Auditing ServicesOne-off auditCyberSight's technologies are designed to put IT back under administrative control, to enforce corporate compliance and apply business standard and also to give you the power to fully realise and ultimately control your IT infrastructure.
Software is an asset and should be treated as if it were physical equipment. Just imagine the problems if members of staff brought in stolen equipment to use on your corporate network. Software piracy is no different. As companies are now liable for the content of their systems, software auditing is becoming a mandatory function in every organisation. Understanding your software usage, distribution, costs and exposure to piracy is paramount. CyberSight addresses software auditing as one of its 320 technologies used to enforce systems integrity
Some software licenses are now charged on a concurrent usage basis. Only by understanding real-time process usage can a technology accurately discover concurrent software usage. CyberSight can also cap software license usage by preventing over-licensed software from executing therefore enforcing your software licenses usage. Being able to tell the difference between legal software and pirated software is key in the detection of unauthorized applications on your systems. CyberSight can also detect software patches which are designed and used to avoid software license restrictions. CyberSight also reports on which software is installed but never used. Many corporations have site licenses for software that few people actually use. Cryptic Software Limited can come onsite and perform an audit typically within a day for 50 - 2000 machines. A comprehensive report of hardware, software and risk analysis will be performed including all 320 categories of threat. Please contact us for more details. Real-time auditingContinually control and audit staff behaviourSome employees do not spend all of their working hours working. Without watching over their shoulders all day, every day it is almost impossible to control what employees get up to during (and outside) working hours. There are many examples of ways in which staff can misuse company time and resources. These include:
It may not surprise you to know that IT departments, and system administrators in particular, can be the main culprits as they tend to know how to bend the rules and cover their tracks better. On most systems, however, each department can be as bad as the next because current management and security products are not capable of detecting this type of activity without locking the network down so much that it becomes almost unusable. Tools and methods that are available to "hackers" on the internet anywhere in the world are also available to employees inside a corporate network. The difference being that the employee doesn't have to worry about perimeter security like firewalls and content checkers. Screen grabbers, session loggers, snoopers and key loggers allow users to secretly watch as others work. This is either time (and resource) wasting or spying. Encryption packages allow users to hide files from prying eyes. These files could be anything, for example; personal letters, games, stolen confidential documents, hacking tools. Password grabbers, sniffers and crackers allow users to easily collect passwords as they travel around the network. This can even put your UNIX or Mainframe systems at risk if you use any terminal emulators, X emulators or even the telnet or ftp commands to connect to them. Web downloaders allow users to dowload complete web sites, or certain file types from a range of web sites. This can prevent anyone else from using the network by bringing it to a standstill. There are thousands of different types of tools readily available on the internet, magazine cover-disks or even from other office staff. There are also many documents available which explain methods of exploiting vulnerabilities in a system to gain access to secure areas through 'back doors' (holes in system security). These tools and methods can give any user the opportunity to waste enormous amounts of time and resources, or get up to many other less than desirable activities. Many companies have a corporate policy which specifies what employees are and aren't supposed to do with the IT system. But how do you currently check whether users have games, confidential documents, password databases, hacking tools, pornography, illegal software, or any other files on their system? At the moment the only way to check for this is to manually trawl through every directory on their PC and network drives and check that every file is what it appears to be! This is very labour intensive and time consuming, and may not turn up anything at all if the employee really does have something to hide. CyberSight™ enables you to monitor what goes on, on a user's computer without the user knowing. As well as the thousands of in-built threats, it's easy to add your own. If, for example, there is a confidential document which shouldn't be floating around the network, it is easy to add this to the detection database and instantly see whether it exists anywhere else on the system. There is even an option to delete the file as soon as it's found. CyberSight™ also makes it possible to monitor for changed executables, new installations, files that need patching, illegal software, in fact anything at all you want to search for. AND it gives you the ability to prevent 'intrusion' before it happens, unlike an intrusion detection system which will let you know as it happens. |
||
