ClearSkies NG Endpoint Agent

ClearSkies™ NG Endpoint is a lightweight Agent which helps you meet compliance requirements and facilitates real-time visibility, alerting and event management of your on-premises and cloud critical servers’ environments.

A key component of ClearSkies™ NG Endpoint Agent is the central administration and management through the ClearSkies™ NG Secure Web Portal, which simplifies the configuration, reporting, updating and control of large and/or distributed number of Agents deployed on your critical servers.

Considering the varying sizes, needs, complexity, internal capabilities, budget constraints and cybersecurity management maturity levels of different organizations, ClearSkies™ NG Endpoint Agent is offered in two different versions: Standard and Enterprise.

Enterprise Agent
The Enterprise ClearSkies™ NG Endpoint Agent complements the early detection and response to suspicious/malicious activity and/or abnormal behavior on critical endpoint and servers by combining File Integrity Monitoring (FIM) and other vital security capabilities such as Malware, Zero-Day and Advanced Persistence Threats (APTs) detection. These capabilities provide real-time visibility of your security posture and help you meet regulatory compliance requirements, such as PCI DSS Requirements 10.5.5 and 11.5 for your on-premises, cloud, or both in hybrid server environments. Compliance criteria found under PCI, ISO 27001, SWIFT, HIPAA and FISMA related to FIM are linked to the “Compliance–ServiceModule” for helping you validate compliance requirements in an efficient and cost-effective manner. These are vital aspects for protecting the availability and integrity of sensitive data files found on your critical endpoints and servers.

File Integrity Monitoring (FIM)
File Integrity Monitoring tracks privileged user’s activity and alerts on changes to sensitive/critical files/folders by account name and/or process, when these files and/or folders are Accessed, Created, Viewed, Modified or Deleted.
Track Content Modifications: File content modifications on supported file formats can be viewed and compared side by side to see what was added, deleted, or modified.

Malware and APTs Detection
In general, Malware and APTs usually modify and/or access existing running processes and key system configuration files, or create new ones. To detect such activity, the Agent constantly monitors the integrity of these files/folders and running processes for any changes with the use of MD5 checksum comparison. Furthermore, log data generated is constantly correlated in real time and combined with evidence-based knowledge of emerging threats and vulnerabilities.

Policy enforcement
The Agent can be configured to exclude monitoring certain applications that update their files continuously to avoid generating false alerts. Installation of vendor-specific recommended and security updates on your critical endpoints and servers can be configured to be performed within a predefined date/time window, by a trusted source to avoid raising false alerts.

Where to Implement
The Agent should be deployed on critical endpoints and servers to monitor the integrity of configuration files, key system files, critical files/folders and running process.

How it Works (Who has done What from Where and When)
The Agent is constantly monitoring policy violations, configuration files, key system files, critical files/folders and running process in order to detect unauthorized access/modifications or potential system compromise. Upon detecting such activity, an alert is triggered in the ClearSkies™ Secure Web Portal providing detailed audit trail information for changes made regarding this event, including suspicious running processes and/or “Who has done What from Where and When” for further investigation, including:

  • Validation that these changes were authorized or expected
  • Assessment that this event did not impact the security and integrity of these critical endpoints and servers

Alerts which have been determined to impose a threat could be escalated to incident status by invoking the “Incident Management & Escalation Channels” – built-in process within the ClearSkies™ Secure Web Portal.

Standard Agent
The Standard ClearSkies™ NG Endpoint Agent provides real-time visibility for the early detection of suspicious/malicious activity and/or abnormal behavior on critical endpoint and servers, by collecting and analyzing operating system and application-related log data in real time.

Where to Implement
The Agent should be deployed on all endpoints and servers running critical applications and/or processes where real-time visibility is required.

How it Works
The Agent constantly analyses log data generated from endpoints and servers for detecting suspicious/malicious activity and/or abnormal behaviour. Upon detecting such activity, an alert is triggered within the ClearSkies™ NG Secure Web Portal and Mobile App providing detailed information regarding this event and what might have caused it. Alerts which have been determined to impose a threat could be escalated to incident status by invoking the “Incident Management & Escalation Channels” built-in process within the ClearSkies™ NG Secure Web Portal.

Features and Benefits of ClearSkies™ NG Endpoint Agent

Features

  • Meet and validate regulatory compliance
  • Early detection and response to Malware, Zero-Day and Advanced Persistence Threats (APTs)
  • Comprehensive File Integrity Monitoring
  • Central Administration and Management
  • Vendor specific recommended security updates can be configured to be performed within a predefined date/time window

Benefits

  • Helps you demonstrate compliance with PCI, ISO 27001, GDPR, HIPAA and FISMA
  • Provides real-time visibility of your security posture
  • Tracks privileged user’s activity and reports who has Accessed, Created, Viewed, Modified or Deleted sensitive/critical files/folders.
  • Simplifies configuration, reporting, alerting, and Management
  • Avoid dealing with false alerts

What's new

22 Jan15:48pm

SWIFT ‘Customer Security Controls Framework’

Did you know that the SWIFT ‘Customer Security Controls Framework’ is in effect since January 1st, 2018?   The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has enforced a set of security controls for all its member banks across 200 countries in a historic push against cybercrime, in light of recent cyberattacks against financial institutions. more

11 Dec14:05pm

ClearSkies™ Version 5.7

In keeping with our principle “to fulfil our clients’ needs and exceed their expectations”, we are continuously revamping our platform with new innovative features and enhancements. Such features and enhancements are a testament of our pioneering role in the uncharted territory of Big Data Security Analytics. What’s New in v5.7 Three major features are introduced more

Go to News