In part two of this three-part series, we discuss the pressure CIOs and CISOs face under the umbrella of security and compliance. File Integrity Monitoring (FIM) helps address and many times solve common IT security and compliance matters including but not limited to budgetary constraints, maintaining continuous verification and attestation for systems operations. These matters are also delivered often with fewer resources and less capital, and with the continued expectation of meeting any number of regulatory requirements.
As Retarus reports, nearly 80% of senior IT employees and security leaders believe their companies lack sufficient protection against cyber-attacks despite increased IT security investments made in 2020.
Though the problem is not solvable with one step, prioritizing initiatives that can solve a multitude of issues and requirements with a common product or solution can naturally lead to the progression of organizations focusing on best practices for IT security and compliance requirements.
In this three-part series, we'll discuss how file integrity monitoring (FIM) addresses many of these problems CIOs/CISOs face today and how file and system integrity software can help solve many of those concerns.
1. PRODUCTIVITY RESPONSIBILITIES
CIOs/CISOs are now being challenged with maintaining consistent productivity while doing more with less inside the IT department. IT staff are taking shortcuts to help achieve this increase in productivity. Without the ability to determine root cause analysis of outages, CIOs/CISOs are driving blind when it comes to a resiliency plan of action should system(s) fail other than an all-hands-on-deck approach for resolution. This culture of IT firefighting security, compliance, and general IT management has failed over the past two decades and continues to plague organizations today.
HOW FIM HELPS
CIOs/CISOs need to feel comfortable that file integrity monitoring software has the ability to operate 24x7 and is ready to address unwanted and unexpected changes to maintain the productivity of the product/services delivered by the organization. Shortcuts don’t need to be taken as tasks should be automated and streamlined through automated workflow processes for unintended or malicious changes and activities. Situational awareness is achieved and productivity is positively impacted with the right software in place.
CIOs/CISOs are challenged with budget constraints and tasked with 24x7 situational awareness while maintaining a certain level of acceptable security risk, meeting one or more regulatory requirements, and maintaining service availability. There is not enough time or budget to maintain all tasks successfully. Shortcuts occur and extra risk is assumed but hopefully never realized.
HOW FIM HELPS
CIOs/CISOs need to be assured that FIM software is fully integrated, has automated workflow functionality, and provides a force multiplier to existing capital investments like ITSM and SIEM frameworks that bring the necessary 24x7 situational awareness, security, compliance, and network resiliency promoting productivity enterprise-wide while reducing risk to the organization.
CIOs/CISOs are challenged with maintaining continuous verification and attestation that systems are operating in a known and trusted state as it relates to any number of compliance mandates. Often times multiple compliance requirements are necessary which only adds to the complexity and difficulty of trying to not duplicate efforts and minimize overlap to achieve better efficiency and ROI through audit preparation and reporting.
When a compliance incident is discovered the data needs to be available quickly to precisely determine what changes were made (time, date, who made the change, was the change authorized, etc.) in order to resolve the problem. Continuous compliance is a struggle because of staff access limitations and limited visibility causing compliance resiliency to be strained. Systems fall out of compliance with limited visibility and context of not knowing what is changing inside their IT environment, which can lead to security vulnerabilities and possible breaches.
HOW FIM HELPS
CIOs/CISOs need to be assured that FIM and file and system integrity assurance solutions help achieve cost-effective continuous compliance of any number of statutory, regulatory, or contractual frameworks including but not limited to; PCI DSS, HIPAA, GLBA, SOC 2, SWIFT, FISMA, GDPR and dozens of others. A file integrity monitoring (FIM) solution with its own ticketing system or numerous integrations with other third-party applications can manage the process of identifying non-compliant systems and provide the necessary information and steps to remediate them on a continuous basis.
To further simplify the compliance workflow process, file integrity monitoring software should map all compliance requirements to the CIS Controls, a common prescriptive framework. This normalizes the complexity of numerous compliance mandates into a uniform and holistic approach to achieving a secure and compliant infrastructure.
4. SIEMs: LABOR & COSTS
CIOs/CISOs are challenged with the amount of data/logs that SIEM tools collect on a daily basis. SIEMs are labor-intensive, require constant rule scripting, and can negatively impact the IT budget with overwhelming amounts of noise and useless data that analysts would need to parse in order to make clear and effective IT decisions as they pertain to security and compliance risks. This is often analogous to trying to find a needle in a haystack.
- SIEM tool log collection example for 1,000 nodes to be monitored.
- SIEMs collect between 20 and 5,000 + logs per second per node.
- 1,000 nodes x 86,400 seconds per day x 20 logs per second = 1.7 billion logs per day
HOW FIM HELPS
A file and system integrity monitoring solution should provide the necessary integrity management and compliance information in real-time to SIEM applications with its numerous certified integrations. This complements SIEM vendors by providing the needed data to correlate and conduct root cause analysis to identify security breaches in real-time and determine compliance drift enterprise-wide.
This reduces the time to identify, respond and resolve problems in a timely manner which increases productivity and drives down costs. Coupling with FIM enables CIOs/CISOs to leverage their existing SIEM investment and bring a more robust solution to mitigating their security and compliance risk while improving productivity.
5. PATCH & CHANGE MANAGEMENT VALIDATION
Systems and apps need to be patched on a regular basis to address vulnerabilities and improve performance. Validating these patches is a very labor-intensive process which also leaves system admins in a state of "patch-and-pray". Patches can often be conflicting and cause disruption or system failure. Validating patches correctly can be labor-intensive and expose the organization to service disruption, downtime, and a possibility of a security breach during the patch management window.
HOW FIM HELPS
File Integrity Monitoring platforms should enable a closed-loop change control process through integrations with IT Service Management (ITSM) vendors or accomplished with its own ticketing module. A solid FIM solution's integration with ITSM platforms should be bi-directional where information and commands can be executed manually or through automation to ensure complete visibility and accountability that only approved and expected changes (patches) are allowed.
This reconciliation process ensures that the observed changes reconcile with the expected changes leaving unknown, unwanted, or unexpected changes highlighted for investigation. Resolution of the unknown changes can be a manual effort where the reconciliation information is populated into a trouble ticket for analysis and remediation or the FIM solution should initiate an automated roll-back to restore to a previously known and trusted state of operation.
6. FLAT NETWORKS
CIOs/CISOs are challenged with growing networks that are flat with access by numerous admins. Flat networks are inherently vulnerable in that if one of the admins’ credentials are compromised, the entire organization's network is vulnerable and is at risk. Flat Networks are more susceptible to data breaches and non-compliance.
HOW FIM HELPS
CIOs/CISOs need to be assured that a file integrity monitoring solution is able to provide visibility to admins to the systems that they are responsible for, thus minimizing the chance of cyber-attacks, and data breaches and providing continuous compliance verification while maintaining network uptime.
In part three of this series, we will cover problems 15-20. Or you can download the full brief below. Learn More about additional ways file and system integrity monitoring can help in your environment today.
August 4, 2021