Cyber Hawk

Change Alerting

Add Another Layer of Risk Management

With Daily Critical Network Change Alerts

Cyber Hawk makes a daily sweep of your entire network looking for specific types of critical changes that you should check for potential security issues going on inside the networks you manage. Set the time for the daily scan and Cyber Hawk reports back with an alert sent to any email address you specify, including your own ticketing system. The daily alerts aggregate the issues that were detected during the past 24 hours and can be sorted either by potential impact (high, medium and low) of the change, or by the type of change.

There are dozens of change alerts that can be trigged by unauthorized access to your system, honest but dangerous configuration mistakes, or suspicious end-user behaviors — the kinds of potential threats that vulnreability scanning along can't catch. Here's a sample:

CategoryChange Alert
WirelessNew connection to unauthorized wireless access point
Access ControlNew profile (Business Owner's computer)
ComputersNew application installed on locked down system
ComputersNew removable drive added to locked down system
Access ControlNew administrative rights granted
Access ControlNew unauthorized access to IT restricted computer
Network SecurityNew device on restricted network
Access ControlNew unauthorized access to accounting computer
Access ControlNew unauthorized access to CDE
Access ControlNew unauthorized access to ePHI
Access ControlNew unauthorized printer on network
Access ControlNew suspicious user logons by single desktop user
ComputersInternet access changed from restricted to not enforced
ComputersCritical patches no longer applied timely on DMZ computer
ComputersCritical patches no longer applied timely
Access ControlNew profile added
Access ControlNew user added
Access ControlNew unusual logon to computer by user
Access ControlNew unusual logon time by user
Network SecurityNew High Severity Internal Vulnerability (with VulScan)
Network SecurityNew Medium Severity Internal Vulnerability (with VulScan
Access ControlLocal User Admin User Added

Even though Cyber Hawk sends you change alerts on a daily basis on any potential threat it finds, once a week it also will send you a tight summary of all changes to the network that were made during the prior week. This gives you a quick at-a-glance summary of changes that didn't trigger a alert but still might be worth a quick review.

Changes included in Cyber Hawk's weekly report fall into the following objects with associated risks:

ObjectRisk Associated With Change in Object
Wireless NetworksIt's not enough to train people to connect to safe and approve wireless network. To reduce risk you want to detect when they are not.
Network DevicesThe addition or removal of network devices without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk.
Domain UsersUsers may be elevated to Domain Admin without your knowledge, either by accident or through access breach. Alerts on this type of change should always be reviewed and action should be taken immediately if the change was unauthorized.
ComputersThe addition or removal of computers without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk.
PrintersThe addition or removal of printers without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk.
DNSChanges in DNS are indicators that someone may be attaching a device to the network or making potentially harmful changes that may results in security issues or availability issues.
Switch Port ConnectionsChanges in Switch Port Connections are indicators that someone may be attaching a device to the network, detected by inspecting what is plugged into each switch and comparing to the last connection.
Local UsersThe addition or removal of local users can lead to stealth ID and backdoors that could lead to security issues in the future. A single user might be an administrator on their own computer and adding/removing local user accounts.
New Internal VulnerabilityChanges in the set of vulnerabilities should always be evaluated and monitored (available with VulScan Integration).

Add Internal Vulnerability Scan Results To Your Alerts & Reports

When you add VulScan to your layered approach to risk management, Cyber Hawk will automatically access the latest VulScan internal vulnerability scan results and seemlessly incorporate the discovered vulnerabilities into a single, unified Change Detection and Management system.

We have added many security products, but Cyber Hawk has been the only one that was able to be used by all of our non-security specialized staff to provide relevant information and value right out of the box.

Scott Putnam CEO
Apex Technology Management, Inc.

Cyber Hawk has allowed us to have a deeper view of our client networks from accounts getting created, to devices added to the networks, to the wireless networks that they are connecting their laptops. With the wireless network alerts, we can see who is connecting them to Free Wifi (Starbucks, etc.) and can use this information to develop and offer Security Awareness Training to these clients. And with this information we have proof of what they are doing.

Brian Martz VP

Cyber Hawk is hands down a great product, I have implemented in many different industries and continue to impress even the best security admins. With this product I get to play with the big boys.

Phillip Waite
EPS Networks

What we like most about Cyber Hawk is that is allows us to quickly see things we can make even more secure with ease!

Phillip Waite CEO