StormAgent
Log and File Monitoring
Log Event Monitoring and File Integrity Monitoring for File and Application ServersStormAgent is a key part of the RandomStorm Integrated Network Security and Compliance Platform. Based on industry standard, open source Intrusion Detection technology StormAgent monitors access and changes to system and application log files and alerts network managers whenever unauthorised activity is detected.
Developed in line with the global PCI DSS security compliance requirement StormAgent is an advanced data integrity monitoring and modification detection solution, providing data and system integrity validation to Windows users and network administrators.
The ability to detect system wide changes is fundamental to enterprise network security and is a key requirement for PCI DSS compliance. StormAgent enables immediate detection of all changes to Windows systems, whether malicious, accidental or during new software installation. This includes all changes to the directory structure such as alternate data streams, registries, files security access permissions, services and the contents of files.
Detecting changes to the directory structure enables immediate identification of any unauthorised files including viruses, Trojans, malware and spyware ahead of traditional anti- virus tools.
Implemented together with RandomStorm’s range of WAN and WLAN vulnerability scanning tools StormAgent provides network managers with an in-depth security management platform accessed and controlled via a shared management dashboard.
Benefits
- Understand company and user network activity
- Meet compliance standards
- Monitor & detect data leakage attempts
- Protect corporate and customer data
- Part of integrated security management platform
- Automated monitoring, alerting and reporting
- Fully searchable log archives
- Event data encrypted and stored in existing SANs
Features
Compliance Requirements
StormAgent enables organisations to meet PCI DSS compliance requirements by monitoring all file changes and alerting on unauthorised file system modifications and malicious behaviour based on entries in the log files of commercial as well as custom applications.
Multi-Platform Support
StormAgent lets customers implement a comprehensive host based intrusion detection system with fine grained application/server specific policies across multiple platforms such as Linux, Solaris, AIX, HP-UX, BSD, Windows, Mac and VMware ESX.
Real-time and Configurable Alerts
StormAgent enables customers to configure specific alerts to help filter critical incidents from the regular system noise. The system includes SMTP, SMS and SYSLOG integration to enable alerts to be sent to a range of mobile devices via e- mail and SMS.
Integration with current infrastructure
StormAgent can be integrated with current with existing Security Incident and Event Management technologies enabling centralised reporting together with incident and event correlation.
Centralised Management
StormAgent provides a simplified centralised management server to manage policies across multiple operating systems. Additionally, it also lets customers define server specific overrides for finer grained policies.
Agent and Agentless Monitoring
StormAgent enables agent based and agentless monitoring of systems and networks providing a solution for deployments in restricted network environments to help meet security and compliance needs where software downloads may be prohibited.
Help Desk
RandomStorm operates a technical help desk which is available during normal office hours: Mon to Friday, 9am -5.30pm. Fault Response.
The help desk team aims to respond to support requests within 4 working hours. Hardware replacement is typically within 24 hours of the fault identification. For critical network environments RandomStorm recommends the purchase of an on- site stand-by server.
iStorm Appliance
RandomStorm’s StormAgent can be supplied as a dedicated network server in a 1U rack mounted format or as an upgrade to an existing iStorm vulnerability scanning appliance.