Effective log management enables you to know instantly when a pattern of events indicate an attack from the outside is in progress. It enables you to know when processes and systems are in trouble and when security policy is being violated by internal users. But what happens in that time between notification and the action to address the issue? In small and medium businesses there is frequently not 24/7/365 coverage of the network so often precious minutes and sometimes hours are lost as personnel are paged and respond.
In many cases the action is always the same -- if a service stops, restart it, if a process is running out of control, kill it and restart. If a user is trying to insert a USB against policy it is easy to simply disable the port. If a system is acting strangely and indicating it has been hijacked it is better to simply shut it down temporarily until personnel can be in place to analyze the problem. Often these responses can be automated to immediately minimize the risk.
EventTracker's powerful remediation capability allows you to run commands from the console on any remote system. In addition it enables you to store and run these actions on the local Windows system. EventTracker provides these remedial tasks and if there is a condition EventTracker does not cover you can create a custom action and deploy it on your systems. EventTracker provides remedial actions to:
- Disable USB
- Restart Service
- Restart System
- Shutdown System
- Stop Service
- Terminate Process
- Execute Custom Script
Automatic Remediation enables you to cover those condition when time is so critical it is better to take action first and analyze later.
