Here is a brief description of the essential functions that Sheriff CSM provides: -
Asset discovery is an essential security capability of Sheriff CSM. Sheriff CSM discovers assets in your environment, detects changes in assets, and discovers rogue assets in the network.
-
Asset discovery uses passive tools, such as passive operating system fingerprinting and passive service discovery. Asset discovery also utilizes active scanning, which can be scheduled to be performed periodically or can be performed manually.
-
Vulnerability assessment, which can be done in unauthenticated or authenticated modes, identifies vulnerabilities or compliance by comparing the installed software on assets with a database of known vulnerabilities. With authenticated scanning, and using an administrative user account, Sheriff CSM can scan the assets more effectively. Vulnerability scans can also be scheduled to be performed periodically or performed manually.
-
Intrusion detection monitors network traffic for malicious activity, monitors system log messages, and monitors user activity. Intrusion detection for Sheriff CSM consists of host-based intrusion detection (HIDS) and network-based intrusion detection (NIDS) components.
-
Behavioral monitoring provides visibility into traffic patterns and network flows ( NetFlow data), which are used to detect anomalies that might indicate security policy violations. Data used for behavioral monitoring and analysis is collected from network devices, flows based on mirrored traffic, and asset availability monitoring.
-
SIEM security intelligence combines and correlates collected logs and other data to find malicious patterns in network traffic and within host activity.