Configuration Change Management
One of the important aspects of maintaining a computer system is have control of the computers in the network and how they are configured. Without an alerting mechanism for the addition of devices on the network, the number of unmanaged computers could increase uncontrollably. Secondary to knowing that the computers are on the network is the control of their configuration.
Lockheed Martin's Industrial Defender ASM
Industrial Defender ASM provides a base level of Windows monitoring through the monitoring of Windows event logs, and also extends this to monitoring registry changes, file changes, process changes and socket changes.
Detecting changes in the normal behavior of a computer is a strong indication that there is a potential threat. For example, a process that has never communicated over the network is starting to do so indicates the potential for a hacker running malicious code.
After computer nodes have been added, the nodes appear in the ASM. Initially, the new nodes appear as Newly Discovered Devices. Once the nodes have been approved and promoted, the asset information is retrieved from the nodes. The asset information on a node monitored for changes in the node.
With Industrial Defender Manage, the ASM also provides the ability to setup policies which can be used to check the level of compliance, and produce baseline compliance reports.