Here’s the scenario many organizations find themselves in: You started the journey to improve your cybersecurity practice. You learned the NIST Cybersecurity Framework, adopted the framework, adapted it to your organization, then rolled up your sleeves and went to work implementing the framework. Now you have added a few extra tools in your environment as part of your risk mitigation effort. You currently have an anti-malware agent, a data leak prevention agent, at host intrusion prevention agent, and the list goes on.
The problem is, these agents only work if they are healthy, so how do you monitor the health of your monitors?
The Guaranteed State module in Tachyon gives you the ability to monitor specific things on each of your devices, such as files, registry keys, services, and events. This type of interrogation lends itself well to being able to perform Application Health Monitoring with auto-remediation.
As an example, let’s look at Windows Defender Antivirus. This anti-malware solution has a few moving parts that we would need to monitor, including the version of the product itself, the definitions, and the service that is running.
In Guaranteed State, we deploy policies that contain rules—the rules tell the 1E Client what to look for on the device. As an example, we can set a rule that states the WinDefend service should be running and set to automatic startup. Because it’s inefficient to run a rule on a schedule if I am only checking the state of one service, we can tell the 1E Client when to run each rule based on something changing that is specific to that rule. That way, the rule only runs when it needs to—that being when the state of that service has changed from running to something else and needs to be rectified immediately. If the service state changes, the 1E Client runs the rule, and if the state of the service is not running, the rule can start the service.
Another great feature of Guaranteed State is that once policies are deployed to a device, the rules will run even when a device is disconnected from the corporate network. The 1E Client will continue to monitor the health of the application even when the user is working from anywhere. Devices in the environment are always sure to be correctly configured, as the rules will fix any issues found and will report the details the next time the device checks in with the switch.
The bottom line is this: All of the risk mitigation technology in the world does not help your environment stay safe if the agents are not healthy.
Learn more about Tachyon’s Guaranteed State module or speak to a 1E expert about your specific needs.