Intelligent automation of your security
Whatever the security controls you use; ensures that all devices are compliant, and that security gaps can be rectified. Fast.
Control rogue devices
Real-time vigilance, identifying devices taking action based on the threat level and providing the ability to remove from the network if required
Leverage existing systems
Organisations have a surprising number of existing systems. Threat Auditor can dynamically interrogate and cross-reference key facts in order to take decisions.
Realise benefits quickly
Build powerful rules that exploit the probe-less, agentless, interaction with your infrastructure. This means quick deployment and low cost of ownership.
Installed as a web application, Threat Auditor is easy to use and maintain, and makes efficient use of server resources
Threat Auditor requires Security Auditor and provides the rules and automated processing facilities.Where required, Rebasoft has a solution for resilient operations based upon an optional Rebasoft hardware appliance. This ensures that organizations that require 24x7x365 operations can rely on Threat Auditor.
Please consult the system requirements for each of the individual components to ensure optimum performance.
Rebasoft’s Threat Auditor is a solution designed to improve IT security operations. Threat Auditor allows you to automatically make decisions and take action based upon rules to meet your organisations’ security needs.Organisations deploy multiple security control systems, but no single tool can do everything, which is why Threat Auditor is so useful.
Threat Auditor is a flexible system that can take information from a wide variety of systems and take decisions based upon what it finds, enabling organisations to link multiple systems together to improve security.
Continuous risk assessment 24×7 automated monitoring and assessment of all devices as they connect to your infrastructure; providing confidence that you are in control even when things change.
What can I use Threat Auditor to do?
Rebasoft’s Threat Auditor helps automate multiple facets of IT security operational processes:
- Using information discovered by Security Auditor, decisions and actions can be automated based on predefined rules
- Ensure continuous compliance based upon risk classification vs current behaviour
- Link and cross-reference against reliable information sources
- Provide policy compliance for BYOD initiatives
- Improve security by identifying and managing rogue devices
- Ensure relevant devices have sufficient security controls (eg DLP)
- Combat Malware by identifying potential zero-day threats
- Issue active commands to the infrastructure if devices are non-compliant
- Identification and alerting to unusual / unauthorised
- types of traffic from particular types of devices
How does it work?
Threat Auditor builds on the capabilities of Security Auditor. It allows organisations to build sophisticated policies by setting rules that are enacted when certain events occur on the infrastructure, for example:
- A new device seen on the network
- A device sends non-standard traffic
- A time-of day event
- An infrastructure change
These “triggers” provide a cue for a policy to be processed, as well as providing some dynamic information upon which the rule can base a decision.
The sample flow chart (to the right) shows a typical example:
- A new device is detected
- Can the device be classified by the
data already in Security Auditor
- If not, Threat Auditor can request
information (for example from an
- Once a device has been classified an organisation might want to check that it is authorised in that part of the network. This data can be a simply derived as a dynamic look up in Active Directory
- If the device is unauthorised, based on its classification, a number of actions and options might be taken:
- Remove the device by shutting the port down
- Signalling an Access Control system to take action
- Or simply log the event – either internally or to a SIEM
While a particular policy might handle a new device, similar policies can keep a continuous check on existing devices to ensure that they remain classified and authorised as originally intended. Any change in a device (or indeed the nfrastructure) can trigger other policies to ensure any such changes are identified and automatically dealt with.
The key difference between Threat Auditor and other systems, is that discovery and classification is a continuous process. This means that once a device is discovered and classified, any changes are also picked up, meaning Threat Auditor can keep up-to-date, accurate risk and security profiles as the IT infrastructure changes over time.
Threat Auditor allows organisations to build flexible, powerful policies that will accommodate the needs of most organisations:
- Trigger policies when devices connect to the infrastructure
- Use policies to react when device traffic profiles are breached
- Detect and manage network edge change events
- Make decisions based on IP, device, location and more
- Actions include dynamic Active directory or external asset system lookupsv
- Use policies for housekeeping tasks (detect when new devices or locations are added)v
- Use policies to send emails, alerts to a SIEM or if required “Bounce” (set an interface to an admin status of down for a configurable time period – eg 30 minutes – and then reenable)
- Resilient running mode – never miss a traffic flow or device connection