Insight to Foresight


Your Solution for a Secure Network

Exero hardens and protects your security network in a number of different ways. No longer is it good enough to merely keep typical anti-virus software products up to date. In addition, security managers now must understand the baseline behaviors of all managed devices so that deviations from the norm are and dealt with before they escalate to a problem, outage, or worse – a breach.

Exero is a vital tool for protecting your network and maintaining compliance in regulated environments. The table below illustrates how the various features of Exero map directly to the functional areas contained within the current National Institute of Standards and Technology (NIST) “Framework for Improving Critical Infrastructure Cybersecurity”. The framework core as laid out by NIST contains the functional areas of identify, protect, detect, respond, recover.

FunctionExero Sample Features
Identify
(ID)

  • Inventories servers, workstations, IP and IOT devices

  • Reports network devices (such as cameras) using default mfg passwords

  • Collects installed software and firmware versions

  • Creates security risk reports (with score) and explanation of risks found

  • Prioritizes devices mapped to logical containers based upon their criticality and business value

  • Implements organizational communication through the setup of workflows and alerts to various stakeholders

  • Graphically displays topology illustrating device dependencies

Protect
(PR)

  • Enforces 2-factor authentication for remote access

  • Conducts backups (volume and/or file level) to your storage, Amazon Web Services (AWS), or our Exero cloud

  • Reports file share permissions of users to audit least privilege principle

  • Automates OS patch management and reports missing patches

  • Updates anti-virus and anti-malware signatures and reports out-of- compliance devices

Detect
(DE)

  • Periodically collects sensor health and contextual data (3 yrs default) to establish baselines

  • Learns the behavior of the critical infrastructure and dynamically re- establishes baselines and thresholds

  • Listens for Windows events, syslogs, emails, and SNMP traps

  • Reacts to incident alert thresholds which can be static or dynamic (alert when data collected is 2 deviations from the mean, for example)

  • Monitors the network for cybersecurity events and detects new devices (like rogue access points) placed on the network

Respond
(RS)

  • Sends emails, text messages, SNMP traps upon crossing a threshold

  • Features built-in escalation workflows to target the specific stakeholders as devices remain out-of-spec or in a distressed state

  • Allows for a consistent response to events with an established criteria

  • Provides information crucial to any forensic investigation

Recover
(RC)

  • Takes automated remediation steps such as restarting a process or shutting down a server or switched port

  • Restores files, volumes, and server images from cloud backup system

  • Allows for incorporation of lessons learned by adjusting thresholds or re- rolling baseline data