Compliance

Most operating systems and network devices include complete functionality for capturing security events, but provide little or nothing in the way of analysis, archiving, and real-time monitoring capabilities.

Cryptic event descriptions compound the problem, as does the fact that each managed device maintains a separate security log. Yet to comply with the Security Standards rule in today's networked business environment, it is essential to track security activity and to respond immediately to intrusion attempts. 

netPrefect™ monitors both In-Band and Out-of-Band access to managed devices, collecting user access and security information in real time, and using netPrefect's token replacement feature, unintelligible ASCII text messages can be transformed into meaningful events with appropriate additional contextual information.

netPrefect™ uses advanced algorithms to filter out the background noise, and create events based on simple-to-create rules and pattern matching, which eliminates false positives in the alert process.

With netPrefect™, administrators can enable auditing on selected files for specific types of access. This is most useful for monitoring how users are accessing documents, such as Microsoft Excel and Microsoft Word files. However, this type of auditing can also be used to monitor for such things as changes to folders that contain executables, or unauthorized attempts to access database files. Administrators can audit failed or successful attempts to open a given file or folder for read, write, delete, and other types of access (to monitor changes to an object, enable auditing for successful writes. To monitor users who try to read files they aren't authorized to read, enable auditing for failed reads).

In addition to event logging, netPrefect™ creates a separate log for every system or device under management, in a single log-file repository. This log information includes datestamps, system name, and the ASCII text that was collected by the netPrefect™ server. netPrefect™ can be configured to save a specific number of log entries, or amount of data collected. All of this log data can also be exported in XML or .csv format so that it can be used for reporting purposes, with third party applications. It is recommended that administrators have a comprehensive back-up strategy in place that allows for long-term data availability in the event that it is required for audit trail purposes.

netPrefect™ maintains a comprehensive log of events by severity, system, and frequency. This event log can be viewed in real-time, using the netPrefect™ GUI, and a simple to understand dashboard is available to show up to the minute accounting of all security events.

The netPrefect™ rules wizard makes it simple to create reusable rules, which filter console data and trigger events when specific criteria is met, or patterns matched. These rules can be applied to multiple systems, or system groups, reducing the amount of time required to configure the system, and also ensuring that the same security standards are applied to all systems, across the entire enterprise.

One of the problems inherent in most security logging is a lack of administrator accountability. Although most systems record administrator activity (e.g. account maintenance, privilege use), the Security log itself is always vulnerable to an administrator who decides to clear the log, disable auditing, or shut down the system, and tamper directly with the log file, by booting from a floppy disk. netPrefect™ can address those problems, and enforce accountability, by simply creating events that recognize log clearing and audit policy changes as critical events, and triggers the appropriate notification and response.