CimTrak

CimTrak
Developer(s) Cimcor
Stable release 2.0.6.3 / July 18, 2011; 7 months ago (2011-07-18)
Written in C, C++, Visual Basic, Lua
Operating system Cross-platform
Type File integrity monitoring
License Proprietary
Website www.cimtrak.com

CimTrak is a commercially available File integrity monitoring and regulatory compliance Auditing software solution. CimTrak assists in ensuring the availability and integrity of critical IT assets by instantly detecting the root-cause and responding immediately to any unexpected changes to the host operating system, applications, and network devices located on the IT infrastructure.[1] CimTrak works cross platform and is supported on multiple Windows, Linux, Unix, and Macintosh operating systems.[2]

Contents

Product Architecture[3]

CimTrak has multiple core components:[4]

Product Functionality[5]

CimTrak is capable of detecting additions, deletions and modifications to files and configurations on computer operating systems and components installed on the operating system. Upon initial configuration, CimTrak takes a snapshot of the files and configurations on the operating system. CimTrak uses these snapshots to create a cryptographic hash of the files and configurations and stores them securely in the CimTrak Master Repository as the known, good baseline. The CimTrak Agents are installed on operating systems containing data that is configured for monitoring or, in the case of the Network Device Agent, installed on systems that have a TCP/IP network connection to supported network devices. The CimTrak Agent detects when changes are made to monitored files and configurations by communicating with the Kernel and comparing changes to the known cryptographic hash associated with affected files or configurations. If the calculated cryptographic hash is different then the known baseline, CimTrak will initiate the user-configured corrective action defined in the CimTrak Object Group Policy. CimTrak will send internal and external event notifications using one or many of the following methods:

Change Detection

CimTrak provides insight into the IT infrastructure by instantly detecting changes that could compromise servers, networks, or sensitive customer data such as payment card information ([Payment Card Industry Data Security Standard|PCI]). CimTrak is the only file and configuration monitoring tool with the ability to provide instant change remediation options without requiring the integration of external applications. When a change is detected, CimTrak captures the change at the exact moment it occurs and provides a detailed audit trail of the incident, including:

Automated Remediation

CimTrak will report the automated response taken and, if configured, initiate remediation. Automated responses are known as Corrective Actions. Corrective actions include:

Corrective actions can be defined based on each type of change action (file/configuration addition, file/configuration change, file/configuration deletion). In addition to the automated remediation functionality, CimTrak has the capability to automatically launch different custom scripts based on the detected change type.

Change Monitoring

CimTrak File System Agents and Network Device Agents are capable of performing Change management functions by monitoring file and configurations based on the configured Object Group Watch Policies. Object Group Watch Policy capabilities vary by operating system.

File System Agent - Microsoft Windows Capabilities

File System Agent - Linux/Unix/Macintosh Capabilities

Network Device Agent - Supported Network Devices

Additional Monitoring Capabilities - Windows/Linux

CimTrak Plug-ins enhance the capabilities of CimTrak by adding additional monitoring capabilities. CimTrak Plug-ins are designed to attach to File System Agents, Network Device Agents, or both. Available Plug-ins include:

Application Security

CimTrak is constructed to follow software and communication security standards. CimTrak has multiple government and IT security product certifications. Information stored within CimTrak is secure from external modification or access. CimTrak's data-at-rest and data-in-transit are encrypted using the Cimcor Cryptographic Module, a FIPS 140-2 Level 2 certified cryptographic module. Certifications include:

The Federal Information Processing Standard (FIPS) Publication 140-2, FIPS PUB 140-2, is a U.S. government computer security standard used to accredit cryptographic modules. Level 1 indicates that the cryptographic module supports the lowest level of acceptable security. Security Level 1 allows the cryptographic module to be executed using a unevaluated operating system. Security Level 2 enhances the physical security mechanisms of Security Level 1 by adding the requirement for tamper-evidence and protection.[8]

The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. Common Criteria allows for the specification and verification of vendor claims relating to security functionality and assurance requirements. Verification of claims is performed using approved testing laboratories.[10] The Evaluation Assurance Level of EAL4 permits the developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs. Augmented with ALC_FLR.2 establishes and verifies the claim that the developer has established flaw remediation procedures that describe the tracking of security flaws, the identification of corrective actions, and the distribution of corrective action information to TOE users.[11]

Cimcor's flagship software CimTrak is the only File Integrity Monitoring tool on the Department of Defense Unified Capabilities Approved Products List.[12] This unique factor allows CimTrak to be the only File Integrity Monitoring product available for use within the Department of Defense boundaries.

Products contained on the United States Army Approved products list have been deemed acceptable for use within the boundaries of the United States Army.

Supported Operating System[3]

Compliance Objectives[13]

The CimTrak application can be used to facilitate the following compliance and security objectives:

CimTrak Master Repository

CimTrak Management Console

CimTrak File System/Network Device Agent

CimTrak Command Line Utility

CimTrak FTP Repository Interface

CimTrak Ping Utility

CimTrak Proxy Utility

CimTrak ODBC Driver

References

  1. ^ "Gain Control of IT Security, Compliance, and Continuity With CimTrak". PT Daya Cipta Mandiri Solusi. http://www.dayaciptamandiri.com/web/index.php/solutions/cimtrak/. Retrieved 2011-10-10. 
  2. ^ "CimTrak Benefits Summary: A Practical Look at a CimTrak Deployment". Executive Technology Club. http://www.technologyexecutivesclub.com/Articles/security/cimtraksum.php. Retrieved 2011-10-10. 
  3. ^ a b "CimTrak Integrity & Compliance Suite 2.0.6.3 Installation Guidance". Cimcor, Inc.. http://www.cimcor.com/downloads/CimTrak_For_Servers_Installation_Guide.pdf. Retrieved 2011-10-10. 
  4. ^ "How Cimtrak Monitors Your IT Environment for Changes". Cimcor, Inc.. http://www.cimcor.com/cimtrak/products/howitworks. Retrieved 2011-10-10. 
  5. ^ "CimTrak Integrity & Compliance Suite 2.0.6.3 Users Guidance". Cimcor, Inc.. http://www.cimcor.com/downloads/CimTrak_For_Servers_User_Guide.pdf. Retrieved 2011-10-10. 
  6. ^ "Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules". NIST. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1281. Retrieved 2011-10-07. 
  7. ^ "Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules". NIST. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1315. Retrieved 2011-10-07. 
  8. ^ "Security Requirements for Cryptographic Modules". NIST. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. Retrieved 2011-10-07. 
  9. ^ "Validated Product - CIMCOR CimTrak for Servers Version 2.0.6 (F)". NIAP. http://www.niap-ccevs.org/st/vid10303/. Retrieved 2011-10-07. 
  10. ^ "Common Criteria for Information Security Evaluation - Part 1: Introduction and general model". Common Criteria. http://www.niap-ccevs.org/cc-scheme/cc_docs/CCPART1V3.1R3.pdf. Retrieved 2011-10-07. 
  11. ^ "Common Methodology for Information Technology Security Evaluation CEM-2001/0015R Part 2: Evaluation Methodology". Common Criteria. http://www.commoncriteriaportal.org/files/supplements/alc_flrv11.pdf. Retrieved 2011-10-07. 
  12. ^ a b c "Defense Information Systems Agency Approved Products List Integrated Tracking System". DISA. https://aplits.disa.mil/processAPList.do. Retrieved 2011-10-07. 
  13. ^ "Solutions". Cimcor, Inc.. http://www.cimcor.com/cimtrak/solutions. Retrieved 2011-10-10. 
  14. ^ "PCI Compliance - File Integrity Monitoring (FIM) Software for 11.5 and More - CimTrak". Cimcor, Inc.. http://www.cimcor.com/cimtrak/compliance/pci. Retrieved 2011-10-10. 
  15. ^ "NERC-CIP Compliance". Cimcor, Inc.. http://www.cimcor.com/cimtrak/compliance/nerc. Retrieved 2011-10-10. 
  16. ^ "Government Compliance". Cimcor, Inc.. http://www.cimcor.com/cimtrak/government/compliance. Retrieved 2011-10-10. 
  17. ^ "Sarbanes-Oxley (SOX) Act Compliance". Cimcor, Inc.. http://www.cimcor.com/cimtrak/compliance/sox. Retrieved 2011-10-10. 
  18. ^ "HIPAA Comliance - CimTrak". Cimcor, Inc.. http://www.cimcor.com/cimtrak/compliance/hipaa. Retrieved 2011-10-10. 
  19. ^ "IT Integrity & Security". Cimcor, Inc.. http://www.cimcor.com/cimtrak/security. Retrieved 2011-10-10. 
  20. ^ "Ensure The Continuity of Your Critical IT Operations with CimTrak". Cimcor, Inc.. http://www.cimcor.com/cimtrak/continuity. Retrieved 2011-10-10. 
  21. ^ "File Integrity Monitoring (FIM) - CimTrak". Cimcor, Inc.. http://www.cimcor.com/cimtrak/fileintegritymonitoring. Retrieved 2011-10-10. 
  22. ^ "IT Change Control - CimTrak". Cimcor, Inc.. http://www.cimcor.com/cimtrak/changecontrol. Retrieved 2011-10-10. 
  23. ^ "Stop Website Attacks and Changes that Affect Your Sites Availability and Functionality". Cimcor, Inc.. http://www.cimcor.com/cimtrak/products/webdefender. Retrieved 2011-10-10. 

External Links