Cyber Hawk
Change Alerting
Add Another Layer of Risk Management
With Daily Critical Network Change Alerts
Cyber Hawk makes a daily sweep of your entire network looking for specific types of critical changes that you should check for potential security issues going on inside the networks you manage. Set the time for the daily scan and Cyber Hawk reports back with an alert sent to any email address you specify, including your own ticketing system. The daily alerts aggregate the issues that were detected during the past 24 hours and can be sorted either by potential impact (high, medium and low) of the change, or by the type of change.
There are dozens of change alerts that can be trigged by unauthorized access to your system, honest but dangerous configuration mistakes, or suspicious end-user behaviors — the kinds of potential threats that vulnreability scanning along can't catch. Here's a sample:
| Category | Change Alert |
|---|---|
| Wireless | New connection to unauthorized wireless access point |
| Access Control | New profile (Business Owner's computer) |
| Computers | New application installed on locked down system |
| Computers | New removable drive added to locked down system |
| Access Control | New administrative rights granted |
| Access Control | New unauthorized access to IT restricted computer |
| Network Security | New device on restricted network |
| Access Control | New unauthorized access to accounting computer |
| Access Control | New unauthorized access to CDE |
| Access Control | New unauthorized access to ePHI |
| Access Control | New unauthorized printer on network |
| Access Control | New suspicious user logons by single desktop user |
| Computers | Internet access changed from restricted to not enforced |
| Computers | Critical patches no longer applied timely on DMZ computer |
| Computers | Critical patches no longer applied timely |
| Access Control | New profile added |
| Access Control | New user added |
| Access Control | New unusual logon to computer by user |
| Access Control | New unusual logon time by user |
| Network Security | New High Severity Internal Vulnerability (with VulScan) |
| Network Security | New Medium Severity Internal Vulnerability (with VulScan |
| Access Control | Local User Admin User Added |
Even though Cyber Hawk sends you change alerts on a daily basis on any potential threat it finds, once a week it also will send you a tight summary of all changes to the network that were made during the prior week. This gives you a quick at-a-glance summary of changes that didn't trigger a alert but still might be worth a quick review.
Changes included in Cyber Hawk's weekly report fall into the following objects with associated risks:
| Object | Risk Associated With Change in Object |
|---|---|
| Wireless Networks | It's not enough to train people to connect to safe and approve wireless network. To reduce risk you want to detect when they are not. |
| Network Devices | The addition or removal of network devices without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk. |
| Domain Users | Users may be elevated to Domain Admin without your knowledge, either by accident or through access breach. Alerts on this type of change should always be reviewed and action should be taken immediately if the change was unauthorized. |
| Computers | The addition or removal of computers without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk. |
| Printers | The addition or removal of printers without approval and knowledge can lead to rogue, unmanaged devices which leads to increased risk. |
| DNS | Changes in DNS are indicators that someone may be attaching a device to the network or making potentially harmful changes that may results in security issues or availability issues. |
| Switch Port Connections | Changes in Switch Port Connections are indicators that someone may be attaching a device to the network, detected by inspecting what is plugged into each switch and comparing to the last connection. |
| Local Users | The addition or removal of local users can lead to stealth ID and backdoors that could lead to security issues in the future. A single user might be an administrator on their own computer and adding/removing local user accounts. |
| New Internal Vulnerability | Changes in the set of vulnerabilities should always be evaluated and monitored (available with VulScan Integration). |
Add Internal Vulnerability Scan Results To Your Alerts & Reports
When you add VulScan to your layered approach to risk management, Cyber Hawk will automatically access the latest VulScan internal vulnerability scan results and seemlessly incorporate the discovered vulnerabilities into a single, unified Change Detection and Management system.
We have added many security products, but Cyber Hawk has been the only one that was able to be used by all of our non-security specialized staff to provide relevant information and value right out of the box.
Cyber Hawk has allowed us to have a deeper view of our client networks from accounts getting created, to devices added to the networks, to the wireless networks that they are connecting their laptops. With the wireless network alerts, we can see who is connecting them to Free Wifi (Starbucks, etc.) and can use this information to develop and offer Security Awareness Training to these clients. And with this information we have proof of what they are doing.
Cyber Hawk is hands down a great product, I have implemented in many different industries and continue to impress even the best security admins. With this product I get to play with the big boys.
What we like most about Cyber Hawk is that is allows us to quickly see things we can make even more secure with ease!