Gytpol: How do we compare with other tools?
In recent years, any organization will tell you how important it is to protect your environment from cyber attacks and how hard it is to protect your environment from detection to remediation, with zero impact.
Most organizations have been hacked due to misconfigurations in their environment. Misconfigurations can be a result of default settings, human errors, and legacy applications.
Many organizations will run an open source tool like PingCastle. This tool scans the environment and shows you where the weaknesses are on the dashboard of your Domain Controller (DC). Attackers, though, are not only looking for the DC, they will also try to exploit SQL servers with exposed Connection Strings or workstations with obsolete software.
In cases like these, Gytpol can gather information that updates frequently and allows you to detect in all your environments. For example, if there are any servers with outdated Log4J or an old version of Chrome browser, Gytpol can identify those.
Some organizations use AV/EDR like FireEye or Trend Micro. With these products, you can protect your clients by detecting viruses and other malware that are widely-known. There are products that will also allow you to investigate the alert, quarantine, block or allow.
If you have some kind of misconfiguration in your environment, and the Local Admins of your workstations are disorganized these AV/EDR tools will not help. The AV/EDR tools do not detect and prevent usage of Local Admins. They may prevent you from installing viruses, but they will not prevent you from uninstalling AV if it is not password protected or from extracting information.
In regards to this, Gytpol gives you a full list of local admins that have been used in the last 90 Days and also which kind of login it created. This way you can first clean up by muting well-known admins and start cleaning admins that are not in use. If you have a policy against local admins, any admins discovered by Gytpol should be investigated further.
The final tool that organizations use is an automation tool like CHEF and Puppet. The goal of these tools is to automate infrastructure as a code. This tool helps you create compliance settings on a high-level, but someone will need to write and test it, which is very time consuming and costs a lot of money. It also creates the possibility of human error. On the other hand, Gytpol provides an automated tool with the option of testing and reverting with zero impact.