Unified Audit: Your Questions Answered
Table of Contents
After our recent “What is The Unified Audit” blog, we wanted to take a deeper dive into the technical aspects of ThreatLocker’s Unified Audit and asked our social media audience for their burning questions. In this blog, we address six of the frequently asked questions received to share the answers with you!
Can the Unified Audit Generate Reports for My Clients to Assist in Proving Various Compliances?
The Unified Audit can generate reports to assist in proving various IT compliances by collecting and recording data about system activities, such as user logins, file access, and network connections. This data can then be analyzed and used to demonstrate compliance with regulations or standards, such as HIPAA (Health Insurance Portability and Accountability), PCI-DSS, or SOX. Reports can be generated to show the specific actions taken by users and the system and can be used to identify any potential non-compliances.
How Can the Unified Audit Help in Showing Value on Quarterly Business Reviews?
The Unified Audit can help an MSP (Managed Services Provider) prove value to their clients during a quarterly business review by supplying detailed information on the performance and security of the client's IT systems. The audit can show which systems have been accessed, by whom, and when, as well as any security breaches that might have occurred. This information can be used to identify potential issues and demonstrate the proactive steps the MSP has taken to address them. Additionally, the audit can be used to show the overall health and performance of the client's IT systems and help identify areas for improvement. Overall, the Unified Audit can provide valuable insights into the performance and security of the client's IT systems, which can help the MSP demonstrate the value of their services.
What Kind of Information Can Be Found in the Unified Audit?
The ThreatLocker Unified Audit is a central location where all audited information is displayed.
Information about executables, scripts, and libraries are recorded in near real-time. The audit will show items that have been both permitted and blocked. Information about these actions is searchable in the Unified Audit, including:
- All executables, libraries, and script files that were cataloged on your devices during the initial baseline, excluding Windows Core Files
- All executables, libraries, and script files executed in your environment, and files installed since installing the ThreatLocker agent.
ThreatLocker Storage Control displays information about files that have been accessed, changed, moved or deleted on external storage, including USB drives, file shares, and the local drives where an explicit policy was created to monitor or control that folder.
ThreatLocker Network Control will display information about incoming and outgoing network connections to your endpoints, helping you create policies to allow you to have total control of your network traffic. It can also help to identify any potential rogue devices on your network.
Why Is the Unified Audit So Important?
It is important for IT professionals to have an audit of logs because they provide a record of system activity that can be used to identify and troubleshoot issues, as well as to detect and investigate security incidents. Logs can also be used to comply with regulatory requirements and demonstrate due diligence in a data breach or other security incident. Additionally, by regularly reviewing logs, IT professionals can identify patterns of behavior that may indicate a potential problem, such as a malfunctioning system or a security breach.
How Is the Audit Data Stored and Secured?
Every ThreatLocker partner's database records are unique to them. That database is on a server that is also secured with ThreatLocker. ThreatLocker has three data centers around the globe, with plans for a fourth in the works.
For more on Zero Trust cybersecurity, book a demo to see how ThreatLocker's endpoint security could be the perfect fit for your business.