With those core devices in place, the HawkEye G program is able to begin automatically protecting a network. However, to enable the automatic removal of malware as well as a deeper level of client inspection, sensors need to be installed on network clients. The sensors are all software based and installation is very easy from the main console.
They can be installed to individual users or to every device within a group. It's also possible to use the DNS records to have them automatically deployed. The current version of the HawkEye G sensors will work with any Windows-based operating system that is XP or newer. A version that works with Linux clients is in the works. Every client within the scope of our testing had a sensor installed.
The sensors enable much more control over a host client, as well as a better collection of information relating to the processes, registry files, .dlls and network connections being activated on a monitored system. It also allows HawkEye G to detect static threats that might exist within a client, but which have not reached out and tried to do anything malicious yet. The true helpfulness of the sensors comes into play once malware is detected. When that happens, the MD5 hash of the file is recorded and then every other system is scanned to see if the malware has spread.
The main interface of the HawkEye G control panel is laid out cleanly and is very easy to use. However, those who need a deeper understanding of how the system works and what it can do will require training, something that Hexis offers with every purchase.
There are four levels of administration available from the main interface. These levels can not be changed or modified by users, though they seem to cover almost every use case.
At the highest level is the operator, who has full control over the system, including installing or uninstalling programs on systems protected by HawkEye G, even undoing any automatic processes that the program mistakenly took while trying to protect the network. Even though the operator can do everything, their work is never invisible. Everything that an operator scans or changes is logged into the system and visible by other operators. In this way, any operator's erratic behavior which could indicate either that they are the victim of a permission elevating attack, or the fact that they may be going rogue, is easy to spot.
Next in the hierarchy are administrators, which allows full permission to make changes, but only as it relates to users and groups. Administrators can change passwords, add or delete users, and reinstate user credentials if they are locked out by HawkEye G.
Sign up for CIO Asia eNewsletters.