In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses how file integrity monitoring and Zero Trust work together to improve your security posture. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Hey, Robert. Great to be speaking with you again.
A: Hi, Hillarie. Great to be back on your show.
Q: For this episode, Robert, you know, we were going to talk about FIM and Zero Trust because we've previously discussed file integrity monitoring, FIM, and you know, we've talked about Zero Trust before, too. But I guess, how do the two work together? That's what I would like to hear from you.
A: Well File Integrity Monitoring and Zero Trust, they actually do work together, and in fact, they're interdependent on each other. I think it would be best if we just take a quick step back and let's define Zero Trust, I know we spoke about it a little bit before. In Layman's terms, Zero Trust is the process of ensuring that the right people have access to the right resources at the right time, and making sure that those resources are configured in the right way and running the right software. Now, there are many tools that are needed to actually implement a Zero Trust Strategy. There is not one single product. There is a stack that you must implement to actually pull off and implement Zero Trust. Let's just rewind and let's break down what I said a little bit earlier in terms of the security stack. So I mentioned you have to make sure the right people, (well, that's controlled via identity and access management), and those people are accessing the right resources, (well that's accomplished via software-defined networks and micro-segmentation), and those resources are accessed at the right time, (and that's your leverage access control and security policy management), and ultimately you're ensuring that the resources are configured in the right way, (well, that's system hardening and configuration management), and ensure that it's running the right software (and that's integrity monitoring). So you can see there are many tools involved in that entire stack that contributes to your Zero Trust Strategy and certainly, there are others that can be used as well. Those are some of the big categories that fit into Zero Trust.
Q: That makes a lot of sense. So I guess, to single it out, you know, why is file integrity monitoring so important within that strategy you just laid out for us?
A: Well, the bottom line is that integrity is a foundational component of Zero Trust. You know, what's the point of ensuring that the right person has access to exactly the right endpoints if that endpoint has been altered in some unexpected manner? So file integrity monitoring, and even better, next-generation system integrity assurance tools provide administrators with the confidence that their systems, their servers, their network devices, their databases, all of those other critical components of their infrastructure are in the expected state, and have not been modified in any way.
Q: So essentially, integrity is a core part of the Zero Trust Architecture. That's what I'm hearing from you. So, how can someone, I guess, begin to implement a Zero Trust strategy using file integrity monitoring software?
A: Well, again, integrity monitoring is just one key component of your Zero Trust strategy. NIST Special Publication 8207 defines Zero Trust and in fact, they defined 7 key tenets or pillars of a Zero Trust Architecture. Now tenant number 5 states that "the enterprise monitors and measures the integrity and security posture of all owned and associated assets." We feel that we do that best. Our product, CimTrak, is the fastest and easiest way to do just that. To monitor the integrity of your assets, whether they are on-prem or in the cloud, and in most cases, we do it in real-time. In addition, CimTrak makes it very simple to monitor your security posture, using CIS Benchmarks or just DISA STIGs, the CimTrak Integrity Platform provides highly scalable enterprise-level visibility into all the unexpected changes to your assets or unexpected changes to your security posture. So if there's anyone in your audience, Hillarie, that's interested in trying CimTrak in their own infrastructure, they can learn more at www.cimcor.com. That's spelled - C as in, cat, I, M, C, O, R.com. We can provide your audience members with a free trial in their own environment. And furthermore, it's just a really great way to kickstart your Zero Trust strategy.
Q: Sounds like it. That's fantastic. Well, Robert as always, thanks so much for coming on, and I'm looking forward to next time.
A: Same here. I appreciate the opportunity to be on your show, Hillarie.
December 13, 2022