logo

Select Sidearea

Area for extra info, links, etc.
info@ClearArmor.com
+(610) 816-010
 

Technology

The ClearArmor Process is Unique

View Reports

Current CyberSecurity practice involves the random application of point solutions to an undefined network. CyberSecurity evolution simply adds new tools to the arsenal of existing tools – this approach is flawed, and will not deliver true CyberSecurity. The NIST CyberSecurity Framework provides guidance on the design of a properly managed CyberSecurity process. ClearArmor has defined the methodology and automated the process of implementing and sustaining a complete CyberSecurity program.

 

The process defines the tools required to meet the standard. ClearArmor’s unique technology and how the standard is met is described in detail below.

 

One product for all your CyberSecurity needs – all based on industry standards. Reduce risk and decrease spending on multiple IT tools and platforms that all fall short. ClearArmor’s CSRP provides you with insight into your business and cybersecurity health. Customized, easy-to-read dashboards for different levels of the organization – from the CEO to technology experts. Easily produce reports to demonstrate and maintain compliance.

 

The unique ClearArmor CyberSecurity Process is based upon a defined, structured, and complete approach to Network Security.

 

The key to the process is the real-time automated bot-driven collection and analysis of network and endpoint data.  Endpoints include physical and virtual UNIX, Linux, Windows Servers, workstations, printers, routers, switches, IP Phones, IP Devices, cell phones, tablets, and other IT network devices.

 

The process incorporates management and data collection of the following ClearArmor processes. The processes are automated through a ClearArmor process management and automated workflow portal.

 

All data generated and collected through the real-time process is stored within The ClearArmor enterprise Multi-Terabyte SQL database. The database provides immediate real-time access to data. The management of the Data leads to full intelligent management of the process. The database process supports federation, structured and unstructured big data type queries and provides a natural language and full SQL type queries.

ClearArmor Asset Management Processes-

The ClearArmor process supports all UNIX, Linux, Windows, AS400, IBM operating systems and gathers Data for any IP device providing:

Full Detailed Hardware and Software Asset Inventory

IoT Device management

Historical Data

Wireless Device support

Detailed Hardware and Software Utilization

Cloud Management

Change Management Data

BYOD Management

Software Distribution

Virtual Machine (including host management) Management

ITSM CMDB Support

ClearArmor EndPoint Management Processes:

Vulnerability Scanning

Log Analysis / SIEM

Intrusion Detection

White/Black list management

Malware detection

Other processes:

Threat Information Sharing

Threat Alerts (STIX and TAXII)

System Hardening

Network Definition

 

The key to any CyberSecurity process is a clear and precise definition of the network.

 

Without a real-time, current, accurate, and precise defined network infrastructure CyberSecurity is impossible. Without a real-time, current, accurate, and precise defined software inventory both NIST and CIS compliance is also impossible.

 

The ClearArmor network definition process is based upon over 20 years of experience in the world’s largest and most secure networks – including the Department of Defense (SIPRnet and NIPRnet), secure military networks, global financial institutions, industry communication companies, and cable corporations.

The ClearArmor Process defines millions software applications, security patches, individual files, and network hardware – this data coupled with ClearArmor’s encyclopedia of associated product information provides a total visual data-driven definition of the network. The analysis and management of this data permits the ClearArmor process to meet NIST and CIS compliance requirements.

 

The ClearArmor Process is real-time, automated, fast, and permits full network data and information analysis. CyberSecurity is based on data analysis. The ClearArmor database provides real-time current data and uniquely provides historical data of all endpoint, server, and network changes – including network operations. ClearArmor provides three distinct real-time query engines one of which is a natural language engine. Query results are returned with no delay and in real-time.

Understanding ClearArmor CSRP Technology

ClearArmor CSRP

The ClearArmor CSRP system empowers your organization with a comprehensive, easy-to-understand, cost-controlled, structured approach to CyberSecurity that allows your organization to create and govern a custom CyberSecurity risk management strategy.

ClearArmor ICSP

ClearArmor’s ICSP provides a quantum leap forward in CyberSecurity risk mitigation, incident detection, and incident response.

IT-Pedia®: IT Data Library

Trying to manage an IT environment without consistent and complete data can be an exercise in futility and frustration.

ClearArmor Product Features: 

CyberSecurity Intelligence

Multiple Data Source Integration

Data Interface to ODBC, JDBC, and file based Data

Data Mashups

Data Mashups across heterogeneous data sources

Alert

Native ability to alert users when thresholds have been exceeded

Static Reports

Native ability to create and transmit reports to users via email

Static Dashboards

Native ability to feed dashboards and charts to external web pages

Dynamic Dashboards

Dynamic Dashboards allowing for drill downs, dynamic interaction, and rich representation of data

Role Based Intelligence Access

User access limits to specific data, reports, alerts, and dashboards

Information Access logging

Identify when users accessed cyber intelligence data

Automated Report Distribution

Automated distribution of reports based on report, time, and distribution group

CEO Aggregate and Drill Down Dashboards

Custom CEO dashboards and reports showing high level aggregated data

Compliance Officer Aggregate and Drill Down Dashboards

Compliance Officer Aggregate and Drill Down Dashboards

CISO Aggregate and Drill Down Dashboards

Custom CISO dashboards and reports showing high level aggregated data

CSOC Aggregate and Drill Down Dashboards

Custom CSOC dashboards and reports showing high level aggregated data

IT Admin Aggregate and Drill Down Dashboards

Custom IT admin dashboards and reports showing high level aggregated data

CyberSecurity Management Daily

Daily report focused on general corporate CyberSecurity data and individual CyberSecurity details

Compliance Audit

Automated Compliance Auditing

Scheduled or on demand audits of systems of systems

Landscape Based Audit

Filter compliance scans to specific landscapes

Endpoint Category Based Audit

Filter compliance Scans to specific categories of systems

Military Grade Audit Engine

Leveraging of Military grade / tested / used compliance scanning engine

CisCat Scan Engine Interface

Ability to utilize Center for Internet Security CIS Cat Pro scanning engine

CIS Benchmark Consumption

Ability to consume Center for Internet Security Benchmarks

SCAP 1.0-1.2 Compliance Audit Support

SCAP is a specification for expressing and manipulating security data in standardized ways. SCAP uses several individual specifications in concert to automate continuous monitoring, vulnerability management, and security policy compliance evaluation reporting

Oval 5.3-5.11.1 Compliance Audit Support

The Open Vulnerability and Assessment Language is a language for representing system configuration information, assessing machine state, and reporting assessment results

XCCDF 1.1.4, 1.2 Compliance Audit Support

Extensible Configuration Checklist Description Format (XCCDF) is a specification language for writing security checklists, benchmarks, and related kinds of documents

CPE 2.3, 2.3 Compliance Audit Support

The Common Platform Enumeration (CPE) is a specification measuring the relative severity of system security configuration issues

CCE 5.0 Compliance Audit Support

The Common Configuration Enumeration TM (CCE) is a nomenclature and dictionary of software security configurations

ARF 1.1 Support

The Asset Reporting Format (ARF) is a specification describing a data model for asset reporting

AI 1.0 Support

Asset Identification (AI) is a specification for identifying assets

TMSAD 1.0 Support

The trust Model for Security Automation Data (TMSAD) describes a common trust model that can be applied to specifications within the security automation domain

HTML Based Reporting

Compliance and Audit Reports are available in HTML Format

Text Based Reporting

Compliance and Audit Reports are available in Text Format

Excel Based Aggregated Reporting

Compliance and Audit Reports are available in Excel based Format

Executive & Technical Dashboard Reporting

Compliance Dashboard Data provides both technical and executive level insights

Organizational Defined Compliance Thresholds

The ability to customize audits to meet organizational needs

Native Scan Target Automation

Scanning of targets from inside the target to access native configuration data

Vulnerability Testing

Landscape Based Scanning

Scan specific landscapes

Automated Scanning

Scan automatically on a schedule or at a future point in time

Endpoint Category Based Scanning

Scan endpoints based on category of the endpoint

Military Grade Vulnerability Engine

Leveraging of military grade / tested / used vulnerability scan engine

Automated NVT Feed Updates

Automated update of NVT data

Automated SCAP Feed Updates

Automated update of SCAP data

Aggregated Vulnerability Reporting

Aggregate vulnerability data across endpoint types, location, landscape, or category

Common Vulnerability Enumeration

The Common Vulnerability Enumeration® (CVE) is a specification describing a nomenclature and dictionary of security-related software flaws

Distributed Intelligence

Acquisition Bots - ENP

ClearArmor ENP (Enterprise Network Probe) is a key bot used to Detect, Identify, and Define all endpoints that find their way onto the network.

Acquisition Bots - EPM

ClearArmor EPM (Endpoint Metering) Bot is responsible for monitoring user activities on monitored workstation, especially running processes, active windows, key strikes and mouse clicks. It gathers metering data and sends it to EPM Collector (EPMC)

Acquisition Bots - FLW

ClearArmor FLW (File Watcher) Bot plays a unique role in understanding what software is being run by endpoints as well as potentially preventing malicious executables from running.

Package Distribution Bots - EDA

ClearArmor EDA (Electronic Distribution Assistant) Bot facilitates the distribution of new packages and updates to endpoints in a secure and controlled manner.

Package Distribution Bots - EDU

ClearArmor EDU (Electronic Distribution Updater) Bot facilitates updates specific to the ClearArmor ecosystem in a secure and controlled manner

Package Distribution Bots - EPAC

ClearArmor EPAC Endpoint Analysis Collector is a type of Bot used to facilitate communications between the EPA and EPM Bots, and the EAP Bot

Integration Bots - EPMC

ClearArmor EPMC End Point Metering Collector us a type of Bot that communicates and expedites information between the EPM Bots and the EAP Bot

Integration Bots - ESUMC

ClearArmor ESUMC Enterprise Server Utilization Monitoring Collector is a type of Bot that communicates and expedites information between the SUM Bot and EDTC Bot

Integration Bots - EFLWC

ClearArmor EFLWC Enterprise File Watcher Collection Bot

Integration Bots - EDS

ClearArmor EDS Electronic Distribution Service Bot

Core Bots - EAP

ClearArmor EAP Enterprise Audit Processor is a type of communications and pre processing Bot that interfaces between Collectors and the Enterprise Data Transaction Coordinator

Core Bots - EDTC

ClearArmor EDTC Enterprise Database Transaction Coordinator is a type of Bot used to consume data from multiple sources and prioritize entry into the ICSP

Core Bots - ECMP

ClearArmor ECMP (Enterprise Central Management Point) is a type of Bot that facilitates and expedites communications between the ENP Bots, EDS Bots, and the ICSP

Core Bots - Workflow Manager

ClearArmor Workflow Service is a type of Bot that controls workflows that operate on demand, are cyclic, or in response to an event

Core Bots - EMQS

ClearArmor EMQS Bots control secure, asynchronous communications of data and instructions throughout the ICSP Platform

Extender Bots - AD Bot

ClearArmor AD Bot – Continuously Scans for AD Events, Alerts, and Anomalies

Extender Bots - Vulnerability Engine 1 Scanner Bot

ClearArmor Scan Bot – Continuously Scans for system vulnerabilities

Extender Bots - Compliance Engine 1 Scanner Bot

Extender Bots - Compliance Engine 1 Scanner Bot

Network

Networked Device Identification

Networked devices are discovered, identified, and catalogued using a broad spectrum of standards based as well as highly advanced proprietary methods.

Endpoint Info Acquisition

Identified network endpoints are interrogated to acquire all information related to that endpoint including hardware, software, O/S, utilization, and deviation from organization standards.

Endpoint Identity Info Acquisition

As endpoints are identified, an intelligent process is leveraged to normalize all data related to hardware, software, and utilization.

Continuous Network Identification

TA continuous running process empowers the ICSP to see changes to the network as they occur.

ARP Enumeration

The Enterprise Network Probe continuously interrogates ARP tables to discover new devices and patterns as part of the Network Identification Process

ICMP Enumeration

The Enterprise Network Probe continuously interrogates subnets using ICMP to discover new devices and their associated information as part of the Network Identification Process.

LAN Manager Enumeration

The Enterprise Network Probe is empowered to enumerate LAN Manager Information as part of the Network Identification Process.

AD Data Acquisition

The Enterprise Network Probe is empowered to enumerate AD Information as part of the Network Identification Process

HP Openview Enumeration

The Enterprise Network Probe is empowered to enumerate HP OpenView Information as part of the Network Identification Process

SCCM Enumeration

The Enterprise Network Probe is empowered to enumerate SCCM Information as part of the Network Identification Process

DNS Enumeration

TThe Enterprise Network Probe is empowered to enumerate DNS Information as part of the Network Identification Process

Reverse DNS Enumeration

The Enterprise Network Probe is empowered to enumerate rDNS Information as part of the Network Identification Process

Endpoint Services Enumeration

The Enterprise Network Probe is empowered to enumerate endpoint services as part of the Network Identification Process

NetBios Data Acquisition

The Enterprise Network Probe is empowered to acquire NetBIOS data information as part of the Network Identification Process

WMI Data Acquisition

The Enterprise Network Probe is empowered to acquire data via WMI queries as part of the Network Identification Process

SNMP Data Acquisition

The Enterprise Network Probe is empowered to acquire data via SNMP queries as part of the Network Identification Process

NetServer Data Acquisition

The Enterprise Network Probe is empowered to acquire data via Net Server Queries as part of the Network Identification Process

Stand Alone Network Bot Implementation

A single ENP is utilized for smaller organization or organizations without complex network infrastructure

Distributed NETwork BOT Implementation

A Distributed approach is utilized to acquire data from large organizations or organizations with complex network infrastructure

Enterprise Network Topographer

The Enterprise Network Probe can be utilized through a stand alone Network Topographer application

End Point

Resident Bot Based Scanning

Powerful Endpoint asset Bots provide continuous updates as to changes related to endpoints

Unique Hardware Normalization

A proprietary method of normalizing assets so as to identify endpoints after changes as well as determine uniqueness for all endpoints

Zero Footprint Bot Scanning

Powerful Endpoints asset Bots can be configured to operate in a zero footprint mode that communicates asset data to the ICSP

Hardware Configuration Acquisition

Identification of configuration details is a critical function of the Endpoint Analyzer Bot

Hardware Manufacturer Identification

Identification of hardware Manufacturer details is a critical function of the Endpoint Analyzer Bot

Hardware Model Identification

Identification of hardware Model details is a critical function of the Endpoint Analyzer Bot

Hardware End of Life Identification / End of Support

Correlating End of Life / End of Support is a critical feature provided through the ICSP

Hardware User Identification

Correlating users to endpoints is a critical function of the ICSP

UNIX OS Identification

The ICSP can identify all variants of UNIX operating systems

LINUX OS Identification

The ICSP can identify all variants of Linux operating systems

Windows OS Identification

The ICSP can identify all variants of Windows operating systems

VWMARE Host Identification

The ICSP can identify VMware host and guest instances

Oracle OVS Host Identification

The ICSP can identify Oracle VM host and guest instances

AIX LPAR Identification

The ICSP can identify AIX LPAR host and guest instances

AIX VIOS Identification

The ICSP can identify AIX VIOS host and guest instances

NPAR identification

The ICSP can identify HPUX NPAR host and guest instances

VPAR Identification

The ICSP can identify HPUX VPAR host and guest instances

Virtual Server Identification

The ICSP can identify other types of Virtual Server Host and Guests

Unified Service Account Reporting

Single location to examine service account utilization across the entire organization

System Baseline Identification / Update

Record baseline of systems based on type, landscape, use, and other Criteria

System Baseline Deviation

Identify Baseline deviation creep by mapping systems to their associated baselines

End of Life / End of Support Identification

Identify the systems and software that are approaching or past End of Life (EOL) or End of Support (EOS)

Categorization

Landscape based Hardware Categorization

THE ICSP allows clients to identify hardware for Landscape (i.e. Production, QA, Pre-Prod, Dev1, Dev2, Test, DR, etc.)

Use Based Hardware Categorization

The ICSP allows clients to categorize hardware as to use (Example: ERP, Financial, HR, HRIS, Collaboration, Infrastructure, Communications, etc.)

Endpoint Category Grouping

The ICSP allows clients to group endpoints based on Landscape and Category

File Load Watcher

Unauthorized File Execution Termination

The ability to terminate unauthorized processes

Unauthorized File Execution Block

The ability to block unauthorized processes from running

New Process Execution Logging

Log processes that run on endpoints to better understand what runs in your organization

Black Listing

Flag processes as ‘Black’ listed

White Listing

Flag processes as ‘White’ listed

SWID Tag Whitelisting

Leverage SWID tags for identification of processes

Sha1 / Sha1 / MD5 File Hash Validation

Utilization of SHA-1, SHA-2, MD5 hash validation

Allowed Directory Execution Protection

Categorize directories as allowing processes to run from

Denied Directory Execution Protection

Categorize directories as not allowing processes to run from

Whitelisting

Automated Hardware Whitelisting

Automate the identification of Whitelisted hardware

Assisted Manual Hardware Whitelisting

Manual Whitelisting of hardware down to the endpoint

ID of Newly Identified Hardware

ID new hardware as it hits the network and flag it for White or Black listing

Assisted Software Whitelisting

Assisted Software whitelisting

Non Whitelisted Software Execution Prevention

Unapproved Software execution termination

Server Utilization

CPU Load Monitoring

Server CPU load Monitoring

CPU Core Monitoring

Server Core load recording

Memory Utilization

Server Memory Utilization Monitoring

Process CPU Allocation Monitoring

Server CPU load Monitoring tied to processes

Process Memory Allocation Monitoring

Server Memory Utilization Monitoring tied to processes

I/O Monitoring

I/O Monitoring

I/O Per Process Monitoring

Server I/O Monitoring tied to processes

Physical Disk Utilization Monitoring

Server Disk Monitoring

Network I/O Monitoring

Server Network I/O Monitoring

Monitoring

Hardware Utilization

Custom Hardware Utilization Monitoring tied to individual or grouped endpoints

Installed Software Utilization

Custom Software Utilization Monitoring tied to individual or grouped endpoints

Threshold Alerting

Custom Threshold Exception Monitoring tied to individual or grouped endpoints

Server Utilization

Custom Endpoint utilization Monitoring tied to individual or grouped endpoints

Server Monitoring

Custom Endpoint Availability Utilization Monitoring tied to individual or grouped endpoints

Threshold Alerts

Custom Monitoring of threshold exceptions tied to individual or grouped endpoints

Grouped Server Monitoring

Custom Monitoring of servers Monitoring tied to individual or grouped endpoints

Services Monitoring

Custom Services Monitoring tied to individual endpoints

Grouped Services Monitoring

Custom Hardware Utilization Monitoring tied to grouped endpoints

Application Monitoring

Custom Monitoring of applications tied to individual or grouped endpoints

Active Directory (AD) BOT

AD Forest Acquisition

Acquisition of AD Forest Information

AD Tree Acquisition

Acquisition of AD Tree Information

AD Site Acquisition

Acquisition of AD Site information

AD OU Acquisition

Acquisition of AD OU Information

AD Computer Account Acquisition

Acquisition of AD Computer Account Information

AD User Account Data Acquisition

Acquisition of AD Account Information

AD User Account Monitoring

Monitoring of User Accounts

AD Computer Account Data Acquisition

Monitoring of Computer Accounts

AD Acomputer Account Monitoring

Monitoring of Groups

Group Policy Acquisition

Acquisition of Group Policy Information

Group Policy Monitoring

Monitoring of Group Policy

AD OU Acquisition

Acquisition of OU changes

AD OU Membership

Acquisition of OU membership changes

AD Security Group Acquisition

AD Security Group Acquisition

AD Security Group Policy

AD Security Group Policy Acquisition

AD Distribution Group Acquisition

AD Distribution Group Membership Acquisition

AD Locked Accounts Monitoring

Locked Accounts Monitoring

AD Key Group Membership Monitoring

AD Key Group membership monitoring

AD Security Event Monitoring

AD Security Event Monitoring

Platform

Encrypted Message Queuing

Robust Message queuing that utilizes secure transmission and storage of messages

Isolated Network Data Integration

Integrate data from isolated networks (SIPR / NIPR / Other)

On Premises Implementation Support

Platform supports on premises installation

SaaS Implementation Support

Platform supports Software as a Service Installation

Centralized Task Management

Centralized Management of System Tasks

Workflow Creation and Management

The ability to utilize workflows to constantly replicate tasks

Graphical Workflow Creation

Powerful graphical user interface used to create, package, and distribute workflows

Custom Defined Fields

Adoption of custom defined fields to extend the functionality of the core platform

HRIS Data Integration

HRIS integrations to consume data from client systems

Secure File Distribution

Secure Bot and Agent Distribution

Bots are distributed in a secure manner

Secure Software Distribution

Software Distribution is supported using secure and robust techniques

Signed / Encrypted Distribution Package Creation

Creation of distribution packages that are signed and encrypted

Data Related

SQL Server Support (Vers 1.0)

SQL Server Support is native to the ClearArmor ICSP version 1.0

PostgreSQL Support (Vers 2.0)

PostgreSQL support is leveraged for specific areas of the ICSP and slated for native support across all functional areas in release v2.0

Robust Mesg. Queue Functions

A proprietary and secure Message Queuing Service (EMQS) provides means of asynchronous, reliable message delivery across multiple components of the ICSP

Workflow Driven Processes

A powerful workflow engine provides advanced functionality and extensibility to the ICSP

Secure Data Query Repository

A secure repository for accessing frequently used queries as well as external point solution data.