website-security

File & Data Integrity Monitoring

WebAlarm continuously monitors files and folders round the clock to detect any changes made to the monitored data. WebAlarm scans each file to check for its existence, integrity and access permissions.

WebAlarm will detect the following violation:

  • A monitored file or folder has been deleted
  • A new file or folder has been added to a monitored folder
  • The content of a monitored file has been altered
  • The access permissions of a monitored file or folder has been altered

Automatic Recovery

WebAlarm will automatically take immediate action upon detection of a data integrity violation event. This is a built-in feature of WebAlarm without requiring any additional scripting by the administrator. The available options for automatic recovery include:

  • Automatic full recovery of file content from backup
  • Automatic recovery by replacement with a standard template file
  • Automatic launching of third party or custom programs (such as any proprietary recovery program, anti-virus, etc)

Automatic Recovery From Backup
automaticrecovery1

Replacement with Default Template
tampered-tamplete

Custom Recoverycustomrecovery

Audit & Evidence

WebAlarm provides full audit logging on all the data violation and update events within its scope of monitored data. The information provided in the log includes:

  • Date and time of event
  • Type of event
  • Full pathname of violated file

Data violation alert

WebAlarm will issue alerts upon detection of any data integrity violation. The types of alerts include:

  • WebAlarm Console alerts
  • Network management console alerts, via SNMP
  • Email alerts
  • SMS

Data Update Management

WebAlarm allows continuous monitoring without interruption while some part of the data is being updated. WebAlarm provides two flexible methods for content owners to update the monitored data without trigger any false alarm.

  • Using Update Time Scheduler
    The WebAlarm Console can be used to set WebAlarm to update mode for a specified time period so that WebAlarm will learn any new changes within this allowed time period. The update mode can be triggered on-demand as and when required, or it can be scheduled.
  • Using Update Management Agent
    In deployment environments where staging servers or content management systems exist, the update method using WebAlarm’s Update Management Agent (UMA) is preferred. The UMA resides on the staging server, and will detect any new authorized changes on the staging server and will deliver the updates securely to the WebAlarm Agent in the live server. The live server will only accept authenticated updates from the UMA, without having any risk of time window exposure.

updatemanagementsystem
 

 

 

More Information on WebALARM

WebAlarm provides the benefits in the following areas:

  • Integrity and Accuracy – 24 x 7 non-stop monitoring and automatic recovery ensures that data is always accurate and has not been altered unknowingly.
  • Corporate Reputation – No more embarrassment and damage to corporate image and reputation due to website defacement.
  • Legal Issues – Avoid unnecessary legal disputes due to damaging web content, provocative public statements and altered product prices caused by website intrusion.
  • Peace Of Mind – No more hassle and late nights in responding to web defacements and data destruction. Reliable and hassle-free monitoring and recovery provide the confidence and peace of mind.
  • Lower Operational Costs – Automated monitoring and recovery lowers operational costs by reducing manual detection resources and recovery processes.

WebAlarm primarily consists of two major components as depicted below:

  • WebAlarm Agent (WAA)
  • WebAlarm Console (WAC)


waa-arch

WAA is either a Windows service or a UNIX background process that runs on the monitored server. It performs all the tasks of data monitoring, alerts and receovery.

WAC is an administration console for configuring the WAA. It provides a graphical interface for easy selection of files to be monitored, visual and audio alerts upon integrity violation events and easy viewing of audit logs.

In cases where comprehensive update management is required, two more components of WebAlarm will be required:

  • Update Management Agent (UMA)
  • Update Management Console (UMC)


waa-uma

AGENT (MONITORED SERVER)

  • Windows Server 2003, Server 2008, Server 2012
  • Red Hat Enterprise Linux 5 / CentOS 5 or newer on i686/x86_64
  • Ubuntu 10.04 or newer on i686/x86_64
  • Solaris 2.6, 7, 8, 9, 10 on SPARC (up to WebALARM 4.2.0 only)

UPDATE MANAGEMENT (STAGING SERVER)

  • Windows Server 2003, Server 2008, Server 2012
  • Red Hat Enterprise Linux 5 / CentOS 5 or newer on i686/x86_64
  • Ubuntu 10.04 or newer on i686/x86_64

CONSOLE

  • Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7, Server 2012, Windows 8