File Integrity Monitoring

How it works and why you need to implement it.

What is File Integrity Monitoring

File integrity monitoring (FIM) detects changes to critical files including system, application, and configuration files. Next generation FIM tools can also monitor other closely related items such as the Registry, installed software, and local users and groups.

Organizations choose to implement FIM for a variety of reasons, including securing their systems from threats such as zero-day attacks and complying with various regulations such as PCI-DSS, HIPAA, NERC, and FISMA.

How it Works

Change is the nemesis of IT professionals who seek to maintain a stable environment that is secure. Changes to critical files can mean that a breach has occurred or that internal changes to systems are occurring. Finding a change without an advanced FIM tool is practically impossible; the equivalent of finding a needle in a haystack.

In the first case, you want to know as soon as possible so that swift action can be taken, and in the later, as part of your change management process, you will be able to check that changes have occurred and have been implemented correctly.

CimTrak SmartFIM™ Technology

With a long history of bringing file integrity monitoring innovations to market, CimTrak’s SmartFIM™ quite simply provides a superior solution to your needs. By maximizing the features available to you and minimizing solution complexity, CimTrak ensures the highest return on investment (ROI) and the lowest total cost of ownership (TCO) when compared with competing solutions.

  • Simple to install, configure and manage
  • No time-consuming training or professional services required
  • VirusTotal integration allows quick identification of threats
  • Truly real-time change detection
  • Integrated ticketing capabilities allow classification of changes, maximizing security by focusing attention on the most critical changes.
  • Trusted File Registry™ service allows automatic reconciliation of known vendor updates and patches, resulting in significant time savings

Learn More

Complete Change Detail

Knowing what changed is only part of the story though. Advanced FIM solutions like CimTrak give you a deeper dive into changes by not only letting you know exactly what changed, but also other forensic details such as:

  • Who changed the informaton
  • What exactly changed
  • When it was changed
  • And the process used to change it, or the how

CimTrak can pinpoint exactly what changed and provides complete change audit information. This SmartFIM technology and level of detail is simply not available in most products, but it is critical to have a complete view of changes. Just knowing that a change happened is of little use without understanding the corresponding metadata associated with the change.

FIM And PCI – What’s the Connection?

PCI-DSS and file integrity monitoring fit together like a hand in a glove. Specifically, sections 10.5.5 and 11.5 require change detection mechanism to be put in place:

PCI-DSS 11.5

“Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configurations files, or content files; and configure the software to perform critical file comparisons at least weekly.”

PCI-DSS 10.5.5

“Use file-integrity monitoring or change detection software on logs to ensure that existing log data cannot be altered without generating alerts …”

Security professionals know that unexpected changes can mean that something bad is happening to your system. With new forms of malware continuously being unleashed, much of it being zero-day, it is critical that you have technology in place to detect such threats.

As these threats are unsignatured, many will find their way through perimeter defenses and attempt to take up residence in your infrastructure. Each day seems to bring news of the latest breach of payment card data. Proactively being alerted to changes can mean the difference between eliminating a threat quickly, or losing your customer’s personal information

 

Low Cost of Ownership

Many people believe is that Tripwire® is the only FIM product on the market. Because of this, they suffer through with the extremely high costs and product complexity believing they have no other option available.
Advanced FIM tools such as CimTrak break all of these familiar stereotypes by being very easy to use, budget friendly, and more useable through its proprietary features for eliminating false positives. There’s a reason that organizations such as NASA, Cornell University, and the Chicago Stock Exchange rely on CimTrak to keep their assets secure and compliant

SIEM Integration

As more and more firms deploy them, what role FIM plays with regards to Security Information and Event Managers (SIEM) tools is often a question that IT and security personnel ask. The answer is that it is a complementary technology, helping SIEM’s do their job better by receiving system, application, and file change data directly from the file integrity monitoring tool itself.

This allows the SIEM to combine critical change information with other data streams, allowing for enhanced event analysis and correlation. This benefits the enterprise by learning about securityevents more quickly, and being able to provide better context surrounding those events. What’s more, alerts raised by a SIEM can be traced back to the FIM tool, which can provide all of the forensic data (who, what, when, how) for the event, allowing for quick and simple root-cause analysis.

Not all change detection tools integrate easily to a SIEM directly from the tool itself, so it is important to inquire if you are running a security information and event manager currently or want to do so in the future. CimTrak integrates with any security information and event manager including HP ArcSight, RSA Security Analytics, IBM QRadar, and McAfee Enterprise Security Manager

CimTrak Integrity Suite Overview

CimTrak consists of four integrated software components: The CimTrak Master Repository, CimTrak Management Console, CimTrak Agent and CimTrak modules. Each component operates as an autonomous unit, yet work in tandem to provide superior protection of your critical IT assets.

  • Master Repository
  • Management Console
  • CimTrak Agent
  • CimTrak Modules

 Real-Time Insight into Your Entire Network

Do you have the confidence and trust with your FIM software?