In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, addresses whether it is necessary for already hardened systems to utilize file integrity monitoring software. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Robert, welcome. Always fun to be speaking with you.
A: Great to be back in your show, Hillarie.
Q: Robert, we've talked a lot about FIM and system hardening previously, but just to level-set for our episode today, you know, what's the connection between the two?
A: That's a great question. I think, let's start by defining each one. Well, file integrity monitoring is the process of establishing this authoritative baseline of what files should be on the system and notifying the user anytime a file deviates from that authoritative baseline. That, in essence, maintains integrity. Now, system hardening, on the other hand, is the process of configuring a system in a manner that is optimally secure. And by that, what is optimally secure? Those are settings that have been agreed upon via consensus that are best practices. Oftentimes these settings are called benchmarks, and two popular standards for configuring systems in this hardened state are CIS Benchmarks - and that's very popular with commercial businesses, and DISA STIGs - and DISA STIGs are often more often used in government. However, once your system is in a hardened state, it's recommended that you regularly assess if those systems are still configured properly. So you also ask well what's the connection? Both focus on integrity - integrity of the files in your system, or the integrity of how your system is configured. So you're just looking at integrity from two different perspectives.
Q: Why would someone need to use file integrity monitoring even if their systems are hardened? That's a question I can foresee folks asking, you know, just I think that would be helpful for you to shed some light on that.
First of all, a system that has been hardened is definitely better than a system that isn't hardened. The fact that a system is hardened means that it is more resilient to cyberattacks, but that doesn't mean that that system is somehow resilient to all attacks. In many cases, it doesn't do a thing to help with internal threats. With that in mind, I believe that file integrity monitoring is the perfect complement to system hardening because if a hardened system is compromised in some way, and changes are actually made, then file integrity monitoring would be able to detect it and still give you that feedback and visibility in terms of what's happening on that system. The base case scenario is that your critical systems are in a secure and hardened state, while simultaneously having next-gen file integrity monitoring tools in place on those same systems to ensure those systems are always in a state of integrity.
Q: Robert, how can people easily implement both hardening their systems if they haven't done so or if they need to, you know, make that even harder and better as well as file integrity monitoring. Are there any tools to make this process easier?
A: Well, there is a new class of tools that can help you both harden your systems and perform integrity monitoring. This category of software is called system integrity assurance. You might think of it as file integrity monitoring on steroids. System integrity assurance helps you to harden your systems, and also monitor those systems to ensure that all of those system configuration settings stay configured in that optimal way according to best practices. In addition, they can monitor the integrity of not just files, but also registry items, active directory, local security policies, users, and groups, containers, databases, so much more. So it's much more holistic far beyond just files like an old-school file integrity monitoring system. This next generation of software is exactly what we've been working on, Hillarie, right here at Cimcor.
Our CimTrak Integrity Suite can help you configure a system into a hardened state, according to CIS Benchmarks, or DISA STIGs as we mentioned earlier and it can detect anytime your system drifts away from a secure and hardened state; and if it does drift away from that secure and hardened state, it can provide you with reports to show you exactly what is changed and what do you need to do to reconfigure that system to be in a secure state again. On top of all that, it can monitor those systems for unexpected changes to files, and as I mentioned to active directory and docker, and even network devices like Cisco routers or firewalls and more.
I can tell you, if any of your listeners will like to try hardening their systems or implementing next-generation file integrity monitoring, they can download a free demo by just going to our website at www.cimcor.com. That's C as in cat, I, M, C, O, R.com, and signing up, and you'll get a copy to try in your own infrastructure. It's very easy to set up and configure and once you actually try it, you might be a little surprised that your security posture of your IT assets may not be in the state that you expect.
Q: Robert as always, thank you so much for coming on, and I'm looking forward to our next conversation.
A: Same here. I always appreciate the opportunity, and I'll look forward to you in the next year.
February 23, 2023