In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses how to elevate your security posture using file integrity monitoring. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Robert, welcome back. Great to be speaking with you again.
A: Hey, Hillarie. It's great to be back on your show.
Q: Robert, as you know, we've talked quite a bit about how file integrity monitoring can help with regulatory requirements, and we were focused more on the compliance side of that on our last episode, so I'd like to jump more into the security posture side of things now and really dig into some use cases for FIM and security. So I guess to start can you provide some examples of how file integrity monitoring can help organizations with their security posture?
A: Sure. There are many ways that file integrity monitoring can help an organization's security posture. For the sake of this discussion, I'm really going to answer, based on the capabilities of next-gen file integrity monitoring products that fall into that system integrity assurance category that I mentioned on our last podcast. So let's start simple. If you have a system with say, one hundred thousand files on it. Imagine that one of those files, perhaps the configuration file was changed by a bad actor. When would you know about it? I mean, how long do you think it would take, Hillarie? One hundred thousand files.
Q: I would think it would take a little while.
A: If ever, Hillarie because if you think about it, unless there was a change in the behavior of that system, or it was a previously classified piece of malware, you would never realize that this change ever occurred.
Another example is, what about your firewall? It has a ton of complex rules in everyone's firewalls. Would you realize if a new access control rule was added to your firewall configuration? Probably not. And what about Active Directory? You know some, you know companies have thousands of employees and thousands of directory accounts. What if a new user was added? Would you know? What if one of those several thousand users or accounts in your Active Directory simply had their privileges escalated to an administrative level? Would you realize that that happened? You know, and this is the issue for most organizations. The answer is a sobering no.
So next generation file integrity monitoring provides this mechanism for rapidly detecting and responding to these unexpected changes and threats that typically would just fall through the cracks.
Q: Yeah, I mean, I definitely would not notice any of those things so, or it might, as I said, take a very long time. Um, but yeah, definitely a sobering no, that's well put. So, I guess I'm pretty amazed at what file integrity monitoring, you know what a file integrity monitoring tool can do. So, can we dig into the how or the ways it can, you know, achieve this? I'd like to get a little more into the weeds on that, and how that tool works with file integrity monitoring.
A: You're right. Implementing file integrity monitoring is really critical in a new modern organization and infrastructure. You know, there was a recent study of large enterprises that found that threats are on average detected, and identified two hundred and twelve days after the initial breach.
A next-generation file integrity monitoring tool would have identified that change, likely in real-time in just mere seconds, and reducing that time from 212 days to identify to something that you can actually work with because if you're identifying it in real-time, you're likely understanding that something happened in just mere seconds.
This is achieved by establishing this authoritative baseline of all of the key assets and configuration settings that exist within your infrastructure. This baseline defines exactly how your assets should look and enables next-generation file integrity monitoring tools to identify, basically identify these deviations from this authoritative baseline. Now the challenge is when a valid change occurs. How do you update this authoritative baseline when there's a valid change? Like, say a Windows update or a patch? How do you accommodate changes to log files and databases and other things that change? These are the questions that can only be answered by next-generation file integrity monitoring tools because they have components and features that allow you to overcome some of those challenges and understand the good changes versus the bad.
Q: From what I've learned in our conversations, Robert. It's pretty incredible. File Integrity monitoring can really help an organization. So, I guess you know how? How would an organization begin to choose the right tool? That's always the hard question, right? It's like, Wow! This sounds awesome. This sounds great, but we don't know where to begin or how to start approaching this. So, I feel like that would be really helpful for folks to know.
A: That's a great question, Hillarie. You must be very careful when selecting a file integrity monitoring solution. Traditional file integrity monitoring tools would simply report a ton of changes to the user and just bombard them with noisy alerts. That isn't useful to anyone. Most of our research at Cimcor has actually been focused on finding ways to actually eliminate any noise. So companies can focus on the changes that actually matter.
So, our next-generation file integrity monitoring tool, which is called CimTrak, can detect not only changes to files, but to registry, to databases, to cloud servers containers, active directory, and much more, and oftentimes we can do it in real-time.
Furthermore, CimTrak has the ability to automatically identify and suppress changes that are okay or fine, such as a Windows update, or something that is related to a patch, and leaving you with only changes of concern, changes of concern, and that deserve your review.
In addition, CimTrak has this unique ability to restore unexpected changes back to their original state, and CimTrak is the only tool on the market in the FIM category that has this capability - this ability to do self-healing. So, CimTrak, It's very simple to install. It's easy to configure. And we think it adds a lot of value to any organization.
If any of the folks in your audience are actually interested in learning more about Cimtrak or trying it in their own infrastructure, we'll be glad to provide them with that free trial or a demo. Just reach out to us on our website at www.cimcor.com.
Q: Excellent as always, Robert. Thank you so much for joining me today, and I'm looking forward to our next conversation.
A: I appreciate the opportunity to be on your show, Hillarie.
Q: Thanks, Robert.
November 1, 2022