In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses the relationship between file integrity monitoring and system integrity assurance. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Robert, welcome back. So great to have you back and to be speaking with you again.
A: It's great to be back on your show, Hillarie. I always love our discussions.
Q: Yeah, I do, too. And today's going to be a good one because the past couple of episodes we've talked about file integrity monitoring and system integrity assurance, kind of reinforcing some things that we've talked about, you know, multiple times together because there's a lot to talk about there. Today I think it'd be great if we kind of contrasted the two and also talked about how they're similar. So I guess, to start between file integrity monitoring and system integrity assurance, what's the difference between the two? And are they similar at all?
A: Well, Yes. Well, the concepts, in general, are similar, but Hillarie, the differences are major. File integrity monitoring is actually an old concept that's been around for years and it works by establishing a baseline of what the files should look like within your system. And it does this by creating this baseline, by creating "fingerprints" of each file on your system. Now, many times, file integrity monitoring tools would pull once that baseline was established, say once a day to identify if there are any changes, and if there were changes it would simply report those changes and email those changes.
So file integrity monitoring tools were great and were interesting when they first burst into the security scene because they could really help you detect unexpected changes to your systems. But the Achilles Heel, Hillarie, was that they also detected expected changes to your systems. So its utility was debatable because of all the noise. File integrity monitoring tools were flawed. They were noisy because they reported on all those changes. They were limited because they only looked at files. And of course, as I mentioned under previous episodes, systems are made up of a lot more than simply files. There is a lot of additional data and metadata. And on top of it all, they were slow to report, because they would often pull on a regular interval, say once a day, to identify changes. And in today's fast-moving world, once a day is not fast enough.
So system integrity assurance is a major evolution beyond file integrity monitoring. It solves many, if not all, of the flaws that existed in those classic file integrity monitoring tools. For instance, instead of showing all changes, system integrity assurance tools can filter out all changes, such as, say a patch or changes related to a change window in your organization. All of that gets filtered out, and when you are able to effectively filter out all of that noise, that leaves you only with unexpected and unwanted changes. Those are the changes that matter, the changes that you must actually do something about. Furthermore, system integrity assurance seeks to monitor more than just files. For example, what if a new user was added to Active Directory? Or what if a database schema was altered and new business logic was inserted into a store procedure? Or what if your Kubernetes configuration was changed? You know, these are all things that file integrity monitoring tools would not detect. However, system integrity assurance tools would. And usually, it would detect them in real-time. Unlike those classic file integrity monitoring tools which may only scan once a day. Maybe similar concepts, but certainly the differences are major.
Q: Okay, that makes a lot of sense. And I can definitely that that difference is definitely major. So I guess now that we know that difference, how can these two concepts work together in practice?
A: Well, in practice, you would probably not use an old-school classic FIM and a system integrity assurance tool together, at least not at the same time. In fact, many of our customers are migrating off of those old file integrity monitoring tools and into you know, our modern, next-generation system integrity assurance platform. All of the functionality and the benefits and great things that you had in that classic file integrity monitoring tool, they're all available in system integrity assurance tools. But they're available with much greater power, much more usable, and easier to deploy. In fact, we've found that many customers with old classic file integrity monitoring solutions have spent months trying to configure them. They were able to successfully migrate to our system integrity assurance platform in just hours, at the most, days. You gain in functionality and power, while simultaneously simplifying the management of your entire security stack.
Q: Robert, I guess, for someone who's just starting out, and you know, needing to implement this kind of solution. What should their first steps be? And then what can they do to get started?
A: System integrity assurance is a new and emerging category that is much more than next-generation file integrity monitoring, and we believe that our product, the CimTrak Integrity Suite, is the most robust integrity assurance platform on the market. We have a wealth of resources on our website that can help you learn about system integrity assurance and much more. We have blog posts, we have whitepapers, and we have guides specific to integrity assurance, helping you understand more about how it can help and how it fits within your enterprise. Furthermore, we also have a wealth of resources to help you understand how we can help you meet many of the regulatory and compliance initiatives and frameworks that you may have to comply with as part of your duties as a security engineer or Security Officer. With all those resources there, and knowing that your audience also includes many engineers that will rather just try it rather than read about it in a blog post or on a website, so we encourage them to go to our website at www.cimcor.com.
That's C as in cat, I, M, C, O, R.com, and you can sign up and try it right in your own infrastructure. It's quick and easy, and if you have any questions or issues, our incredible support team will be right there with you every step of the way to ensure your success.
Q: Robert. Such a pleasure as always. Thanks so much.
A: Thank you, Hillarie. And I look forward to speaking with you again.
January 10, 2023