How CimTrak Monitors Your IT Environment For Changes
The Building Blocks of a Secure System
CimTrak consists of four integrated software components: The CimTrak Master Repository, CimTrak Management Console, CimTrak Agent and CimTrak modules. Each component operates as an autonomous unit, yet work in tandem to provide superior protection of your critical IT assets.
CimTrak Master Repository
The CimTrak Master Repository is the principal component of the CimTrak system. It is where digital signatures are stored, authoritative and authenticated copies of protected objects are maintained, and communication between the other CimTrak components is performed.
A complete revision history is kept on the CimTrak Master Repository allowing you to roll back to any pervious version of a file with a simple click of a mouse.
CimTrak Management Console
The CimTrak Management Console or “Client” is your administrative window into the inner workings of CimTrak and your IT environment. The Management Console is used to configure monitoring policies and alerts, analyze events, and produce reports. Through the Management Console, you can:
- Create the policies to determine which directories and/or files to monitor and protect, and define what actions will be taken when a change occurs.
- View forensic detail on changes including what was changed, what process made the change and who made the change.
- Review extensive reports detailing any and all authorized and unauthorized changes on your IT assets as well as any corrective actions automatically taken by CimTrak.
- Forensically study quarantined malicious code captured by CimTrak that passed by your firewall, IDS or anti-virus software.
- View various system performance criteria such as CPU utilization, memory utilization, storage statistics, and other system health information for systems monitoring by CimTrak.
The CimTrak Agent is the watchdog of your systems. Its sole objective is to capture and address any event that occurs to any object that is being protected. Each component being protected has an Agent installed, which in turn communicates through an authenticated and encrypted layer, with the CimTrak Master Repository.
The CimTrak agent can monitor a wide variety of compenents in your IT infrastructure including servers, workstations/desktops, network devices, and even SCADA systems.
Various "plug-in" modules exist for the CimTrak Agent which extend its capability and allows it to perform specialized monitoring. Examples are monitoring database schemas, Active Directory/LDAP settings, and VMware ESXi host configuration settings for changes that can compromise IT security, and even lead to a data breach.