System Integrity Monitoring Best Practices
DATA SECURITY PODCAST
In a recent podcast interview with Steve Morgan, editor-in chief of Cybercrime Magazine, Robert E. Johnson, III, Cimcor CEO/President discusses the latest views on data security, and the importance of system integrity monitoring and best practices for businesses regarding file integrity monitoring. The podcast can be listened to in it's entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today as President and CEO Robert Johnson, III. Robert has been a pioneer in the development of next-gen, system integrity monitoring, self-healing systems, and cybersecurity software. Rob, great to have you back with us again today.
A: Great to be back with you, Steve.
Q: Today we're going to talk about integrity. And you know you have so much experience in so many areas, but I don't know if there's one that's more important than this. So let's talk about it. Integrity is critical and foundational to the security posture of IT. How exactly should an IT department define data integrity, and what type of tools are necessary to provide an effective solution?
A: Well, it's a good question, Steve. You know, integrity is a key component of security. You know, it's part of that CIA triad, and the “I” in CIA is integrity. But, you know, we need to make sure that we take a step back and look at integrity in a holistic manner. I believe a lot of security professionals may believe they're implementing or have integrity close in place, but perhaps they aren't really as strong of controls as they may think. Let me explain what I mean by that.
Many times when we think about integrity, our minds go to file integrity monitoring, and that's just looking at files to show that they haven't been changed in some way. And that is part of it, but that's really the "old school" way of thinking about integrity. We are at this point now where there's so much more, there's so much in the files and beyond files that we need to be concerned about.
So to really maintain integrity, you need to move beyond files and start extending what you monitor for integrity into logical data constructs. And by that, I mean things such as your local security policies on your Windows machines. What about your registry or our items in there changing that you don't expect? What about users and groups - has a a new local user been added? Have their privileges been changed?
What about databases - have your schemas has been changed, or have new users been added to your database? Network configurations - have your configurations changed in your network device? All of those examples, and there's so many more I can just go into Steve, these are logical constructs, logical data structures that you still need to monitor for integrity.
And you miss the boat on so many of those when you simply are doing file integrity monitoring in the old school definition of it all.
Q: So the question I have for you, you know, as I'm listening, before I lose the thought. We talked to so many CSOs. And, you know, the same things come up over and over again. And of course, they're important, you know, talk about the insider threat, we talked about the challenge around recruiting people we talked about, you know, endpoint security, whether they're hard or soft topics, you name it. You probably know what they are.
But, you know, the idea of integrity just doesn't come up that much. Do you hear that, you know, when you're talking to CISOs. Is it always you introducing this or are they asking about it too? Do they spend enough time thinking about this?
A: You know I don't believe they spend enough time thinking about it and we don't hear as much as we should. I think the driver that is even bringing it to the forefront of people's consciousness is that we're starting to see it written into more and more compliance standards, because it really is a critical in core component of any security architecture. So unfortunately, some of these compliance documents or regulatory documents are written in the mindset that file integrity monitoring is the panacea as the solution, so you are actually see that wording.
I'm kind of pushing people to change that language because I think the file integrity monitoring is a misnomer for what we're trying to accomplish right now. I think we need to call it system integrity monitoring or system integrity monitoring and verification, or something like that, because that's what really needs to occur.
Beyond files. That's just one component we need to monitor the integrity of the entire system. So, and that's where all of our R & D, to be honest, is dedicated Steve. It [R & D] is toward breaking that traditional file integrity monitoring model and moving towards this broader vision of system integrity monitoring.
And it is also digging deep. It is really understanding what's changing with all of these logical data constructs, which really drive and run your systems and your entire IT infrastructure.
Q: Well that's great, Rob. Thank you so much for joining us today. The reason we have you on is because you talk about things that not enough people do. So that was great. Thank you.
A: Thank you, Steve. Look forward to talking to you next time.
We hope you enjoyed the latest podcast from Cimcor. You can learn more about File and System Integrity Monitoring, with the latest technical summary from Cimcor.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".