BENEFITS FOR BUSINESS
Ability to run global infrastructure checks for any Indicators of Compromise on demand and at no significant costs.
Ability to have full control over the state of the entire network and stations.
Lowering costs on expensive industrial solutions by means of selecting only the required module features.
TI.Sensors platform was designed to ensure security of workstations, servers and mobile devices
Security threat detection
Agent device registry
Managing security resources
1. The endpoint device management server is implemented to the client’s infrastructure. A Software Agent is installed to each workstations.
2. When working with the server manager, the operator has access to information directory regarding all workstations.
3. The operator manages the Software Agents:
- grouping the Agents;
- performing necessary tasks on the Agents;
- performing Agent updates;
- managing Agent feature modules.
4. The control server transmits to Agents their respective commands and tasks.
5. The Agents run tasks and send the results of their completion to the Control Server. Prior sending, all results are stored on encrypted reserves.
6. The server analyses the received results and creates notifications in accordance with the rules set forth by the operator.
7. With the use of developed API the operator may export the task execution results for use in other systems.
The TI.Sensors platform allows for dynamic management of functionality modules, which are set up at every work-station, and the delivery of in-house modules (developed by clients specialists) to the Agents.
The modules allow for execution of the following major tasks:Inventory. This module is intended for gathering information about remote Agents and their environments (installed software, network interfaces, operating system and so on).
Searching for Indicators of Compromise. This module is used to run remote searches for Indicators of Compromise within files, processors and Windows registry using hashing algorithms and YARA rules.
WinAPI monitoring. This module is employed to monitor Windows API functions and may be used to detect possible infection of the endpoint device.
File system object modification monitoring. The module provides the possibility to monitor all changes to the objects within the file system (copying, deletion, modification, creation).
Network connection monitoring. The module facilitates monitoring of all possible network connections with enriched information about any given connection.
Process monitoring. This module helps monitor all processes launched within the system, with additional information detailing the initiator of the process, the files being executed, etc.
Monitoring registry modifications. The module allows for monitoring of any changes to the registry entries, providing further information regarding the changes.