Cybersecurity is a set of security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. This enables both information protection from destruction, corruption, theft and information availability from end user.
Cybersecurity main goal is IT systems vulnerability reduction that is to say system weakness or flow that can be used to break a security policy.
To implement Cybersecurity policy you need to execute a hardening technique. To activate this technique you have to perform two steps:
- Attack surface reduction that is to say uninstall softwares, disable services, kernel modules, network ports that are not necessary to be enabled.The very basic concept of this step is that all softwares, kernel modules, services can have a vulnerability, every network port can be breached by a cyber attack, so they have to be disabled unless they are necessary.
- Enhance system robustness that is to say, enable password complexity policy, security patch installation, unnecessary user deletion and user need to work. Only after a Hardening policy implementation we can be sure at time T0 of our IT infrastructure state.
But at time T0+1 our IT infrastructure can be changed because of new events that can happen like:
- New software installation
- New user creation
- New user entered the Administrator Group
- Missed installation of a new security patch
This means that a Vulnerability reduction process must be ever running and mustn't be performed only at time T0.
Sentinet3® to control attack surface
Once the hardening has been finished at time T0 we have a perfect picture of our IT infrastructure state and we have to be sure that the picture doesn't change.
First of all we need a constant attack surface monitoring to avoid this change.
With Sentinet3® we can:
- Monitor all software configuration changes on the target servers. You will be alerted when a new software is installed;
- Monitors that the set of active services don't change, alerting IT administrator when a new service is enabled;
- Monitor TCP and UDP ports opening, alerting when this happens.
Using Sentinet3® you can sleep easy while it will monitor your entire attack surface continuously and without effort.
Sentinet3® to monitor system robustness
Once you are monitoring the attack surface you must be sure that your systems remain as robust as they were at T0 time.
To do this there are two main steps::
- IT security patch monitoring
Implementing this action you will be sure that all your systems will be updated at the last security patch issued. Sentinet3® can do this thanks to a check able to monitor all the main operating systems like Windows, Debian, Ubuntu, Red Hat, Aix and Solaris,routers like Cisco or Northel and the main antivirus. - User policy monitoring
Sentinet3® can do:- a) Monitor change on password security policy;
- b) Monitor new user creation;
- c) Monitor change in Administrator Group.
Sentinet3® to monitor protection system
A modern IT infrastructure with a strong security policy implementation has protection systems like Firewall, IDS, IPS, SIEM, Antivirus.
All these systems have an enhancement security goal to reduce successful security attack chances.
But what happens if one of these systems don't work?
The answer is simple and frightening!
Sentinet3® can monitor all your security system as well and promptly alert via sms or email when something wrong is happening.
Sentinet3® to monitor attack
Sentinet3® can find out if your infrastructure is under the following attacks:
- DNS Redirection
The DNS database is monitored to discover a DNS poisoning attempt. - Web site defacement
This attack goal is to reduce the Organization reputation changing the website institutional homepage with one that has a denigrating message.
Thanks to Sentinet3® it is possible to have a continuous monitoring at the website homepage.
If a website defacement attack occurs Sentinet3® sends a message to IT administrators and promptly changes the denigrating homepage with the institutional one. This happens in a few seconds so that hardly anybody can view the denigrating page. - Denial of Service
This attack goal is to “stop a service”. It consists of a huge number of service requests (for example http) that a server can't hold and causes the server to run out of resources (for example RAM). One of the most known is a Syn-Flood attack.
Thanks to its network monitoring module Sentinet3® finds out abnormal network traffic and can stop traffic arriving from suspicious ip addresses.