Endpoint Security Management Solutions from Clear Blue Security

Clear Blue Security™ is an endpoint security monitoring and remediation service that helps solve any problems it detects. It is designed to support server, workstation, desktop and laptop endpoints running Windows operating systems.

Clear Blue Security™ is divided into two main areas of activity.

A network of patent-pending, intelligent software agents distributed to all Windows endpoints on your network that constantly will monitor the endpoints and report back to the Security Center.

The Security Center – a secure repository maintained by Clear Blue Security™ containing security information from your network accessed via a standard browser interface. It is delivered as a Software-as-a-Service system, which minimizes the amount of software installed and the need for downloadable patches and upgrades.

Clear Blue Security™ does not require any inbound ports open in your network. It blends comprehensive security with a unique web-based ease-of-use experience for the administrator. The architecture is designed for maximum security. The Clear Blue Agent Master performs all communication back to the central server, using SSL encryption to protect against “man-in-the-middle” attacks as well as attacks from third-party applications on the Clear Blue Agents.

The Agents monitor 7 separate security areas and the result can be interpreted and displayed in the Security Center:

• Malware Protection - Is antivirus and other security software installed, up to date, and working properly on all your endpoints?
• Updates & Patches - Are all critical security updates and patches installed, ensuring at least Microsoft's minimum protection?
• Security Practices - Are all your endpoints configured and used in accordance with best practices for IT security?
• Suspicious Traffic - Is there any abnormal traffic on your network that could indicate an attempt to access or manipulate your endpoints?
• Unapproved Software - Are all software applications installed on your network endpoints approved by your company’s security policy?
• Intrusion Vulnerability - Are there any open ports or other undesired access points that could put your endpoints at risk of intrusion?
• Clear Blue Agents - Are all the Clear Blue Agents installed and doing their jobs across your network?

• The Clear Blue Agent Command Center - Installed on an existing server of your choosing. The program must be downloaded and installed. It is used to deploy or un-deploy agents in your network.
• The Clear Blue Master Agent - Installed on same server as the Clear Blue Agent Command Center. The Clear Blue Master Agent is installed as a Windows Service and acts as a proxy to collect and consolidate data from Clear Blue Security Agents (see below for definition) and forwards information to the Clear Blue Security Center.
• The Clear Blue Security Agents - Installed on the machines to be monitored. Installed as a Windows service which monitors and reports system information to the Clear Blue Security Center. If the computer is on your company network, the Clear Blue Security Agent will report through the Clear Blue Master Agent. Otherwise it will report directly to the Clear Blue Security Center.

The footprint of the installed items is minimal in terms of RAM usage, hard disk usage and network traffic.

Clear Blue Security™ supports the following operating systems:

Workstations

• MS Windows XP Pro with SP2 or later
• MS Windows Vista

Servers

• MS Windows Server 2003 Standard Edition
• MS Windows Server 2003 Enterprise Edition
• MS Windows Server 2003 Web Edition
• MS Windows Small Business Server 2003

Clear Blue Security Center

Runs in any of the following browsers:

• MS Internet Explorer 7 and above with JavaScript and Cookies enabled
• Mozilla Firefox 2 and above with JavaScript and Cookies enabled

No.  Clear Blue Security™ uses the existing operating system to assist in gathering network and endpoint information.  It is also capable of working with other installed software applications to perform its tasks. Clear Blue Security™ can be thought of as performing ‘read-only’ activities in your network and reporting information via the Clear Blue Security™ Security Center user interface.

The security status of the 7 security areas will be displayed in the Security Center. These will light up in either green, yellow or red as soon as the Clear Blue Agents report back to the Security Center, indicating that Clear Blue Security™ is now working. This will usually happen within 15 minutes after initial installation.

Furthermore you will receive email notifications with alerts. This also indicates that the system is working. 

Installation is usually a straightforward process. The online guide will guide you through the whole process. But recognizing that all networks have their own subtleties, a troubleshooting guide is provided in the Command Center. And furthermore the Clear Blue Security Support Department will be happy to help you with any questions you may encounter.

Clear Blue Security™ stores information about each endpoint being monitored in your network.  As each endpoint sends its respective status, Clear Blue Security™ stores and then aggregates this information for display in the Security Center.  Each domain requires unique information to be stored. Endpoints are identified by Clear Blue Security™ by their IP address, domain name and endpoint name.

NOTE: MAC addresses are not stored by Clear Blue Security™. User information is not stored by Clear Blue Security™.

Information reported to Clear Blue Security™ by installed agents is stored in Clear Blue Security™ databases located at one of our top tier, state-of-the-art secure data center. Our data centers include: redundant power/HVAC/UPS, biometric scanners at entrances, card readers at entrances and doors and 24X7X365 on-site security. The data sent from the network being monitored is encrypted before being transmitted to CBS.

Yes. The Command Center application can be used to add additional endpoints in the network to be monitored.  Once endpoints are added, they will begin reporting status and this information will be available through the Security Center browser interface.

Yes. Clear Blue Security™ installs a small application on each endpoint monitored.  In addition, a single master or proxy agent is installed per network domain.  Each endpoint forwards information to the master agent, which in turn forwards information to the Clear Blue Security™ Knowledge Center database inside Clear Blue’s data centers. If a endpoint (such as a laptop on the road) cannot communicate with the master agent for its domain, it is capable of forwarding information directly to the Clear Blue Knowledge Center.  This allows administrators to received information for all endpoints continuously.

Clear Blue Security™ leverages and uses existing tool and applications currently installed in the network, allowing these tools to do what they do best. Clear Blue Security™ does not attempt to replace these applications but rather provide information about these tools in a single browser-based console view of the entire network.  In addition, Clear Blue Security™ provides proactive reporting of security issues discovered, drill down capabilities to obtain network and domain details, recommended solutions for corrective actions and report generation to document network status.

Simply put, a secure network today is not a secure network tomorrow (7 greens today does not guarantee 7 greens tomorrow).  Network and environment changes such as new systems, external systems (laptops), firewall changes (known and unknown), new software application installations, rogue employees continue to occur.  New security alerts from vendors, patches, software updates, viruses, malware, new IDS type and attempts, and other threats are a constantly changing situation.

Clear Blue Security™ monitors the network 24/7/365.  In addition, as new security threats are identified, Clear Blue Security™ updates its deployed agents to continually increase their security intelligence.  With Clear Blue Security™ staying up to date, so does your network. Clear Blue Security™ provides continuous peace of mind for monitoring and subsequent alerts.

The ‘Malware Protection’ domain checks to see if antivirus and other security software is  installed, up to date, and working properly on each endpoint monitored in the network.  This check occurs automatically every 30 minutes.  Alternatively, it can be manually executed from the Security Center interface at any time for all monitored endpoints.

The ‘Updates & Patches’ domain determines if all critical security updates and patches are installed, ensuring at least Microsoft's minimum protection standard.  This check occurs automatically each day at 12PM (local time to each endpoint monitored).  If a endpoint is not running at 12PM, the check will run when the endpoint is started.  This check can also be manually executed from the Security Center interface at any time for all monitored endpoints.

The ‘Suspicious Traffic’ domain determines if there any abnormal traffic on your network that could indicate an attempt to access or manipulate your endpoints? This check is performed continuously via a locally running process.

The ‘Security Practice’ domain determines if all monitored endpoints are configured and operating in accordance with best practices for IT security? This check occurs automatically every hour. Alternatively, it can be manually executed from the Security Center interface at any time for all monitored endpoints.

The ‘Unapproved Software’ domain supports the creation of approved and unapproved software application checklists and determines if any software not approved by company policy is installed in your network. This check is occurs automatically once a day.

The ‘Intrusion Vulnerability’ domain determines if there any open ports or other undesired access points on a endpoint directly accessible from the internet (externally) that could put your endpoints at risk of intrusion? This check occurs automatically once a day.

The ‘Clear Blue Agents’ domain assures that all the Clear Blue Agents installed in the network are operating appropriately.  Clear Blue Agents send a message to the Clear Blue data center servers every 5 minutes to provide an ‘I’m alive’ status.

You can obtain Clear Blue Security™ through a variety of sources:

• You can download directly from Clear Blue Security™.
• If you have outsourced your IT services or do not have the resources available within your existing organization, you might want to subscribe to the Clear Blue Security™ service through one of our authorized partners. Please contact us to find your nearest reseller.
• If your local IT service partner is not yet an Authorized Clear Blue Security™ partner, you can ask him to sign on to our partnership program.