Pantek Solution

Pantek (Wazuh) Host IDS

The Truth About Disasters

Our solution gives us a big picture view of the state and activity of your hosts. Typical monitoring involves responding to disparate alerts for CPU usage, or disk usage, or a host down. With the big picture, we can more easily determine what the cause of these alerts may be. A DOS attack, exploit, or anomalous activity on your hosts may be the real reason for the loss of resources and business.

Host-based Intrusion Detection System (HIDS)

Our agent runs at a host-level, combining anomaly and signature based technologies to detect intrusions or software misuse, monitor user activities, assess system configuration and detect vulnerabilities. This lightweight agent is designed to perform a number of tasks with the objective of detecting threats and, when necessary, trigger

automatic responses. The agent core capabilities are: log and events data collection, file and registry keys integrity monitoring, inventory of running processes and installed applications, monitoring of open ports and network configuration, detection of rootkits or malware artifacts, configuration assessment and policy monitoring.

Regulatory Compliance & Security Management

Our PIDS server provides necessary security controls, required by standards such as PCI DSS, HIPAA, GDPR and others. The solution aggregates and analyzes data from multiple systems, mapping security alerts with compliance requirements.. These features, combined with

its scalability and multi-platform support help organizations meet technical compliance requirements. Our web user interface provides reports and dashboards that can help with this and other regulations (e.g. GPG13 or GDPR).

Security Information and Event Management

The PIDS server is used to collect, analyze and correlate data, with the ability to deliver threat detection, compliance management and incident response capabilities. The servers are in charge of analyzing the data received from the agents, processing events through decoders and rules, and using threat intelligence to look for wellknown IOCs (Indicators Of Compromise).

Security Analytics

PIDS is used to collect, aggregate, index and analyze security data, helping organizations detect intrusions, threats and behavioral anomalies. As cyber threats are becoming more sophisticated, real-time monitoring and security analysis are needed for fast threat detection and remediation.

Log Data Analysis

PIDS agents read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage. The PIDS rules help make you aware of application or system errors, misconfigurations, attempted and/or successful malicious activities, policy violations and a variety of other security and operational issues.

Vulnerability Detection

PIDS agents pull software inventory data and send this information to the server, where it is correlated with continuously updated CVE (Common Vulnerabilities and Exposure) databases, in order to identify well-known vulnerable software. Automated vulnerability assessment helps you find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal confidential data.

Configuration Assessment

PIDS monitors system and application configuration settings to ensure they are compliant with your security policies, standards and/or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured. Additionally, configuration checks can be customized, tailoring them to properly align with your organization. Alerts include recommendations for better configuration, references and mapping with regulatory compliance.

Intrusion Detection

The PIDS agent scans the monitored systems looking for malware, rootkits and suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.

File Integrity Monitoring

PIDS monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on. In addition, it natively identifies users and applications used to create or modify files.

Cloud Security

PIDS monitors system and application configuration settings to ensure they are compliant with your security policies, standards and/or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured. Additionally, configuration checks can be customized, tailoring them to properly align with your organization. Alerts include recommendations for better configuration, references and mapping with regulatory compliance.