Change Guardian is a privileged user activity and change monitoring solution that helps IT security professionals detect and respond to potential threats in real time through intelligent alerting of unauthorized access and changes to critical files, systems, and applications. The alerts contain highly enriched security information that includes the detail necessary to identify threat and record change-specifics such as who performed the action, what action was performed, when the action was taken, and where the action was taken-in addition to whether or not the action was authorized. The information associated with these actions is presented in simple and clear terms, eliminating the need for expertise in various event types, while dramatically reducing the time and complexity required for identifying and responding to suspicious activity.

Unmanaged change is a leading cause of security breaches and unauthorized user activity is one of the early indications of a targeted attack. With Change Guardian, you can proactively identify and respond to unmanaged changes that could lead to security breaches or failed audits, and identify potential breaches in real-time by monitoring privileged user activity across the enterprise.

Change Guardian helps security teams protect against sensitive data loss and compliance gaps across environments composed of multiple servers, operating systems, devices and platforms including Microsoft Windows, On Premises Microsoft Active Directory, Azure Active Directory, UNIX and Linux.

• Real-time change monitoring
• Identifies and reports on changes to critical files, platforms, and systems to help prevent breaches and ensure policy compliance
• Monitors all changes: Where the change was made, who made the change, when the change was made, what change was made, and whether or not the change was authorized - all through a defined control process, enabling verification and audit
• Provides real-time alerts on unauthorized changes, enabling the fastest response so you can investigate why the change process was circumvented
• Validates and enforces change control processes, identifying authorized changes versus unauthorized changes that may indicate how, when and who is circumventing change controls
• Compiles critical change information from across the organization, eliminating the need to aggregate change events for regulatory compliance and incident investigation
• Captures before-and-after values for objects, drilling down to detailed change reports showing diffs and deltas; investigators can quickly identify anomalies
• Privileged user activity monitoring
• Audits and monitors the activities of privileged users, such as On Premise Active Directory administrators, and Azure Active Directory to reduce the risk of insider attacks
• Provides a detailed audit trail of privileged user activity across your Windows, On Premises Microsoft Active Directory, Azure Active Directory, and UNIX/Linux environments to evidence compliance
• Delivers real-time alerting on suspicious behavior to provide immediate visibility to changes that could lead to a breach, integrating with SIEM solutions to enable event correlation with other activity detected on monitored systems, significantly reducing the risk of an undetected breach
• File integrity monitoring- a requirement of the Payment Card Industry Data Security Standard (PCI DSS) version 2.0
• Helps to meet PCI DSS Requirement 11 by identifying, reporting, and alerting on access and changes to critical content and sensitive Windows systems and files
• Helps to meet PCI DSS Requirement 10 by ensuring audit trails remain secure by alerting on changes to log files
• Alert triage and visualization
• Compliance and best practices attainment
• Comprehensive change reporting helps to demonstrate compliance with internal policies and regulatory requirements and facilitates improved root-cause analysis and troubleshooting
• Delivers the reporting tools necessary to clearly demonstrate compliance to internal and external auditors
• Helps satisfy compliance mandates by demonstrating the ability to monitor access to critical files and data
• Configurable to run in a FIPS environment

For the most recent information about system requirements, see the Change Guardian Technical Info page on the Change Guardian Support Web site (requires login).

Change Guardian comprises the following components:

• Change Guardian server - installed on a computer with a Linux operating system
• Change Guardian Policy Editor - downloaded from the Change Guardian Web UI and installed on a computer running a Windows operating system
• Change Guardian Windows Agent - downloaded from the Change Guardian Web UI and installed on computers running a Windows operating system
• (Conditional)UNIX Agent Manager - required only for Change Guardian for UNIX and installed on a computer running the Windows, Linux or Solaris operating system
• Security Agent for UNIX - required only for Change Guardian for UNIX and installed on computers running a Linux or UNIX system. You can install the Agent remotely by using either UAM or Change Guardian Agent Manager. Depending on your agent deployment requirements, you can decide whether you need to install UAM, Change Guardian Agent Manager, or both.

Downloading the Change Guardian Server

Change Guardian offers several server installation methods. Complete the following steps to download the Change Guardian server installation programs based on the appropriate appliance type for your environment.

1. Download the installation file for the appropriate installation type for your environment.

   Filename	Description
   cgserver-5.0.0.0-663.x86_64.tgz	Installs the Change Guardian server on a computer running the Linux operating system.
   change_guardian_server_5.0.0.0.x86_64-0.2193.0.preload.iso	Installs the base operating system on Bare Metal hardware or Hyper-V.
   change_guardian_server_5.0.0.0.x86_64-0.2193.0.ovf.tar.gz	Installs on Xen-enabled Linux systems or VMware ESX servers.

2. Follow the installation instructions in the Change Guardian User Guide on the Change Guardian Documentation Web site for the selected installation type.

Downloading the Change Guardian Policy Editor, Change Guardian Windows Agent and Security Agent for UNIX

Installers for the Change Guardian Policy Editor and the Change Guardian Agent can be downloaded from the Change Guardian Web UI after the Change Guardian server is installed. Follow the installation instructions in the Change Guardian User Guide on the Change Guardian Documentation Web site.

To install Security Agent for UNIX, follow the installation instructions in the Security Agent for UNIX Installation and Configuration Guide on the Security Agent for UNIX Documentation Web site.

1. Follow the link to download the installation file for the UNIX Agent Manager.

2. Follow the installation instructions in the Security Agent for UNIX Installation and Configuration Guide on the Security Agent for UNIX Installation and Configuration Guide Documentation Web site.

Installing Change Guardian

For complete installation instructions, see the Change Guardian User Guide on the Change Guardian Documentation Web site.

Before you install Change Guardian, be sure you obtain all of the following necessary licences:

• Change Guardian server license - Required for installing the Change Guardian server
• Change Guardian module license - Required for each module you want to install
• Novell Customer Center registration code - Required only if you install the Change Guardian server appliance and want access to upgrades.

For the list of known issues, see the Change Guardian Release Notes on the Change Guardian Documentation Web site.