In contrast to many signature-based security products, CimTrak—a comprehensive security, integrity and compliance application, focuses on ensuring that servers, network devices, and other components of the IT infrastructure are exactly in the same expected state. This capability is made possible by the advanced authoritative baseline that CimTrak creates and maintains for each server, workstation, network device, or IT component that is being monitored. “We created CimTrak because we felt that the predominant methods of securing systems, based on malware fingerprints, were largely ineffective and would not scale well over time,” says Robert E. Johnson III, President & CEO, Cimcor, Inc.
The core mission of the CimTrak Integrity Suite is to provide enterprises with deep insight and knowledge of all changes within their infrastructure, with the ability to detect changes in real-time. CimTrak provides detailed information such as, when the change was made, who made the change, what process/program was used to make the change, and other forensic information.
CimTrak can help an organization improve their security posture by proactively monitoring the integrity of VMWareESXi hosts configurations, Active Directory/ LDAP attributes, router/switch/firewall configurations, virtual network settings, users and groups, registry entries, and much more. CimTrak can even identify unanticipated changes to Oracle, MySQL, Microsoft SQL Server, and IBM DB2 database schemas.
In an implementation highlight, an organization that must be PCI Compliant had just deployed servers into the cloud and they wanted to ensure that the servers had not been changed. CimTrak was deployed on all the servers in the cloud and all these cloud-based servers were configured to report back to a single CimTrak Management Server located in their physical infrastructure. The CimTrak Integrity Suite provided the customer with the best of both cloud and on-site topologies. CimTrak has complete support for Amazon Linux AMI for AWS, Google Compute Engine, Microsoft Azure, OpenStack, and many other cloud platforms.
Our audit trail is so sophisticated that it can be used to restore a file to a previous state, even if it wasn’t hacked or altered in a malicious way
Moving ahead, while Cimcor can robustly monitor most SCADA systems, the plan is to extend that level of monitoring to Programmable Logic Controllers and other control systems. In addition, the firm is expanding their change monitoring capabilities to more application-specific data such as EMR systems, ERP systems, CMS and more. “Furthermore, we will be extending the architecture to monitor changes and threats for the growing segment of IoT that is rapidly expanding their footprint on enterprise networks,” adds Johnson.