CimTrak has continually brought file integrity monitoring innovations to market. What makes CimTrak different from other FIM solutions?
CimTrak's integrity management approach provides a comprehensive solution to exceed just simple change detection in the case of FIM by using a closed-loop workflow that detects changes in real-time - determining if those changes are good or bad.
Simple to install, configure, and use
Extensive training is not required
Seamlessly output all major SIEM solutions
VirusTotal integration to easily determine if changes are a threat
Integrated ticketing capability allows changes to be planned and classified
1. The threat actor is assigned a ticket in the ticketing tool or ITSM.
2. The threat actor sees the requested change and instead makes a different malicious change.
3. The threat actor comments in the ticket "The job is all done!" fooling his team that the expected change was completed.
4. The threat actor closes the ticket and nobody ever looks at it again—trusting him.
When the threat actor made the malicious changes, the ticketing or ITSM tool did not detect the change as they are not monitoring tools nor do they provide forensic details of what happened to the system.
When the threat actor commented and closed the ticket, he made it seem as if the change was done when it truly was not, but there was no information to prove otherwise.