Information system security is becoming an increasingly important concern for IT departments. Attackers have understood this and are increasingly exploiting the vulnerabilities of work environments, where doors are sometimes poorly closed, where the user, without wanting to, may lack vigilance,…
EUEM Interact’s solution, by analyzing the uses and behaviors of the users, by controlling the configuration of the workstations equipment, by detecting the connected peripherals,… Allows to contribute to the reinforcement of the security of the IS. All the data and events collected can also be fed into an SOC and thus complete its detection capacity.
In a few examples, we present you how the Interact Software solution allows IT departments and CISOs to simply :
- Verify that the IS security devices are active, and if necessary “reset” them ;
- Verify the conformity of the software installed on the workstation ;
- Ensure that the security tools are at the right level of protection ;
- Verify the level of patching of the workstation environment ;
- Analyze/detect the use of “shadowsIT” solutions ;
- Check that the users do not have administrator rights on their workstations ;
- Detect “abnormal” network flows ;
The following presentations give you an illustration of the capabilities of Interact Software. To know more about it, don’t hesitate to ask for a personalized demonstration.
Verify that IS security devices are active, and if necessary "reset" them
Workstation protection devices can sometimes be deactivated without the user really being aware of it. EUEM Interact’s solution allows you to detect the functioning or not of workstation security devices such as:
- the firewall ;
- the Windows update process (Windows Update);
- the antivirus and its signatures;
If necessary, Interact can automatically trigger the restart of the service concerned, with or without the user’s consent.
Detect the presence of unauthorized software installed on the workstation
The restrictions of software installation by the user himself are sometimes circumvented (certain “portable” software do not require administrator rights or the user “knows” the administrator password of the station).
The inventory capacity of the EUEM Interact solution allows to :
- detect the presence of “unauthorized” software installed on the workstations;
- detect a new process;
Interact also allows to :
- measure the real use of these software ;
- trigger actions to remove these installations;
Ensure that security tools are at the right level of protection
The level of anti-virus signature updates on workstations is often an indicator present in IT departments’ security dashboards. However, the reliability of this indicator is often questioned, as the calculation is based on the workstations inventoried and not only on the workstations “in use”. The EUEM Interact solution identifies active workstations for which the signatures are not up to date and allows corrective actions to be taken (forcing refreshment).
Check the patch level of the workstation environment
The good level of protection of the workstations is also ensured by the “security” patch updates delivered by the editor. The inventory and analysis capabilities of the EUEM Interact solution allow the detection of workstations affected by delays in updates. Upgrade actions can be prioritized according to the level of use of these workstations.
Analyze/detect the use of "shadowsIT" solutions
Many IT solutions are freely available from a simple browser. Some of these solutions can present risks in terms of IS security (file sharing for example, or software for accessing the Darknet – TPR, or access to unencrypted sites – http). It is often impossible to prohibit their use.
The EUEM Interact solution allows to detect the use of this type of solution and to carry out awareness actions or to deploy if necessary equivalent “corporate” solutions to the concerned users.
Check that the configuration of the workstation does not have any weaknesses
Several examples of situations can be highlighted by the EUEM Interact solution:
- users with an account with administrator rights;
- a workstation with an open, unlocked session and the user is no longer active;
- opening a session without applying an expected GPO ;