Current CyberSecurity practice involves the random application of point solutions to an undefined network. CyberSecurity evolution simply adds new tools to the arsenal of existing tools – this approach is flawed, and will not deliver true CyberSecurity. The NIST CyberSecurity Framework provides guidance on the design of a properly managed CyberSecurity process. ClearArmor has defined the methodology and automated the process of implementing and sustaining a complete CyberSecurity program.
The process defines the tools required to meet the standard. ClearArmor’s unique technology and how the standard is met is described in detail below.
One product for all your CyberSecurity needs – all based on industry standards. Reduce risk and decrease spending on multiple IT tools and platforms that all fall short. ClearArmor’s CSRP provides you with insight into your business and cybersecurity health. Customized, easy-to-read dashboards for different levels of the organization – from the CEO to technology experts. Easily produce reports to demonstrate and maintain compliance.
The unique ClearArmor CyberSecurity Process is based upon a defined, structured, and complete approach to Network Security.
The key to the process is the real-time automated bot-driven collection and analysis of network and endpoint data. Endpoints include physical and virtual UNIX, Linux, Windows Servers, workstations, printers, routers, switches, IP Phones, IP Devices, cell phones, tablets, and other IT network devices.
The process incorporates management and data collection of the following ClearArmor processes. The processes are automated through a ClearArmor process management and automated workflow portal.
All data generated and collected through the real-time process is stored within The ClearArmor enterprise Multi-Terabyte SQL database. The database provides immediate real-time access to data. The management of the Data leads to full intelligent management of the process. The database process supports federation, structured and unstructured big data type queries and provides a natural language and full SQL type queries.
The ClearArmor process supports all UNIX, Linux, Windows, AS400, IBM operating systems and gathers Data for any IP device providing:
Without a real-time, current, accurate, and precise defined network infrastructure CyberSecurity is impossible. Without a real-time, current, accurate, and precise defined software inventory both NIST and CIS compliance is also impossible.
The ClearArmor network definition process is based upon over 20 years of experience in the world’s largest and most secure networks – including the Department of Defense (SIPRnet and NIPRnet), secure military networks, global financial institutions, industry communication companies, and cable corporations.
The ClearArmor Process defines millions software applications, security patches, individual files, and network hardware – this data coupled with ClearArmor’s encyclopedia of associated product information provides a total visual data-driven definition of the network. The analysis and management of this data permits the ClearArmor process to meet NIST and CIS compliance requirements.
The ClearArmor Process is real-time, automated, fast, and permits full network data and information analysis. CyberSecurity is based on data analysis. The ClearArmor database provides real-time current data and uniquely provides historical data of all endpoint, server, and network changes – including network operations. ClearArmor provides three distinct real-time query engines one of which is a natural language engine. Query results are returned with no delay and in real-time.
The ClearArmor CSRP system empowers your organization with a comprehensive, easy-to-understand, cost-controlled, structured approach to CyberSecurity that allows your organization to create and govern a custom CyberSecurity risk management strategy.
ClearArmor’s ICSP provides a quantum leap forward in CyberSecurity risk mitigation, incident detection, and incident response.
Trying to manage an IT environment without consistent and complete data can be an exercise in futility and frustration.
Data Interface to ODBC, JDBC, and file based Data
Data Mashups across heterogeneous data sources
Native ability to alert users when thresholds have been exceeded
Native ability to create and transmit reports to users via email
Native ability to feed dashboards and charts to external web pages
Dynamic Dashboards allowing for drill downs, dynamic interaction, and rich representation of data
User access limits to specific data, reports, alerts, and dashboards
Identify when users accessed cyber intelligence data
Automated distribution of reports based on report, time, and distribution group
Custom CEO dashboards and reports showing high level aggregated data
Compliance Officer Aggregate and Drill Down Dashboards
Custom CISO dashboards and reports showing high level aggregated data
Custom CSOC dashboards and reports showing high level aggregated data
Custom IT admin dashboards and reports showing high level aggregated data
Daily report focused on general corporate CyberSecurity data and individual CyberSecurity details
Scheduled or on demand audits of systems of systems
Filter compliance scans to specific landscapes
Filter compliance Scans to specific categories of systems
Leveraging of Military grade / tested / used compliance scanning engine
Ability to utilize Center for Internet Security CIS Cat Pro scanning engine
Ability to consume Center for Internet Security Benchmarks
SCAP is a specification for expressing and manipulating security data in standardized ways. SCAP uses several individual specifications in concert to automate continuous monitoring, vulnerability management, and security policy compliance evaluation reporting
The Open Vulnerability and Assessment Language is a language for representing system configuration information, assessing machine state, and reporting assessment results
Extensible Configuration Checklist Description Format (XCCDF) is a specification language for writing security checklists, benchmarks, and related kinds of documents
The Common Platform Enumeration (CPE) is a specification measuring the relative severity of system security configuration issues
The Common Configuration Enumeration TM (CCE) is a nomenclature and dictionary of software security configurations
The Asset Reporting Format (ARF) is a specification describing a data model for asset reporting
Asset Identification (AI) is a specification for identifying assets
The trust Model for Security Automation Data (TMSAD) describes a common trust model that can be applied to specifications within the security automation domain
Compliance and Audit Reports are available in HTML Format
Compliance and Audit Reports are available in Text Format
Compliance and Audit Reports are available in Excel based Format
Compliance Dashboard Data provides both technical and executive level insights
The ability to customize audits to meet organizational needs
Scanning of targets from inside the target to access native configuration data
Scan specific landscapes
Scan automatically on a schedule or at a future point in time
Scan endpoints based on category of the endpoint
Leveraging of military grade / tested / used vulnerability scan engine
Automated update of NVT data
Automated update of SCAP data
Aggregate vulnerability data across endpoint types, location, landscape, or category
The Common Vulnerability Enumeration® (CVE) is a specification describing a nomenclature and dictionary of security-related software flaws
ClearArmor ENP (Enterprise Network Probe) is a key bot used to Detect, Identify, and Define all endpoints that find their way onto the network.
ClearArmor EPM (Endpoint Metering) Bot is responsible for monitoring user activities on monitored workstation, especially running processes, active windows, key strikes and mouse clicks. It gathers metering data and sends it to EPM Collector (EPMC)
ClearArmor FLW (File Watcher) Bot plays a unique role in understanding what software is being run by endpoints as well as potentially preventing malicious executables from running.
ClearArmor EDA (Electronic Distribution Assistant) Bot facilitates the distribution of new packages and updates to endpoints in a secure and controlled manner.
ClearArmor EDU (Electronic Distribution Updater) Bot facilitates updates specific to the ClearArmor ecosystem in a secure and controlled manner
ClearArmor EPAC Endpoint Analysis Collector is a type of Bot used to facilitate communications between the EPA and EPM Bots, and the EAP Bot
ClearArmor EPMC End Point Metering Collector us a type of Bot that communicates and expedites information between the EPM Bots and the EAP Bot
ClearArmor ESUMC Enterprise Server Utilization Monitoring Collector is a type of Bot that communicates and expedites information between the SUM Bot and EDTC Bot
ClearArmor EFLWC Enterprise File Watcher Collection Bot
ClearArmor EDS Electronic Distribution Service Bot
ClearArmor EAP Enterprise Audit Processor is a type of communications and pre processing Bot that interfaces between Collectors and the Enterprise Data Transaction Coordinator
ClearArmor EDTC Enterprise Database Transaction Coordinator is a type of Bot used to consume data from multiple sources and prioritize entry into the ICSP
ClearArmor ECMP (Enterprise Central Management Point) is a type of Bot that facilitates and expedites communications between the ENP Bots, EDS Bots, and the ICSP
ClearArmor Workflow Service is a type of Bot that controls workflows that operate on demand, are cyclic, or in response to an event
ClearArmor EMQS Bots control secure, asynchronous communications of data and instructions throughout the ICSP Platform
ClearArmor AD Bot – Continuously Scans for AD Events, Alerts, and Anomalies
ClearArmor Scan Bot – Continuously Scans for system vulnerabilities
Extender Bots - Compliance Engine 1 Scanner Bot
Networked devices are discovered, identified, and catalogued using a broad spectrum of standards based as well as highly advanced proprietary methods.
Identified network endpoints are interrogated to acquire all information related to that endpoint including hardware, software, O/S, utilization, and deviation from organization standards.
As endpoints are identified, an intelligent process is leveraged to normalize all data related to hardware, software, and utilization.
TA continuous running process empowers the ICSP to see changes to the network as they occur.
The Enterprise Network Probe continuously interrogates ARP tables to discover new devices and patterns as part of the Network Identification Process
The Enterprise Network Probe continuously interrogates subnets using ICMP to discover new devices and their associated information as part of the Network Identification Process.
The Enterprise Network Probe is empowered to enumerate LAN Manager Information as part of the Network Identification Process.
The Enterprise Network Probe is empowered to enumerate AD Information as part of the Network Identification Process
The Enterprise Network Probe is empowered to enumerate HP OpenView Information as part of the Network Identification Process
The Enterprise Network Probe is empowered to enumerate SCCM Information as part of the Network Identification Process
TThe Enterprise Network Probe is empowered to enumerate DNS Information as part of the Network Identification Process
The Enterprise Network Probe is empowered to enumerate rDNS Information as part of the Network Identification Process
The Enterprise Network Probe is empowered to enumerate endpoint services as part of the Network Identification Process
The Enterprise Network Probe is empowered to acquire NetBIOS data information as part of the Network Identification Process
The Enterprise Network Probe is empowered to acquire data via WMI queries as part of the Network Identification Process
The Enterprise Network Probe is empowered to acquire data via SNMP queries as part of the Network Identification Process
The Enterprise Network Probe is empowered to acquire data via Net Server Queries as part of the Network Identification Process
A single ENP is utilized for smaller organization or organizations without complex network infrastructure
A Distributed approach is utilized to acquire data from large organizations or organizations with complex network infrastructure
The Enterprise Network Probe can be utilized through a stand alone Network Topographer application
Powerful Endpoint asset Bots provide continuous updates as to changes related to endpoints
A proprietary method of normalizing assets so as to identify endpoints after changes as well as determine uniqueness for all endpoints
Powerful Endpoints asset Bots can be configured to operate in a zero footprint mode that communicates asset data to the ICSP
Identification of configuration details is a critical function of the Endpoint Analyzer Bot
Identification of hardware Manufacturer details is a critical function of the Endpoint Analyzer Bot
Identification of hardware Model details is a critical function of the Endpoint Analyzer Bot
Correlating End of Life / End of Support is a critical feature provided through the ICSP
Correlating users to endpoints is a critical function of the ICSP
The ICSP can identify all variants of UNIX operating systems
The ICSP can identify all variants of Linux operating systems
The ICSP can identify all variants of Windows operating systems
The ICSP can identify VMware host and guest instances
The ICSP can identify Oracle VM host and guest instances
The ICSP can identify AIX LPAR host and guest instances
The ICSP can identify AIX VIOS host and guest instances
The ICSP can identify HPUX NPAR host and guest instances
The ICSP can identify HPUX VPAR host and guest instances
The ICSP can identify other types of Virtual Server Host and Guests
Single location to examine service account utilization across the entire organization
Record baseline of systems based on type, landscape, use, and other Criteria
Identify Baseline deviation creep by mapping systems to their associated baselines
Identify the systems and software that are approaching or past End of Life (EOL) or End of Support (EOS)
THE ICSP allows clients to identify hardware for Landscape (i.e. Production, QA, Pre-Prod, Dev1, Dev2, Test, DR, etc.)
The ICSP allows clients to categorize hardware as to use (Example: ERP, Financial, HR, HRIS, Collaboration, Infrastructure, Communications, etc.)
The ICSP allows clients to group endpoints based on Landscape and Category
The ability to terminate unauthorized processes
The ability to block unauthorized processes from running
Log processes that run on endpoints to better understand what runs in your organization
Flag processes as ‘Black’ listed
Flag processes as ‘White’ listed
Leverage SWID tags for identification of processes
Utilization of SHA-1, SHA-2, MD5 hash validation
Categorize directories as allowing processes to run from
Categorize directories as not allowing processes to run from
Automate the identification of Whitelisted hardware
Manual Whitelisting of hardware down to the endpoint
ID new hardware as it hits the network and flag it for White or Black listing
Assisted Software whitelisting
Unapproved Software execution termination
Server CPU load Monitoring
Server Core load recording
Server Memory Utilization Monitoring
Server CPU load Monitoring tied to processes
Server Memory Utilization Monitoring tied to processes
Server I/O Monitoring tied to processes
Server Disk Monitoring
Server Network I/O Monitoring
Custom Hardware Utilization Monitoring tied to individual or grouped endpoints
Custom Software Utilization Monitoring tied to individual or grouped endpoints
Custom Threshold Exception Monitoring tied to individual or grouped endpoints
Custom Endpoint utilization Monitoring tied to individual or grouped endpoints
Custom Endpoint Availability Utilization Monitoring tied to individual or grouped endpoints
Custom Monitoring of threshold exceptions tied to individual or grouped endpoints
Custom Monitoring of servers Monitoring tied to individual or grouped endpoints
Custom Services Monitoring tied to individual endpoints
Custom Hardware Utilization Monitoring tied to grouped endpoints
Custom Monitoring of applications tied to individual or grouped endpoints
Acquisition of AD Forest Information
Acquisition of AD Tree Information
Acquisition of AD Site information
Acquisition of AD OU Information
Acquisition of AD Computer Account Information
Acquisition of AD Account Information
Monitoring of User Accounts
Monitoring of Computer Accounts
Monitoring of Groups
Acquisition of Group Policy Information
Monitoring of Group Policy
Acquisition of OU changes
Acquisition of OU membership changes
AD Security Group Acquisition
AD Security Group Policy Acquisition
AD Distribution Group Membership Acquisition
Locked Accounts Monitoring
AD Key Group membership monitoring
AD Security Event Monitoring
Robust Message queuing that utilizes secure transmission and storage of messages
Integrate data from isolated networks (SIPR / NIPR / Other)
Platform supports on premises installation
Platform supports Software as a Service Installation
Centralized Management of System Tasks
The ability to utilize workflows to constantly replicate tasks
Powerful graphical user interface used to create, package, and distribute workflows
Adoption of custom defined fields to extend the functionality of the core platform
HRIS integrations to consume data from client systems
Bots are distributed in a secure manner
Software Distribution is supported using secure and robust techniques
Creation of distribution packages that are signed and encrypted
SQL Server Support is native to the ClearArmor ICSP version 1.0
PostgreSQL support is leveraged for specific areas of the ICSP and slated for native support across all functional areas in release v2.0
A proprietary and secure Message Queuing Service (EMQS) provides means of asynchronous, reliable message delivery across multiple components of the ICSP
A powerful workflow engine provides advanced functionality and extensibility to the ICSP
A secure repository for accessing frequently used queries as well as external point solution data.