/
GYTPOL 2.0 User Guide

GYTPOL 2.0 User Guide

Introduction

Product

About GYTPOL

GYTPOL stands as a comprehensive and versatile cybersecurity solution meticulously engineered to safeguard and optimize your digital assets. Its robust functionality extends across various operating systems, encompassing Windows, Linux, and macOS. Whether your devices are desktops, laptops, servers, virtual or physical, domain or non-joined, GYTPOL seamlessly integrates to provide protection.

This solution automates a range of critical cybersecurity use cases:

  1. Continuous Detection of Misconfigurations: GYTPOL's automated system consistently identifies security misconfigurations stemming from operating systems, human errors, and third-party applications. It facilitates auto-remediation while ensuring zero adverse effects on your environment.

  2. Remediation and Auto-Remediation Actions: GYTPOL enables users to fix misconfigurations on endpoints and servers through Remediation Actions. These actions are defined based on parameters like OU, Domain, or specified computer groups, and are grouped into topics.

  3. Revert Remediation Actions: When necessary, GYTPOL can reverse previously executed remediation actions.

  4. Harden Devices: The product provides recommendations for enhancing device security configurations, helping you to further harden your systems.

  5. Policy Validation: GYTPOL validates that computer and user Group Policies are accurately applied to all endpoints. (Intune policy support is forthcoming.)

  6. Configuration Benchmarking: The solution benchmarks your configurations against recognized industry security standards such as CIS and NIST.

  7. Enhanced Active Directory and Group Policy Security: GYTPOL enhances the security of your Active Directory and Group Policy configurations.

  8. Optimized Group Policy Definitions: GYTPOL aids in optimizing Group Policy definitions, flagging issues like duplicated or conflicting GPOs.

  9. Startup and Login Time Optimization: GYTPOL identifies Group Policies that may contribute to sluggish computer startup and user login times.

  10. Intune Validation: GYTPOL assists organizations in ensuring that their Intune settings adhere to security best practices and are appropriately hardened. This includes validating conditional access, compliance, and configuration settings to ensure they meet expected standards.

In summary, GYTPOL streamlines security and optimization efforts across diverse environments, automating key processes to ensure robust cybersecurity.

Audience

This User Guide is primarily intended for individuals and teams responsible for implementing, managing, and maintaining the cyber security infrastructure within their organizations. It caters to both technical and non-technical users, providing clear instructions and explanations for all levels of expertise.

How to Use This User Guide

To help you navigate through this User Guide effectively, it is divided into various sections corresponding to different aspects of GYTPOL. Each section provides step-by-step instructions, best practices, and tips to maximize GYTPOLs potential.

Additionally, we have included screenshots and examples throughout the document to assist you in visualizing the interface and functionalities. Where applicable, we have also provided troubleshooting tips and frequently asked questions to address common concerns. The complete troubleshooting document is accessible both on our official knowledge base and through our dedicated support mailbox. If you encounter any challenges or require assistance, please refer to these resources for detailed guidance and solutions.

Contact Information

Should you have any questions, encounter difficulties, or require further assistance while using GYTPOL, please contact support@gytpol.com. Our dedicated support team is available to help you with any queries or concerns you may have.

We hope this User Guide serves as a valuable resource in understanding and leveraging GYTPOL to enhance your organization's security defenses.

Thank you for choosing GYTPOL, and we look forward to your success in safeguarding your digital assets.

How GYTPOL Validator works

The primary data flow process within GYTPOL Validator unfolds through the following sequential stages:

Tenant and License Activation:

The GYTPOL team will setup the SaaS infrastructure and the tenant. The relevant license, including device count and modules, will be allocated as per the agreed terms between the parties involved.

Sensor Deployment and Execution:

  • Deploy the GYTPOL Sensor on each endpoint/server device.

  • The GYTPOL Sensor executes once daily, at randomly chosen times, following a predefined sequence of actions.

  • The scanning process typically completes within 5-7 minutes.

Data Collection during Scan:

  • The GYTPOL Sensor collects data on misconfigurations and unpatched zero-day vulnerabilities during its scanning routine.

  • For Microsoft devices, it also gathers Group Policy data (Resultant Set of Policy - RSOP) and Intune data

Data Compression and Encryption:

  • Subsequent to data collection, the GYTPOL Sensor compresses and encrypts the gathered data.

Data Transmission Attempt:

  • The GYTPOL Sensor creates a connection with the GYTPOL Server to transmit the encrypted and compressed data.

  • The data transmission is conducted using port 443 for communication. This approach ensures that the encrypted and compressed data collected by the GYTPOL Sensor is securely transferred to the GYTPOL application, enhancing data privacy and protection during transit.

  • Once data is received from a GYTPOL Sensor, the GYTPOL application undertakes an analysis using our exclusive GYTPOL Analyzer. This Analyzer not only examines the data thoroughly but also stores the results in a designated database. To ensure data privacy and security, customers are segregated within the database. This proactive approach ensures that you are promptly informed about any possible security threats, helping to keep you well-informed about potential risks.

  • After the GYTPOL Sensor completes its scan and data is transmitted to the GYTPOL application, the IT and Security teams access the findings through the Web User Interface (UI). This interface is compatible with Chromium-based web browsers such as Google Chrome or the new Microsoft Edge.

  • The GYTPOL application is equipped with several integrations to enhance its functionality and facilitate seamless operations:

    • It interfaces with various public APIs to support data exchange and integration with external systems.

    • Integration with Ticketing Systems like ServiceNow is established, streamlining the process of generating and managing tickets based on GYTPOL's findings.

    • Notably, the GYTPOL Server also integrates with Security Information and Event Management (SIEM) systems. Selected events and data are sent from GYTPOL to SIEM platforms, such as MS Sentinel, or Splunk. This integration enhances the security ecosystem by aggregating GYTPOL's insights into the broader context of security events and monitoring.

Sensor Server Communication

The interaction between the Sensor and the server operates in a one-way manner: the Sensor initiates its task either on a daily or hourly basis (the Sensor's tasks are elaborated upon in the Sensor section). Following the task execution, the gathered data is transmitted to the GYTPOL server, where it undergoes analysis and subsequently appears in the user interface for review.

Should a GYTPOL operator execute a remediation action or any other task from the console, the Sensor conducts periodic checks for new tasks every hour through its hourly task execution. Upon initiating the task locally, the Sensor provides feedback to the server regarding the outcome, indicating either success or failure.

Sensor

GYTPOL provides support for Windows, Linux, and macOS operating systems. For a comprehensive overview of the supported platforms, please refer to the Sensor installation guide available at this link: GYTPOL Sensor Installation Guide

The GYTPOL Sensor operates on a daily basis for a brief duration. Within this operational window, it accumulates data related to misconfigurations, unattended zero-day vulnerabilities, and outdated third-party software. This information is collected during the run and subsequently processed for further analysis.

GYTPOL Sensor for Windows

Language-Code: GYTPOL is developed using a combination of C# and signed PowerShell.

Post-Install: Following installation, GYTPOL uses the Task Scheduler functionality for its scheduled tasks.

Permissions: The scheduled tasks within GYTPOL are configured to run under the SYSTEM account. This account type doesn't require a username and password for execution.

Size: The GYTPOL installation size is less than 5MB.

Network Traffic: GYTPOL generates network traffic of up to 30KB per day. The data is transmitted in compressed (gzip format) form.

Scheduled Runs:

  • GYTPOL executes its tasks on a daily basis with a duration of 5-7 minutes.

  • The timing of the daily task varies based on the type of device:

    • End-User Devices: Random execution time between 10 am and 5 pm.

    • Servers: Random execution time between 10 pm and 4 am.

  • Additionally, GYTPOL sends a "keep-alive" message every hour to ensure continued connectivity. This message also serves to retrieve new tasks for maintaining security posture, including tasks related to remediation, reversion, updates, and upgrades.

Communication Protocol: GYTPOL employs the latest Transport Layer Security (TLS) version supported by the device for secure communication. All communication occurs over HTTPS to ensure data privacy and integrity.

GYTPOL Sensor for Linux/macOS

Language-Code: GYTPOL is implemented using the Go programming language (Go-lang).

Post-Install:

  • On Linux, GYTPOL utilizes systemd for post-installation task management.

  • On macOS, GYTPOL employs launchd for post-installation tasks.

Permissions: GYTPOL runs with root user permissions, which provide the necessary access for its functionalities.

Size: The installation size of GYTPOL is less than 5MB.

Network Traffic: GYTPOL generates network traffic of up to 30KB per day, with data transmission in compressed (gzip format) form.

Scheduled Runs:

  • GYTPOL executes its tasks with a random start time and a duration of up to 5 minutes.

  • Additionally, GYTPOL sends a "keep-alive" message every hour to ensure continuous connectivity. This message also prompts the retrieval of new tasks to ensure up-to-date security measures, encompassing tasks related to remediation, reversion, updates, and upgrades.

Communication Protocol: GYTPOL employs the most recent Transport Layer Security (TLS) version supported by the device. All communication occurs over HTTPS, ensuring data confidentiality and integrity.

Product overview

This section provides a quick overview of the GYTPOL Validator key capabilities and provides references to sections covering these capabilities in detail.

User Interface

From an end user's viewpoint, GYTPOL Validator is a role-based web application that simplifies cybersecurity management. Here's a walkthrough of how users navigate the UI and some notable visual notations and instructions provided in the corresponding documentation section.

Navigation:

  • Users access GYTPOL through a role-based web interface tailored to their responsibilities.

  • The UI seamlessly guides users to different sections, tools, and insights.

Visual Notations:

  • Export: Look for options to export data, facilitating data sharing and analysis.

  • Refresh: A common icon to refresh or update displayed information in real time.

  • Know How: This symbol typically offers contextual help, guiding users on specific actions.

User Roles:

  • GYTPOL's UI adapts to user roles, displaying relevant features and data.

  • Different users interact with tools suited to their tasks, ensuring focused functionality.

Comprehensive Views:

The UI presents various dashboards and sections tailored for specific needs like Misconfigurations, AD and GPO maintenance and security, CIS compliance benchmarking and Intune.

Effortless Navigation:

  • GYTPOL's user-friendly design ensures intuitive navigation across functionalities.

  • Users can swiftly move between sections for effective management.

Consistent Experience:

Visual elements like buttons, icons, and labels maintain a consistent design, enhancing user familiarity.

Helpful Guidance:

In-app assistance guides users on performing specific tasks, maximizing usability.

By offering a role-based access interface with intuitive navigation and helpful notations, GYTPOL empowers users to efficiently manage their cybersecurity tasks.

Misconfigurations

Misconfiguration encompasses the mistakes made when setting up IT systems or security measures, which can result in vulnerabilities and potential security breaches. These errors often stem from insecure default settings, human oversights, incorrect application of Group Policy Objects (GPOs), and other factors.

Misconfigurations can manifest across various domains, including network devices, web applications, cloud services, servers and operating systems, encryption and key management, security tools, and access controls. To mitigate misconfigurations, it's essential to adhere to industry best practices. This entails conducting regular audits, implementing secure configuration settings, rigorously managing changes, and offering training and awareness initiatives.

GYTPOL provides a rapid solution to address misconfigurations, achieving this in a matter of minutes. For a comprehensive understanding of how to effectively manage misconfigurations, refer to the detailed guidance provided in the corresponding documentation section.

CIS/NIST and other Security Compliance Benchmarks

Industry benchmarks serve as comprehensive guidelines for configuring a range of software, operating systems, and devices. These benchmarks provide specific instructions to secure these systems against well-known vulnerabilities.

CIS 8 refers to the latest version of the CIS Controls, a prioritized list of actionable security measures designed by the Center for Internet Security. These controls encompass a diverse range of cybersecurity aspects, offering organizations a clear roadmap to enhance their cybersecurity practices. Additionally, CIS Level 1 and Level 2 benchmarks provide specific configuration guidelines to secure systems against common vulnerabilities, with Level 1 offering basic security measures and Level 2 offering more stringent requirements. The Security Technical Implementation Guide (STIG) provides further detailed guidance for securing systems and applications. The CIS Controls, along with these benchmarks, are updated regularly to address emerging threats and incorporate industry best practices. By adhering to these controls and benchmarks, organizations can establish a robust cybersecurity foundation and mitigate various cyber risks.

NIST 800-53 is a comprehensive collection of security controls and guidelines tailored for U.S. federal information systems. This publication furnishes organizations with a framework to evaluate and enhance the security of their systems, safeguarding sensitive information. Covering multiple security domains, NIST 800-53 holds widespread recognition as a cybersecurity standard. Its adoption extends beyond the U.S. federal government, gaining prominence in various sectors and organizations worldwide. Abiding by NIST 800-53 assists organizations in elevating their security posture and aligning their practices with established industry standards.

Cyber Essentials is a UK government-backed cybersecurity certification scheme that aims to help organizations implement basic cybersecurity practices and protect against common cyber threats. It provides a set of criteria and guidelines for organizations to follow in order to secure their systems and data. The Cyber Essentials certification is awarded to organizations that demonstrate compliance with these standards, indicating that they have implemented measures to safeguard against a range of common cyber-attacks. The scheme is designed to be accessible and affordable for organizations of all sizes, helping them improve their cybersecurity posture and build trust with customers, partners, and stakeholders.

For detailed guidance on utilizing the CIS/NIST Dashboards effectively, refer to the corresponding documentation <