Cyber Hawk makes a daily sweep of your entire network looking for specific types of critical changes that you should check for potential security issues going on inside the networks you manage. Set the time for the daily scan and Cyber Hawk reports back with an alert sent to any email address you specify, including your own ticketing system. The daily alerts aggregate the issues that were detected during the past 24 hours and can be sorted either by potential impact (high, medium and low) of the change, or by the type of change.
There are dozens of change alerts that can be trigged by unauthorized access to your system, honest but dangerous configuration mistakes, or suspicious end-user behaviors — the kinds of potential threats that vulnreability scanning along can’t catch. Here’s a sample:
Category
Change Alert
Wireless
New connection to unauthorized wireless access point
Access Control
New profile (Business Owner’s computer)
Computers
New application installed on locked down system
Computers
New removable drive added to locked down system
Access Control
New administrative rights granted
Access Control
New unauthorized access to IT restricted computer
Network Security
New device on restricted network
Access Control
New unauthorized access to accounting computer
Access Control
New unauthorized access to CDE
Access Control
New unauthorized access to ePHI
Access Control
New unauthorized printer on network
Access Control
New suspicious user logons by single desktop user
Computers
Internet access changed from restricted to not enforced
Computers
Critical patches no longer applied timely on DMZ computer
Computers
Critical patches no longer applied timely
Access Control
New profile added
Access Control
New user added
Access Control
New unusual logon to computer by user
Access Control
New unusual logon time by user
Network Security
New High Severity Internal Vulnerability (with VulScan)
Network Security
New Medium Severity Internal Vulnerability (with VulScan
Access Control
Local User Admin User Added
Even though Cyber Hawk sends you change alerts on a daily basis on any potential threat it finds, once a week it also will send you a tight summary of all changes to the network that were made during the prior week. This gives you a quick at-a-glance summary of changes that didn’t trigger a alert but still might be worth a quick review.
Changes included in Cyber Hawk’s weekly report fall into the following objects with associated risks:
Object
Risk Associated With Change in Object
Wireless Networks
It’s not enough to train people to connect to safe and approve wireless network. To reduce risk you want to detect when they are not.
Network Devices
The addition or removal of network devices without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk.
Domain Users
Users may be elevated to Domain Admin without your knowledge, either by accident or through access breach. Alerts on this type of change should always be reviewed and action should be taken immediately if the change was unauthorized.
Computers
The addition or removal of computers without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk.
Printers
The addition or removal of printers without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk.
DNS
Changes in DNS are indicators that someone may be attaching a device to the network or making potentially harmful changes that may results in security issues or availability issues.
Switch Port Connections
Changes in Switch Port Connections are indicators that someone may be attaching a device to the network, detected by inspecting what is plugged into each switch and comparing to the last connection.
Local Users
The addition or removal of local users can lead to stealth ID and backdoors that could lead to security issues in the future. A single user might be an administrator on their own computer and adding/removing local user accounts.
New Internal Vulnerability
Changes in the set of vulnerabilities should always be evaluated and monitored (available with VulScan Integration).
Add Internal Vulnerability Scan Results To Your Alerts & Reports
When you add VulScan to your layered approach to risk management, Cyber Hawk will automatically access the latest VulScan internal vulnerability scan results and seemlessly incorporate the discovered vulnerabilities into a single, unified Change Detection and Management system.
LET US SHOW YOU HOW IT WORKS!
Want to learn more or get pricing? Use the GET A QUOTE. If you’re ready for a customized one-on-one demo, use the REQUEST DEMO button below.
