CimTrak for Integrated Ticketing

CimTrak Workflow & Ticketing

Identifying Malicious Activity in Real-Time is Accomplished
by Managing the Change Control Process

CimTrak for Ticketing

Expected and authorized changes to a system, such as OS updates, application patches, or any other scheduled software change, adds to change noise and can lead to endless amounts of alerts and false positives when monitoring for integrity drift. Without an integrated ticketing and workflow process to manage the good and expected change, bad change can never be pinpointed in a timely manner regardless of any use or implementation of a file integrity monitoring tool. 

Master Repository (3)

The CimTrak Ticketing Module enables users to plan for and promote good changes to their baseline in an automated process. In doing so, IT professionals can immediately differentiate and identify unknown change(s) which present themselves in the form of either malicious activity or circumvented process.

Benefits of Using CimTrak's
Workflow & Ticketing Module

CimTrak has continually brought file integrity monitoring innovations to market. What makes CimTrak different from other FIM solutions?

CimTrak's integrity management approach provides a comprehensive solution to exceed just simple change detection in the case of FIM by using a closed-loop workflow that detects changes in real-time - determining if those changes are good or bad. 

  • Simple to install, configure, and use

  • Extensive training is not required

  • Seamlessly output all major SIEM solutions

  • VirusTotal integration to easily determine if changes are a threat

  • Integrated ticketing capability allows changes to be planned and classified

  • Trusted File Registry™ allows users to automatically promote known vendor patches/updates, greatly reducing false positives
  • No costly professional services needed to deploy a solution

Track Changes to All Systems

CimTrak Ticketing can be used to plan on any change and allows for notes and approvals for reconciliation and curation. The CimTrak Ticketing module is also the integration point with vendors to ensure that tickets are not duplicated and a closed-loop process of all change management is consistently adhered to.

Actions by a Threat Actor

A few examples of how traditional security tools would not detect or identify a problem resulting from malicious change(s) without an integrated workflow and ticketing system in place:

1. The threat actor is assigned a ticket in the ticketing tool or ITSM.

2. The threat actor sees the requested change and instead makes a different malicious change. 

3. The threat actor comments in the ticket "The job is all done!" fooling his team that the expected change was completed. 

4. The threat actor closes the ticket and nobody ever looks at it again—trusting him.

Impact

When the threat actor made the malicious changes, the ticketing or ITSM tool did not detect the change as they are not monitoring tools nor do they provide forensic details of what happened to the system. 

When the threat actor commented and closed the ticket, he made it seem as if the change was done when it truly was not, but there was no information to prove otherwise.

Try the most powerful file integrity monitoring solution.

Discover why companies like Zoom, NASA and US Air Force prevent cyberattacks with CimTrak.

Request a Customized Demo
Download Technical Summary
 
nasa|zoom|usaf