Think Inside The Box!

The traditional way of thinking about security - where physical location was secured - is no longer applicable in the ever changing computing environment we find ourselves in.

The secure computer room - where only authorized personnel had access - gave way to a more distributed environment. More computing power is available on each employee's desk now than there was available to the entire organization not long ago.

Even having a private network is becoming a thing of the past. More and more networks are incorporating the internet as the primary backbone for the distribution of data and services.

The future promises to distribute the computing environment even further with more of the core business objectives being produced and accessed from a global community over a public network.

This distributed architecture makes the perimeter more porous. The need to give access to a diverse population means that we have to think of security in fundamentally different ways.

Unlike in the past having firewall and antivirus applications installed on the system is not enough!

ProActive Secure Systems products provide solutions that supplement antivirus and firewall products to insure that unauthorized software will be detected.

If you think that a machine protected by an internet firewall and antivirus software is secure -- so additional auditing is not required -- think again!
Introduction to ProActive Security Audit

ProActive Secure Systems provides Security Auditing devoted to keeping Microsoft Servers and Workstations clean from unauthorized software.

The Security Agent will detect targeted files added to, modified or deleted from the monitored environment. This is a periodic process that, once installed, starts when the machine is booted up and continues until the machine is shut down.

It generates a machine baseline, or allows the use of a previously generated machine baseline, consisting of file specifics for each monitored target. The baseline is the standard by which the current state of the machine is measured. Artificial Intelligence (AI) built into the system uses a set of rules to profile the files installed on the machine into two categories; safe and security exposure. If a file is deemed to be a security exposure -- by having the ability to function or operate independently -- and the Security Agent is installed, the file will be periodically monitored to determine if it has been modified or deleted.

Tampering is determined by a procerss that is able to distinguish between two versions of a file. If the file has been altered in any way it will be reported.

There's more, if any file meeting the security exposure criteria is added to the machine after the baseline was generated will also be reported.

The Security Agent - working in the background - is vigilant in seeking out and reporting the presence of intruder software.

Supported platforms are Windows 2000 Workstations and Servers, Windows 2003 Servers and Windows XP Workstations.

Evaluation of Security Exposures

The determination of whether a file is safe or a security exposure depends on the following:

  • The file is used as data for some application
  • The file can be executed
  • The file is some behind the scenes component that can be called upon from an executing program to perform some operational functionality

If the file is deemed to be data for some application then it is considered to be safe and is not monitored.

A file is considered to be a security exposure if it can be executed or if it is some behind the scenes component that can be called upon from executing software to perform some operational functionality, and must be monitored.

ProActive Security Agent Operation

The Security Agent is a heuristic application that will adjust to changes as they happen on the monitored machine. At the start of each cycle the agent takes a new snapshot of the environment, which is used to evaluate the current state of the machine.

The agent will detect targeted files added to, modified or deleted from the monitored environment. This is a periodic process that, once installed, starts when the machine is booted up and continues until the machine is shut down.

Conclusion

Regardless of how software was placed on the machine the Security Audit will detect and report it so that a decision can be made whether to accept or remove the surreptitiously installed software.

It is imperative that your machines be monitored for intrusion. The ProActive Secure Systems Security Audit will do that for you. You can feel secure that you are taking a proactive approach to intrusion detection and get on with day to day business.

Anti-virus and firewall applications are not enough! The ProActive Secure Systems Security Audit detects intruder software on your servers and workstations.