File Integrity Monitoring and Log Management
TrustAgent is an advanced file integrity monitoring and log management system that is fully integrated with the iTrust security management platform. The ability to detect system wide changes and log file access is fundamental to enterprise network security and key requirements for PCI DSS compliance.
The TrustAgent log management system captures data from systems across the network. TrustAgent stores, monitors, correlates, alerts, and reports on these logs; providing secure access for both routine analysis and detailed forensics. The embedded workflow manager sends alerts directly to the TrustNet SOC, your inbox, mobile phone, or ticketing system.
TrustAgent file integrity monitoring enables immediate detection of all changes to systems, whether malicious, accidental, or authorized. This includes all changes to the directory structure such as alternate data streams, registries, file access permissions, services, and file contents. The detection of changes to the directory structure enables immediate identification of any unauthorized activity. This capability extends TrustAgent's ability to detect viruses, Trojans, malware and spyware often in advance of traditional anti-malware tools.
Implemented standalone or together with TrustNet's other vulnerability management tools, TrustAgent provides network and security managers with a complete in-depth view of enterprise network security status.
- Recognizes organization and individual user network activity
- Designed to meet compliance standards included the latest PCI DSS
- Monitors and detects data leakage attempts
- Protects corporate and customer data
- Completely integrated with the iTrust
- Automated monitoring, alerting, and reporting
- Fully searchable log archives
- Event data encrypted and stored in existing SANs
TrustAgent enables organizations to meet compliance requirements including PCI DSS by monitoring all file changes in packaged and custom applications. TrustAgent provides automated alerting on unauthorized file system modifications and malicious behavior.
TrustAgent enables organizations to implement a comprehensive host based file integrity monitoring system with application/server specific policies across multiple platforms including Windows, Linux, Solaris, AIX, HP-UX, BSD, Mac OS, and VMware ESX.
Agent and Agentless Monitoring
TrustAgent enables agent based and agentless monitoring of systems and networks providing alternative approaches that fit your network environment and specific needs.
Real-time and Configurable Alerts
TrustAgent enables customers to configure specific alerts and filter critical incidents from ordinary "background noise". The system includes SMTP, TXT, and SYSLOG integration enabling alerts to be sent via email and text to workstations and mobile devices.
Integration with Current Infrastructure
TrustAgent can be integrated with other existing Security Incident and Event Management (SIEM) technologies enabling centralized reporting with additional incident and event correlation.
TrustAgent integrates with the iTrust providing a streamlined and centralized system that manages policies across multiple operating systems. In addition, policies can be finely tuned so that specific servers, typically high risk assets, have automatic group policy overrides.
Authentication and Encryption
Communication between TrustAgent and the monitored hosts is highly secure leveraging both encryption and authentication. TrustAgent itself generates unique encryption keys that are easily installed on each monitored host.
TrustAgent can be deployed as a dedicated 1U rack mounted network appliance or as a software upgrade to an existing iTrust appliance.
TrustAgent File Integrity Monitoring and Log Management Features
Secure Log Management: TrustAgent generates encryption keys which are applied to each log host to ensure logs are authenticated and validated. This feature of TrustAgent can used to support compliance needs such as PCI requirements 10.6 and 10.7.
Security Event Management: Includes a single dashboard view of all alerts. Alert detail includes color-coded severity ratings, attack sources, attack targets, time, and date stamp. Users can specify actions such as Dismiss and Escalation to another iTrust user or external email address. Alerts can also be dismissed on mass.
Dashboard Management: Easy to use single view dashboard with data filtering by date and severity. Dashboard features a quick view of alerts and drill-down details for all devices. The trending dashboard includes interactive graphic with alerts by volume, target, and attack sources.
Role Based Permissions: Enterprise-grade role-based security that controls user access rights across all iTrust applications. Create unlimited number of hierarchical roles enabling delegation of responsibilities to reflect your unique organizational structure. Specify specific actions for each role (for example Schedule Scans, Add/Remove False Positives, Location Management) and authorized functional profile (for example Full Vulnerability Assessment, SANS Top 20, PCI Compliance Check).
Reporting: Easy to understand graphical formats in HTML, PDF, and XML formats. Choose from a selection of standardized reports or create your own using the dynamic report generator. Each issue is color coded and ranked based on severity.
Remediation Guidance: Reports include detailed step-by-step remediation guidance and one-click links to external resources for additional patching information and workarounds. These solutions have been tested and validated by TrustNet's experienced security team who are on-standby with unlimited technical support.