ClearSkies™ NG Endpoint is a lightweight Agent which helps you meet compliance requirements and facilitates real-time visibility, alerting and event management of your on-premises and cloud critical servers’ environments.
A key component of ClearSkies™ NG Endpoint Agent is the central administration and management through the ClearSkies™ Secure Web Portal, which simplifies the configuration, reporting, updating and control of large and/or distributed number of Agents deployed on your critical servers.
Considering the varying sizes, needs, complexity, internal capabilities, budget constraints and cybersecurity management maturity levels of different organizations, ClearSkies™ NG Endpoint Agent is offered in two different versions: Standard and Enterprise.
ClearSkies™ NG Endpoint Agent
Strengthen your security posture with
FIM capabilities while achieving and
validating regulatory compliance
The Enterprise ClearSkies™ NG Endpoint Agent complements the early detection and response to suspicious/malicious activity and/or abnormal behavior on critical endpoint and servers by combining File Integrity Monitoring (FIM) and other vital security capabilities such as Malware, Zero-Day and Advanced Persistence Threats (APTs) detection. These capabilities provide real-time visibility of your security posture and help you meet regulatory compliance requirements, such as PCI DSS Requirements 10.5.5 and 11.5 for your on-premises, cloud, or both in hybrid server environments. Compliance criteria found under PCI, ISO 27001, SWIFT, HIPAA and FISMA related to FIM are linked to the “Compliance–ServiceModule” for helping you validate compliance requirements in an efficient and cost-effective manner. These are vital aspects for protecting the availability and integrity of sensitive data files found on your critical endpoints and servers.
File Integrity Monitoring (FIM)
File Integrity Monitoring tracks privileged user’s activity and alerts on changes to sensitive/critical files/folders by account name and/or process, when these files and/or folders are Accessed, Created, Viewed, Modified or Deleted.
Track Content Modifications: File content modifications on supported file formats can be viewed and compared side by side to see what was added, deleted, or modified.
Malware and APTs Detection
In general, Malware and APTs usually modify and/or access existing running processes and key system configuration files, or create new ones. To detect such activity, the Agent constantly monitors the integrity of these files/folders and running processes for any changes with the use of MD5 checksum comparison. Furthermore, log data generated is constantly correlated in real time and combined with evidence-based knowledge of emerging threats and vulnerabilities.
The Agent can be configured to exclude monitoring certain applications that update their files continuously to avoid generating false alerts. Installation of vendor-specific recommended and security updates on your critical endpoints and servers can be configured to be performed within a predefined date/time window, by a trusted source to avoid raising false alerts.
Where to Implement
The Agent should be deployed on critical endpoints and servers to monitor the integrity of configuration files, key system files, critical files/folders and running process.
How it Works (Who has done What from Where and When)
The Agent is constantly monitoring policy violations, configuration files, key system files, critical files/folders and running process in order to detect unauthorized access/modifications or potential system compromise. Upon detecting such activity, an alert is triggered in the ClearSkies™ Secure Web Portal providing detailed audit trail information for changes made regarding this event, including suspicious running processes and/or “Who has done What from Where and When” for further investigation, including:
Alerts which have been determined to impose a threat could be escalated to incident status by invoking the “Incident Management & Escalation Channels” – built-in process within the ClearSkies™ Secure Web Portal.
The Standard ClearSkies™ NG Endpoint Agent provides real-time visibility for the early detection of suspicious/malicious activity and/or abnormal behavior on critical endpoint and servers, by collecting and analyzing operating system and application-related log data in real time.
Where to Implement
The Agent should be deployed on all endpoints and servers running critical applications and/or processes where real-time visibility is required.
How it Works
The Agent constantly analyses log data generated from endpoints and servers for detecting suspicious/malicious activity and/or abnormal behaviour. Upon detecting such activity, an alert is triggered within the ClearSkies™ NG Secure Web Portal and Mobile App providing detailed information regarding this event and what might have caused it. Alerts which have been determined to impose a threat could be escalated to incident status by invoking the “Incident Management & Escalation Channels” built-in process within the ClearSkies™ NG Secure Web Portal.
Odyssey to participate in the ‘Saudi National Security & Risk Prevention Expo (SNSR)’ in November 2018 Odyssey will be participating in the ‘Saudi National Security & Risk Prevention Expo (SNSR)’ as a valued exhibitor and contributor recognized for its expertise in cybersecurity and its provision of innovative services and solutions. As an ‘Information Security & more
Did you know that the SWIFT ‘Customer Security Controls Framework’ is in effect since January 1st, 2018? The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has enforced a set of security controls for all its member banks across 200 countries in a historic push against cybercrime, in light of recent cyberattacks against financial institutions. more