant state. Change Tracker will inform you:-

What the real threats are - intelligently evaluating all events and changes within the IT estate to highlight only genuine security threats or points of note

What the risk profile is – via real time or scheduled auditing of key devices ensuring they remain hardened, secure and compliant at all times. Any unauthorized changes are notified including ‘who made the change’ and crucially, whether or not that change has affected your compliant state

What changed - utilizing real-time and scheduled comprehensive tracking, NNT Change Tracker notifies you of exactly what changed, who made the change, when and what impact that has had on your security profile. Vital in the fight against internal and external threats

Which changes were planned vs unplanned - the detail of the changes are documented and reconciled with what actually changed via NNT’s 'Closed Loop Change Management' process. All planned changes can be authorized and scheduled, providing the ability to separate planned changes vs unplanned changes to cut down the number of false alerts and assist you in driving a culture of zero tolerance to unplanned changes throughout your infrastructure.

Easy to scale across any organization, NNT Change Tracker™ provides a comprehensive solution, including:

Real-time, continuous File Integrity Monitoring (FIM), records changes to any binary system or application files, as well as to any text-based configuration file, recording what changed and who made the change. All file attributes are tracked, including a unique, secure hash value for all files to detect Trojan malware

Closed-Loop Intelligent Change Control technology automatically analyzes all changes to cut out the noise from patching updates and other known/planned changes, promoting clear focus on genuine security incidents

Support for all platforms and environments (Windows, Unix/Linux, Oracle and SQL Server Database systems and all network devices and appliances)

Choice of agentless or agent-based monitoring

CIS Certified Compliance/Hardening Reports - identify vulnerabilities using quick and simple reports, compete with detailed remediation guidance, then guarantee compliance going forwards with real-time, continuous monitoring

  • Includes Pre-defined FIM templates to get you up and running in no time, plus a comprehensive web GUI to allow you to be selective about folder and file types to be tracked or ignored
  • Side-by-Side, Before and After view of changes provided shows actual changes to file contents - ideal for tracking configuration files to provide a complete audit trail of change history. This can be applied to any form of files such as text, xml, javascript js, asp and asp.net aspx files for websites
  • For Windows systems, registry keys and values can be tracked, along with installed software and updates, security and audit policy, user accounts, service and process lists. This ensures full configuration control for security and compliance
  • Supports OVAL and SCAP checklist content for both compliance reporting and continuous monitoring of compliance that is both more efficient and more effective than traditional 'snapshot' vulnerability scanners
  • Non-Stop Host Intrusion Detection System operation so that if the worst case scenario arises and a breach succeeds, immediate alerts are provided to allow fast intervention before real damage is done