Security Operations & Monitoring

Combat Serious Threats to Your Network with Zartek Global USM™

The purpose of a Security Operations Center (SOC) is to identify, investigate, prioritize and resolve issues that could affect the security of a company’s information assets.

A well-developed and run SOC can put information at the fingertips of an organization and help identify when an attack starts, who is attacking, how the attack is being conducted, and what data or systems are being compromised.

Zartek Global USM delivers the power of an SOC out of the box with Security Operations Center tools and essential capabilities that allow you to:

  • Identify Which Assets You Need to Protect
  • Pinpoint Assets Vulnerable to Attack
  • Understand Techniques Used to Attack Your Assets
  • Recognize When a Breach Has Occurred
  • Determine What Actions Will Have the Most Impact on Your Security Posture

 

Identify Assets You Need to Protect

Having a deep understanding of all the assets on your network is critical to your ability to respond to and contain the most serious threats. Asset identification also enables you to prioritize and mitigate threats to critical systems, which is an essential component of an effective security operations center.

To perform asset discovery, Zartek Global USM comes with three automated approaches:

 

Passive Network Monitoring
Passively monitors the network traffic, hosts and installed software to identify the protocols and ports used in the captured traffic.

 

Active Network Scanning
Probes the network to elicit device responses for identification of machines and software installed.

 

Host-based Software Inventory
A host-based agent that provides deep endpoint visibility that can enumerate all software installed on the machine, not just the software that’s using the network.

 

Pinpoint Assets Vulnerable to Attack

Being able to pinpoint weaknesses in your IT environment will give you a better understanding of how your organization may be exploited during a breach.

A security operations center needs to run vulnerability assessment on a regular and on-going basis to ensure new vulnerabilities are discovered and responded to in a timely manner.

Zartek Global USM provides the following approaches to automate vulnerability assessment:

 

Active Network Scanning
Actively probes the network to elicit responses from hosts. This allows Zartek Global USM’s analysis engine to determine the configuration of the remote system and cross-reference with a database of known vulnerabilities.

 

Host-based Assessment
Using access to the file system of a host, Zartek Global USM’s analysis engine can perform a more accurate detection of vulnerabilities by inspecting the installed software and comparing with a list of known vulnerable software packages.

 

Understand Techniques Used to Attack Your Assets

Intrusion detection lies on the opposite end of the spectrum from vulnerability assessment. Whereas vulnerability assessment will help you discover vulnerabilities in your systems, intrusion detection is used to identify the attacks that are targeting those vulnerabilities.

Acting as a Virtual SOC, Zartek Global USM enables you to inspect traffic between devices, not just at the edge. It also leverages Open Threat Exchange™ (OTX) data combined with threat intelligence from our Zartek Global labs to identify tools, techniques and procedures being deployed by attackers – keeping you one step ahead.

 

Network Intrusion Detection System (NIDS)
Catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies.

 

Host Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)
Analyze system behavior and configuration status to detect potential security exposures such as system compromise, modification of critical files, rootkits and rogue processes.

 

Threat intelligence
The Zartek Global USM platform receives threat intelligence updates every 30 minutes, direct from the Zartek Global Labs threat research team. Zartek Global Labs acts as an extension to your IT team. They are constantly performing advanced research on current threats to develop updates to Zartek Global USM’s threat intelligence in the form of SIEM correlation rules, IDS signatures, response guidance, and more.

 

Recognize When a Breach Has Occurred

Despite the best efforts of companies, not all breaches are avoidable. However, in order to minimize the impact of a breach, you need to be able to recognize when one might have occurred on your network and know what to do next to minimize impact.

In a well run security operations center, having the tools and process in place to monitor and set baselines for system behavior allows you to quickly detect and respond to breaches.

Zartek Global USM provides the following capabilities:

 

Active Service Monitoring
Validates that services running on hosts are continuously available.

 

Netflow Analysis
Analyzes the protocols and bandwidth used by each device and alerts where behavior falls outside of the norm.

 

Network Traffic Capture
Captures the TCP/IP stream allowing for replay of activity to determine what happened during a breach.

 

Host IDS
Can detect new processes or abnormal resource usage on a host, which can indicate a compromise.

 

Determine What Actions Will Have the Most Impact on our Security Posture

When a variety of security technologies are deployed at scale, a security operations center can quickly become overwhelmed with a vast amount of data to analyze. This leads to questions like: What should be done first? What data needs further analysis? And where is my time best spent?

Evaluating each stream of data independently can be a poor use of your time. Instead, all data streams need to be considered as a whole with each adding further context to the other.

Zartek Global USM automates and simplifies the process of collating and correlating the vast amounts of data with its Security Information and Event Management (SIEM). The SIEM normalizes and analyzes data from disparate sources and correlates it together to present a complete picture of the incidents occurring in the overall system. This is presented in a centralized dashboard which is arranged into the following five categories of the Kill Chain Taxonomy.

  • System Compromise
  • Exploitation & Installation
  • Delivery & Attack
  • Reconnaissance & Probing
  • Environmental Awareness

Continuous Information Security Monitoring to Combat Continuous Threats

As threats continue to evolve and increase in volume and frequency, you can no longer rely on static information security monitoring. Rather, you need continuous security monitoring that provides a comprehensive view of your IT environment.

Continuous Information Security Monitoring can assist in:

  • Knowing who and what is connected to your network at all times
  • Identifying vulnerabilities rapidly
  • Reducing overall IT security risk
  • Meeting compliance demands

However, many enterprises lack the ability to leverage their existing IT security investments into a seamless process to obtain truly integrated continuous security monitoring.

Zartek Global USM™ comes fully integrated with a suite of continuous information security monitoring capabilities:

 

Service & Infrastructure Monitoring

  • Asset discovery
  • IP and hardware MAC address pairing for inventory and to detect MAC spoofing
  • Host-based software inventory
  • Continuous monitoring of services

 

Continuous Vulnerability Monitoring

  • Scheduling and customization
  • Extensive and dynamic vulnerability database
  • Continuous vulnerability monitoring
  • Active and passive network scanning

 

Always on Network Monitoring

  • Detect threats and activity with known malicious hosts
  • Baseline network behavior and spot suspicious activity
  • Know what’s connected to your network

 

Service & Infrastructure Monitoring

Continuous monitoring for security doesn’t necessarily mean that you need to monitor all things at all times. Rather, it means that you need to know the status of key services across your infrastructure to determine the health of critical systems.

Before you can do this though, you first need to determine which systems are the most important to the business. Once you determine that, you need to establish what information security-related services or protocols you need to monitor on a continuous basis.

Zartek Global USM provides built-in asset discovery to determine what’s on your network at any given time as well as built-in continuous monitoring of services run by critical systems. You can use active or passive network scanning to determine what is on your network. On a periodic basis, or on-demand, Zartek Global USM probes the device to confirm that the service is still running and available.

 

Continuous Vulnerability Monitoring

Vulnerability management is an ongoing process, therefore by its very nature an essential part of any information security continuous monitoring initiative.

However, frequent vulnerability scanning can impact your production systems. Additionally, the output from the scans can generate extensive lists of vulnerabilities that you need to triage and prioritize.

Zartek Global USM can address both of these concerns. Continuous vulnerability monitoring, also known as passive vulnerability detection, means Zartek Global USM correlates the data gathered by its asset discovery scans with known vulnerability information. This provides continual vulnerability information without the overhead of network noise and system impact.

Zartek Global USM also helps prioritize remediation with multiple technologies to complement vulnerability scanning such as Host and Network IDS (Intrusion Detection Systems), NetFlow and SIEM (Security Information and Event Management). This gives you visibility where a vulnerable asset is actually exposed to threats – allowing you to focus on the most important issues first.

  • Scan and monitor for new vulnerabilities continuously
  • Detect the latest threats with continuous threat intelligence
  • Gain complete security visibility and threat detection
  • Authenticated and unauthenticated scanning

 

Always on Network Monitoring

The IT landscape of today is very different from what it was several years ago. Traditional perimeter and endpoint monitoring alone is no longer sufficient, which is why it is important to continuously monitor the network in order to better understand what activity is occurring and uncovering threats before they materialize.

Zartek Global USM’s Network Flow Analysis provides the high level trends related to what protocols are used, which hosts use the protocol and the bandwidth usage. This allows for continuous monitoring and gives you a picture of what is happening across your network at any given time.

In addition to this, Network Protocol Analysis and Packet Capture allows you to undertake detailed analysis of activities that transpired and fully replay events that led up to an incident. Always on – always monitoring.

Zartek Global Unified Security Management™ (USM) is an all-in-one platform for complete network security monitoring and intrusion detection. You can deploy USM in less than one hour and get actionable insights within minutes of installation.

  • Know what’s connected to your network
  • Identify vulnerable systems and how to remediate
  • Detect threats and activity with known malicious hosts
  • Baseline network behavior and spot suspicious activity
  • Investigate incidents with automatically correlated data
  • Determine what to do next with step-by-step guidance

 

Zartek Global Unified Security Management

Complete security visibility and threat intelligence in a single pane of glass

Get all of the essential security capabilities you need in one Zartek Global Unified Security Management platform, coordinated to work together “out of the box.” It’s the fastest, easiest way to get a complete picture of your network’s security status, with actionable threat intelligence to respond to threats and vulnerabilities quickly.

 

5 Essential Security Capabilities – All in One Console

Asset Discovery

Know what’s connected to your network.

  • Active network scanning
  • Passive network monitoring
  • Asset inventory

 

Vulnerability Assessment

Find, verify, and remediate vulnerabilities.

  • Network vulnerability testing
  • Continuous vulnerability monitoring

 

Intrusion Detection

Catch threats anywhere within your network.

  • Network IDS
  • Host IDS
  • File integrity monitoring

 

Behavioral Monitoring

Baseline “normal behavior” and spot suspicious activity.

  • Log Collection
  • Netflow analysis
  • Service availability monitoring
  • Full packet capture

 

SIEM

Automate event correlation and get full threat context.

  • SIEM Correlation
  • Incident response guidance
  • Reporting and alarms

 

Asset Discovery

Discover, inventory, and start monitoring your network in minutes

In order to secure your network, first you need to know what you have to protect. You need a simple, reliable way to know what’s connected to your network and the information required to make sense of the activities occurring on, and from, your assets suspected to be compromised.

Zartek Global USM™ provides built-in asset discovery to:

  • Determine what’s on your network at any given time
  • Know when new servers and endpoints are attached
  • Be certain of how your devices are configured
  • Correlate asset info with threat and vulnerability data
  • Accelerate investigations of impacted assets

With USM, you get three core discovery and inventory technologies for full visibility into the devices that show up on your network.

 

Passive Network Monitoring

USM can identify hosts on the network and their installed software packages by passively monitoring and inspecting the traffic. Information collected includes:

  • IP and hardware MAC address pairings, used for inventorying
  • and to detect MAC spoofing
  • IP header analysis to identify operating systems and running software packages
  • TCP/IP traffic analysis for OS fingerprinting and basic network topography

 

Active Network Scanning

USM can also gently probe the network to coax responses from devices. These responses provide clues that help identify the device, the OS, running services, and the software installed on it. It can often identify the software vendor and version without having to send any credentials to the host.

 

Vulnerability Assessment

Find, verify, prioritize, and fix your network security risk quickly

The more you remove known vulnerabilities the more work attackers have to expend to successfully breach it. Save time improving your security posture by having Zartek Global USM kick off scans, report, and contain all the information you need to assess and remediate vulnerabilities quickly.

Zartek Global USM provides built-in vulnerability assessment to:

  • Correlate asset info with vulnerabilities and threats
  • Prioritize vulnerabilities based on risk severity
  • Conduct false-positive analysis
  • See vulnerability info and how to remediate it
  • Keep your scans up to date on new vulnerabilities

With USM, you get a fast, effective way to expose your network’s vulnerabilities now and the means for continuously identifying insecure configurations, along with unpatched and unsupported software over time. You can mix and match the following features as needed.

 

Active Network Scanning

Actively probes hosts using carefully crafted network traffic to illicit a response. This can be viewed as “poking” for suspected vulnerabilities in IT assets.

 

Continuous Vulnerability Monitoring

Also known as passive vulnerability detection, USM correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides valuable vulnerability information while minimizing network noise and system impact.

 

Unauthenticated Scanning

Conducts scans without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software.

 

Authenticated Scanning

Conducts scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration

 

Intrusion Detection

Catch threats anywhere within your network

Attacks aren’t all or nothing – they happen in multiple steps, so you want to detect them early and stop attackers in their tracks. Catching and responding to threats early requires that you gather a variety of threat vectors to know who, what, where, when and how of attacks.

Zartek Global USM provides built-in intrusion detection to:

  • Provide network and host-based IDS
  • Correlate threat data with vulnerability and asset info
  • Determine and investigate impacted systems
  • Detect network activity with known malicious hosts
  • Catch new threats with continuous threat intelligence

With USM, you get asset discovery and vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM (log management, event correlation, analysis and reporting) to get the complete view you need to effectively monitor the security of your network. Combining these different views, allows you to cut through the noise and see the information that really matters.

 

Network Intrusion Detection (IDS)

Built-in intrusion detection software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables you to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.

 

Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)

Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:

  • System compromise
  • Modification of critical configuration files (e.g. registry settings, /etc/passwd)
  • Common rootkits
  • Rogue processes

 

Behavioral Monitoring

Baseline network behavior and spot suspicious activity

In order to catch the latest threats, you need a way to identify anomalies and other patterns that may signal new, unknown behavior. Behavioral monitoring enables you to spot and investigate suspicious network activity, as well as provides the traffic data required to reveal the events that occurred in a potential security breach.

Zartek Global USM provides built-in behavioral monitoring to:

  • Identify protocols and baseline “normal behavior”
  • Spot anomalies, policy violations, and suspicious activity
  • Monitor system services and detect unexpected outages
  • Conduct full protocol analysis on network traffic

With Zartek Global USM, you get multi-layered network security monitoring to detect known threats, catch network activity with known malicious hosts, and spot suspicious activity that could signal a new, unknown threat.

 

Service and Infrastructure Monitoring

Provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.

 

Network Flow Analysis

Performs network behavior analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.

 

Network Protocol Analysis / Packet Capture

Allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.

 

SIEM

Automate correlation, get threat context, and know what to do next

During security incidents and investigations, you need to get to “whodunit” as quickly as possible. This can be complicated when mountains of security-relevant data are continuously being produced. By automating the correlation of real-time events you can gather all of the puzzle pieces in a single view.

Zartek Global USM provides built-in SIEM to:

  • Offer 2,000 correlation directives out of the box
  • Cross-correlate asset, threat, and vulnerability data
  • Calculate security risk and prioritize investigation
  • Use a single pane of glass for investigations
  • Determine appropriate response for every alarm

With USM, you get the complete picture for every incident and built-in guidance provided by the Zartek Global Labs security research team. When you’re network is under attack you’ll have all the security-related information you need in one place to see what happened and what to do about it.

 

SIEM in Action (an example):

  • A port scan is detected by your firewall and an alarm is generated in the USM console.
  • In the USM console, the source address of the scan is correlated with the destination address of an SSH session from an internal host. A lookup in USM’s asset inventory automatically identifies the risk profile of the internal host and determines that the host is critical to business operations. This identifies it as a critical security incident.
  • From within the USM console, the compromised host is scanned for other vulnerabilities and it is found to be missing a critical security patch.
  • A ticket is generated within the USM console to patch the compromised host. The compromised host is patched and returned to service.
  • A complete forensic analysis for the past 30 days is run for the compromised host from the USM console to determine if additional corrective action is required.
  • The incident is automatically reported to the Zartek Global Open Threat Exchange™ which is monitored by Zartek Global Labs so that it can be synthesized and reported to other Zartek Global installations. The entire community is then aware and protected from a similar exploit. Note: this step is optional, as you must opt-in to join the Open Threat Exchange™.

 

Cross-Correlation in Action

For IDS-generated events, which by themselves can be quite noisy, USM does a lookup from the console to see what vulnerabilities that attack needs for the exploit to be successful. Then USM does an asset lookup to see if the asset is actually vulnerable and to determine the risk profile of the asset. All of this data is then correlated so that you are able to focus in on the information that really matters most.

 

Incident Response Guidance in Action

An alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about:

  • The internal host such as owner, network segment, and software that is installed
  • The network protocol in use and specific risks associated with it
  • The external host and what exploits it has executed in the past
  • The importance of identifying potential C&C (command and control) traffic
  • Specific actions to take for further investigation and threat containment – and why you should take them

Monitor Security Events and Stay on Top of What’s Important

Every system in your IT enterprise generates a security event of some type. This can be very useful as it maintains a historical record of events that have happened and statuses of systems in a time sequential format as well as recording activity on the network.

Security events can assist in:

  • Determining what happened
  • Intrusion detection
  • Incident containment
  • Forensic analysis
  • Real-time alerts of malicious activity
  • Understanding attacker intent
  • And more

However, the amount of data generated can be overwhelming and without an effective security event management system, you could be missing critical events.

Knowing which activities and systems to monitor and when is key to filtering and locating the needle in the haystack of event data that could be the cause of a security breach.

Zartek Global USM™ delivers essential security event management and monitoring capabilities:

 

Centralized Security Alerts

  • Automatic event correlation
  • Easily configure monitoring for all critical assets
  • Monitored security events arranged by kill chain methodology to give you context into actions

 

Actionable Intelligence

  • Identify patterns of known malicious activity
  • Host and network intrusion detection
  • Behavioural monitoring
  • Powered by Open Threat Exchange™, the world’s largest open threat intelligence community

 

Compliance

  • Report templates for PCI-DSS, ISO 27002, HIPAA and more
  • Role-based access control for customized views
  • Visibility into which users are violating policy

 

Centralized Security Alerts

One of the best first steps in effectively monitoring and managing security events is to collect and correlate logs from across systems, applications and network devices. Within these logs lies an audit trail of who has done what, where, when and why.

However, monitoring events from disparate systems can be a huge challenge. These logs contain an enormous amount of information and identifying anomalies can be difficult.

Zartek Global USM takes the guesswork out of security event management by analysing and correlating security events across all systems and builds all the monitoring and security event management capabilities you need into a centralized dashboard which is arranged using the Kill Chain Taxonomy. This allows you to focus on the most pressing events.

It breaks out events into five categories that help you to understand security events intent and severity, based on how they’re interacting in your environment.

  • System Compromise
  • Exploitation & Installation
  • Delivery & Attack
  • Reconnaissance & Probing
  • Environmental Awareness

 

Turn Security Events Into Actionable Intelligence with Event Correlation

Being able to monitor and collect security events across disparate systems is just half the challenge. The ability to find connections between seemingly unrelated events is critical. In order to do this, correlation rules need to be built in order to monitor and identify particular patterns of security events.

But building these correlation rules for both internal and external threats can be a time-consuming and resource intensive task.

Zartek Global USM automatically monitors, analyses and correlates events from hundreds of sources to detect security events across systems, applications and network devices.

USM ships with over 2,000 pre-defined correlation directives so you don’t have to spend hours monitoring your systems and identifying relevant security events to create your own.

Continuous updates from Zartek Global Labs include new correlation directives, threat indicators and remediation guidance.

 

Compliant Security Event Management

Compliance isn’t a one-time event, rather a system of processes that need to be continually enforced. Although specific requirements for monitoring and security event management vary from one standard to the next, Zartek Global USM can help you quickly achieve compliance with all the essential security capabilities you need in a single console.

Compliance benefits with USM include:

  • Flexible reporting and dashboards
  • Report templates for PCI-DSS, ISO 27002, HIPAA and more
  • Role-based access control for customized views
  • Visibility into which users are violating policy
  • Privileged user monitoring
  • Monitoring for disruptions & intrusions using network traffic and file integrity monitoring

Accelerated Incident Response and Threat Management

Zartek Global Unified Security Management™ (USM) helps you achieve coordinated threat detection, incident response and threat management with built-in essential security capabilities, integrated threat intelligence from Zartek Global Labs, and seamless workflow for rapid remediation. Consolidating threat detection capabilities like network IDS and host IDS with granular asset information, continuous vulnerability assessment, and behavioral monitoring provides you with the complete view you need for effective response.

 

Day One Results

Deploy Zartek Global USM™ and see actionable threat insights on day one.
With Zartek Global USM for incident response and threat management, you can quickly:

  • Identify, isolate, and investigate indicators of compromise (IOCs) before damage can occur
  • Correlate security events with built-in vulnerability scan data and Zartek Global Labs Threat Intelligence to prioritize response efforts
  • Gain essential insight into attackers’ intent as well as techniques
  • Respond to emerging threats with detailed, context-specific “how to” guidance for each alert
  • Validate that existing security controls are functioning as expected
  • Demonstrate to auditors and management that your incident response program is robust and reliable

 

Visualize and Map Threats

Intelligent Threat Management
with Kill Chain Taxonomy

With the constantly evolving nature of most threats, it can be difficult to address every incident and alert that occurs in your environment. Effective incident response requires successful threat management and prioritization. However, standard methods of prioritization are very time consuming and flawed.

Zartek Global USM uses a Kill Chain Taxonomy to make threat management and prioritization easy. The Kill Chain Taxonomy approach allows you to focus your attention on the most important threats by breaking attacks out into five threat categories, from highest to lowest. This shows you attack intent and threat severity, and provides you with the detailed contextual threat information you need to help you understand how they’re interacting with your network.

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

 

Utilize Threat Intelligence from Zartek Global Labs directly in USM

Without dynamic threat intelligence aggregated from across the world, any threat management program remains woefully incomplete – without focus or prioritization. Organizations need to understand WHO the bad actors are, WHERE threats may reside within your network, WHAT to focus on, and HOW to respond when threats are detected.

Automated threat intelligence updates from Zartek Global Labs enables Zartek Global USM customers to identify key IOEs (Indicators of Exploit) and IOCs (Indicators of Compromise) such as:

  • Command and control activity (C&C traffic)
  • Suspicious system activity, which could connote system compromise
  • Unauthorized access attempts by authorized user accounts
  • Escalation of privilege for specific user accounts
  • Abnormal network flows and protocol usage
  • Malware infections (botnets, Trojans, rootkits, and more)

Additionally, thanks to our built-in event correlation rules, you can detect specific sequences of any of the above indicators to capture advanced persistent threats (APTs) and low-and-slow attacks missed by the point solution vendors.

Know When Users Are Attaching External Devices to Sensitive Systems

Best practices, industry guidelines, and regulatory requirements in environments with highly controlled data require the ability to detect the attachment of an external device to a system’s USB port. These devices include thumb drives or external storage drives, which insiders can use to physically exfiltrate data to circumvent data leak prevention technologies on your network.

Whether you are protecting cardholder data, electronic health records, classified data or other types of confidential information, you need to know if there is potential for insider abuse.

USB port monitoring is a critical component of your security strategy to reduce the insider threat.

Zartek Global USM delivers essential threat detection and compliance capabilities to detect suspicious or malicious behavior of authorized users:

 

USB Monitoring

Insiders who wish to exfiltrate data from your network will often attach a thumb drive or external storage device to a USB port.

According to the 2016 Verizon Data Breach Report, unauthorized hardware was the third most common form of insider and privilege misuse, and USB devices were the most common method for stealing data.

Insiders can use removable storage devices to avoid detection by network monitoring or data leak prevention technologies. These devices are an easy and effective way to remove gigabytes of data without triggering your network-based technologies.

USM will alert you whenever a user inserts a device into a USB port on a system you’re monitoring. USM delivers essential awareness to detect potentially unauthorized activity that can lead to data theft.

 

Host Intrusion Detection System (HIDS)

Host intrusion detection gives you the visibility you need into the status of critical systems and services on individual hosts to detect malicious activity by insiders. This activity includes privilege escalations, modification of configuration files, and attempts to access to in-scope systems and data.

In addition to providing USB device monitoring, Zartek Global USM can alert you to malicious activity before you suffer data loss. Because you install Host IDS on individual systems, Zartek Global HIDS is able to examine operating system log files to detect any changes to system files and software.

Zartek Global HIDS is also able to detect the installation of rootkits, ransomware, and other malware on your critical servers and workstations. It is an essential component to helping you meet compliance requirements for system monitoring, such as for PCI DSS, GPG13, or HIPAA/HITECH.

 

Continuous Compliance Management

Compliance management is extremely complex. To simplify your compliance efforts, you need to be able to consolidate and automate your critical security controls.

The Zartek Global USM platform delivers a single solution that automatically identifies audit events, generates alarms on those events that require immediate attention, and provides reports that satisfy your auditor. Regardless of the specific compliance requirements or guidelines, Zartek Global USM offers you a complete solution to help you demonstrate compliance by continuously monitoring your network and devices.

The USM platform builds in essential capabilities for compliance management: Asset Discovery, Vulnerability Assessment, Host and Network Intrusion Detection, File Integrity Monitoring (FIM) and Security Information and Event Management (SIEM), all in a single platform and managed from a single console. The regularly updated threat intelligence delivered by Zartek Global Labs eliminates the need for you to spend precious time conducting your own research on emerging threats, instrumenting your security controls, or creating your own correlation directives.

Zartek Global USM quickly delivers the insight you need to understand the location and compliance status of critical assets, and changes to access privileges, files, and services on those assets. The Zartek Global USM platform offers an extensive library of customizable reports for documenting your compliance.

The Zartek Global USM platform puts up-to-the-minute security and threat information about systems, data, and users at your fingertips, giving you complete security visibility and provides you with a unified threat detection and compliance management solution that is both easy-to-use and affordable.