Discovering Important Changes With UpGuard's Real Time Forwarder

By UpGuard on April 19, 2017

Filed under: process, change management, RTF

A funny thing that’s happened as the digitization of business has sped up in the last ten years is that process cadence has not done well in keeping up. Regulatory compliance standards often use quarters, or even years, as audit intervals, and in unregulated industries that interval can be yet longer. But in the data center, changes happen all the time, changing the risk profile of the business along with it. Determining which changes are the root cause of a problem can be the difference between fixing it and having it happen again.

For this reason, UpGuard has introduced the Real Time Forwarder (RTF), a way to capture detailed information about every change as it happens, not just during scan intervals. This means that nothing flies under the radar. Now, root cause can be exactly determined during troubleshooting and change audits are always comprehensive.

It’s not just about files, either. Traditional File Integrity Monitoring (FIM) solutions omit the larger state of an asset, focusing instead simply on which files change, without any actionable context or method by which to assess importance. Our approach is Total Integrity Monitoring, which monitors changes in an asset the same way an administrator would manually look at it. By considering users, groups, the registry, packages, services, network configurations, open ports and more, all in addition to files, UpGuard monitors the integrity of the entire asset.

In addition to detecting changes in real time, the Real Time Forwarder records who made the changes. This helps eliminate finger pointing stalemates between IT teams and assists in detecting rogue accounts and unauthorized users during the forensic process.

The Real Time Forwarder operates in the cadence of the modern datacenter: real time. But there’s still a problem. A real time process cadence collects a lot of data. More than people can reasonably be expected to process effectively. We at UpGuard agree, and that’s why our cyber resilience platform automates that process and visualizes only those changes that are important. How an organization defines what is important is up to them: custom policies built from existing known good states, regulatory compliance standards such as PCI, or security benchmarks like the Center for Internet Security (CIS) critical security controls. What’s key is that the noise is removed so people can focus on the signal.

UpGuard RTF Screen

We’ve always surfaced important changes detected in the intervals between scans, usually daily. The RTF lets us close the gap between those scans and provide even more useful information, so that when an important change is detected, IT teams can quickly understand and resolve the incident. At UpGuard, we talk a lot about visibility and trust, and the RTF helps us accomplish those goals by providing visibility into changes at the most granular level so that organizations can better trust the technology on which they rely.