Both first-time and experienced users of file integrity monitoring software may not be aware of the full scope of its benefits. For many organizations, file integrity monitoring is initially implemented for compliance. PCI-DSS requirements 10.5.5 and 11.5 call for compliant organizations to monitor critical files at least once per week.
What are Your Information Security Objectives?
However, these are not the only objectives or goals of a security program that can be enhanced with file integrity monitoring. As Security Intelligence highlights, "carefully considered and meaningful areas of accomplishment that are documented with deadlines" are critical for elevating your security program and mitigating risk in the real world. Regardless of the security program's maturity, it can be a helpful exercise to determine how your technology portfolio or acquisition plans fit into larger objectives for risk mitigation. Join us as we review some common security goals that have relevance for all organizations and how file integrity monitoring fits in.
1. Maintain a Safe Network
Effective network security is no longer a matter of only protecting your infrastructure with server security and firewalls. While 85% of security breaches are related to just ten known vulnerabilities, simply applying patch updates isn't enough to protect your network and infrastructure. Comprehensive security should include attention to all components, including:
- Your servers;
- Your workstations and systems;
- Mobile devices; and
- Your data.
Agent-based file integrity monitoring allows security admins to comprehensively monitor the integrity of critical files on all connected devices. If your file integrity monitoring solution is an agentless option that is only measuring throughput or traffic that travels through your servers, you may be ignoring real vulnerabilities.
For more information, we recommend Agent vs. Agentless File Integrity Monitoring: Which is Best?
2. Maintain Vulnerability Management
Vulnerability management is the process of identifying vulnerabilities and assigning risk, according to SANs. It's important to understand the difference between vulnerability scanning and management. The two concepts are closely related, but not the same.
- Vulnerability scanning, using file integrity monitoring software and other tools, allows organizations to categorically discover risks that can be analyzed and accepted within the framework of vulnerability management.
- Vulnerability management is the process of using technological tools and other means to automate and add efficiency to the process of eliminating risks as they are identified.
The complexity of the threat vector, contemporary networks, and other factors demand automation and cutting-edge technologies in the vulnerability management process to eliminate the risk of human error. The right file integrity monitoring solution can elevate your efforts from scanning to total management of risks.
3. Prevent Unauthorized Access
Unauthorized access to your organization's assets can take many forms, which present varying levels of risk. This can range from unauthorized device sharing between employees to completing assigned job duties, account hacking, and resultant data theft by cybercriminals. The results of certain types of unauthorized access can include data theft, tampering with critical files, or denial of service.
Oracle recommends a comprehensive approach to this security objective, including each of the following:
- Password policies,
- Access control,
- Account inactivation,
- SSL, and
But where does file integrity monitoring fit into Oracle's model for unauthorized access prevention?
It fits in at the end of the process, in the auditing stage. Even with multi-factor authentication, there's a chance your attempts to implement access control can fail. Phishing attacks are still on the rise and employees are not growing wiser to the risks of malicious emails.
If your access control methodologies fail, auditing can allow you to quickly detect negative changes resulting from unauthorized access. Security professionals can effectively remediate negative changes with the power to identify negative changes in real-time.
4. Ensure Security Flaws are Immediately Reported
Creating a culture of security represents a slow, cultural shift for many organizations. Behaviorally-focused training and ongoing testing can be key to improving employee awareness and knowledge of security best practices. Despite many organizations' efforts to improve knowledge of phishing, employee open rates and clicks have increased slightly over the past year. It's become clear training isn't always enough.
File integrity monitoring cannot remediate a culture of poor attitudes about security, careless behavior, a lack of executive support, or cultural barriers to immediately reporting security flaws. It can't fix employee resistance to change or ineffective training.
However, file integrity monitoring can be a source of support, regardless of where you stand in regards to security knowledge maturity. In other cases, for resource-strapped organizations, sophisticated and easy-to-use file monitoring tools can free up security resources necessary to improve education programs and other tools necessary for full cultural change.
5. Maintain Integrity of Data Assets
Maintaining data integrity requires more than just policy, education, and access governance—though these factors are crucial. It's no longer possible to maintain security on a threat-by-threat basis. Instead, Black Stratus writes that tools are necessary to identify "malicious behavior and [give] your IT team tools/data to respond to emerging threats."
File integrity monitoring allows your security program to grow and scale, even as threats change, by providing you with a baseline to expand your security and improve your policies. When your infrastructure and network inevitably grow and change, the most effective file monitoring technologies can scale seamlessly along with your changes.
FIM and IT Security
The right file integrity monitoring tool can be an invaluable asset to various aspects of your information security program. From mitigating human-related and administrative risks to unauthorized access prevention, the most sophisticated file integrity monitoring tools can significantly free security resources and enable quick detection when your safeguards aren't effective.
If your organization is currently using integrity monitoring software, it is important to evaluate whether or not your current solution supports your goals. If you're struggling through a steep learning curve to make the software work for you or you're unable to immediately distinguish whether reported changes represent "real risk", making a switch could completely change the way you view integrity monitoring.
June 22, 2016