File Integrity Monitoring

Detect Monitor, And Remediate Changes With System Integrity Assurance

 

 

IT Security And Compliance

File integrity monitoring (FIM) detects changes to critical files including system, application, and configuration files. With closed-loop change control, IT Security and Compliance with CimTrak goes above and beyond monitoring changes to files. 
  • Windows Registry
  • Drivers
  • Installed software
  • Security Policies
  • Services
  • Network Share Files
  • Network Share configuration
  • Local Users/Groups 
  • Active Directory/LDAP
  • Microsoft Exchange
  • Network Devices - Firewalls, Switches, Routers
  • Hypervisors - ESXi, HyperV, XenServer
  • Databases -MSSQL, Oracle, MSQL, Maria DB, IBM DB2

Organizations implement a File Integrity Monitoring (FIM) solution for various reasons, including securing their systems from threats such as zero-day attacks and meeting the compliance objectives with various regulations such as PCI-DSS,  HIPAA, SOX,  NERC,  FFIEC,  FISMA,   GDPR,  CMMC, CDM,  SWIFT and more.
real-time change detection

Working From A Trusted Baseline

A trusted baseline includes all of the assets, file hashes, configuration settings, etc, allowed to exist in an environment. CimTrak leverages best practices from authoritative sources like CIS Benchmarks and DISA STIGs to establish a known and trusted baseline that can restore at any point in time.

Verify Integrity in Real-time

CimTrak monitors changes in real-time and responds instantly to unexpected/unwanted changes. Proactively prevent cyberattacks at the source without restricting operations to reactive threat feeds. 

Complete Change Detail

CimTrak pinpoints exactly what has changed and provides complete change audit information.  Forensic details provided with changes include;  Who changed the information, What exactly changed, When it was changed, and the process used to change it, or the How.

 

Change Management/Change Control

CimTrak can pinpoint exactly what changed and provide complete change audit information. Knowing a change happened is of little use without understanding the corresponding metadata associated with the change.

Advanced file integrity monitoring (FIM) solutions like CimTrak give a deeper dive into unauthorized changes by not only letting you know exactly what changed but also other forensic details such as:

WHO changed the information, WHAT exactly changed, WHEN it was changed, and the process used to change it, or the HOW. 

LEARN MORE ABOUT CHANGE CONTROL/MANAGEMENT

330525261-pg-18

Complete Change Deta

System Integrity Assurance

System Integrity Assurance (SIA) is the next evolution of FIM. It establishes a known, trusted, and authoritative baseline of what is allowed and then prevents, limits, or rolls back everything else. Whenever an unknown, unwanted, or unexpected change occurs, it’s managed by exception so that authorized changes are added to the baseline while unacceptable changes are highlighted for investigation and/or remediation.

  • Truly real-time change detection
  • Integrated ticketing capabilities allow the classification of changes, maximizing security by focusing attention on the most critical changes.
  • Trusted File Registry™ service allows automatic reconciliation of known vendor updates and patches, resulting in significant time savings

LEARN MORE ABOUT SYSTEM INTEGRITY ASSURANCE 

 

integrity asurrance

SIEM Integration and More

CimTrak helps SIEM’s do their job better by receiving system, application, and file change data directly from the file integrity monitoring tool itself.

This allows the SIEM to combine critical change information with other data streams, allowing for enhanced event analysis and correlation. Benefits include learning about security events more quickly and being able to provide better context surrounding those events. Alerts raised by a SIEM can be traced back to CimTrak, which can provide all of the forensic data (who, what, when, how) for the event, allowing for quick and simple root-cause analysis.

LEARN MORE ABOUT SIEM INTEGRATION

SIEMs

 

FIM And PCI – What’s the Connection?

PCI DSS and file integrity monitoring fit together like a hand in a glove. Specifically, sections 10.5.5 and 11.5 require change detection mechanism to be put in place:

PCI DSS 11.5

Deploy file integrity monitoring software to alert personnel to unauthorized changes of critical system files, configurations files, or content files; and configure the software to perform critical file comparisons at least weekly.

PCI DSS 10.5.5

"Use file integrity monitoring or change-detection software on logs to ensure that existing log data cannot be altered without generating alerts …"

 

 

Security professionals know unexpected changes can mean that something bad is happening to your system. With new forms of malware continuously being unleashed, much of it being zero-day, it is critical that you have technology in place to detect such threats.

As these threats are unsignatured, many will find their way through perimeter defenses and attempt to take up residence in your infrastructure. Each day seems to bring news of the latest breach of payment card data. Proactively being alerted to changes can mean the difference between eliminating a threat quickly, or losing your customer’s personal information.

LEARN MORE ABOUT MANAGING COMPLIANCE