File Integrity Monitoring in Real-Time

File Integrity Monitoring Defined

File integrity monitoring (FIM) detects changes to critical files including system, application, and configuration files. A next-generation FIM tool can also monitor other closely related items such as the Registry, installed software, and local users and groups.

Organizations may implement a File Integrity Monitoring (FIM) solution for a variety of reasons, including securing their systems from threats such as zero-day attacks and meeting the compliance objectives with various regulations such as PCI DSS, HIPAA, SOX, NERC, FFIEC, FISMA, GDPR, CDM, and SWIFT.

How it Works

Change is the nemesis of IT professionals who seek to maintain a stable environment that is secure. Unauthorized changes to critical files can mean that a breach has occurred or that internal changes to systems are occurring. Finding a change without an advanced file integrity monitoring tool is practically impossible; the equivalent of finding a needle in a haystack.

In the first case, you want to know as soon as possible so that swift action can be taken, and in the latter, as part of your change management process, you will be able to check that changes have occurred and have been implemented correctly.

CimTrak SmartFIM™ Technology

With a long history of bringing file integrity monitoring innovations to market, CimTrak’s SmartFIM™ quite simply provides a superior solution to your needs. By maximizing the features available to you and minimizing solution complexity, CimTrak ensures the highest return on investment (ROI) and the lowest total cost of ownership (TCO) when compared with competing solutions.

Simple to install, configure and manage
No time-consuming training or professional services required
VirusTotal integration allows quick identification of threats
Truly real-time change detection
Integrated ticketing capabilities allow classification of changes, maximizing security by focusing attention on the most critical changes.
Trusted File Registry™ service allows automatic reconciliation of known vendor updates and patches, resulting in significant time savings

Complete Change Detail

Knowing what changed is only part of the story though. Advanced file integrity monitoring (FIM) solutions like CimTrak give you a deeper dive into unauthorized changes by not only letting you know exactly what changed but also other forensic details such as:

Who changed the information
What exactly changed
When it was changed
And the process used to change it, or the how

CimTrak can pinpoint exactly what changed and provide complete change audit information. This SmartFIM technology and level of detail is simply not available in most products, but it is critical to have a complete view of changes. Just knowing that a change happened is of little use without understanding the corresponding metadata associated with the change.

FIM And PCI – What’s the Connection?

PCI DSS and file integrity monitoring fit together like a hand in a glove. Specifically, sections 10.5.5 and 11.5 require change detection mechanism to be put in place:

PCI DSS 11.5

“Deploy file integrity monitoring software to alert personnel to unauthorized changes of critical system files, configurations files, or content files; and configure the software to perform critical file comparisons at least weekly.”

PCI DSS 10.5.5

“Use file integrity monitoring or change detection software on logs to ensure that existing log data cannot be altered without generating alerts …”

Security professionals know unexpected changes can mean that something bad is happening to your system. With new forms of malware continuously being unleashed, much of it being zero-day, it is critical that you have technology in place to detect such threats.

As these threats are unsignatured, many will find their way through perimeter defenses and attempt to take up residence in your infrastructure. Each day seems to bring news of the latest breach of payment card data. Proactively being alerted to changes can mean the difference between eliminating a threat quickly, or losing your customer’s personal information

Low Cost of Ownership

Many people believe is that Tripwire® is the only FIM product on the market. Because of this, they suffer through with the extremely high costs and product complexity believing they have no other option available.
Advanced FIM tools such as CimTrak break all of these familiar stereotypes by being very easy to use, budget friendly, and more useable through its proprietary features for eliminating false positives. There’s a reason that organizations such as NASA, Cornell University, and the Chicago Stock Exchange rely on CimTrak to keep their assets secure and compliant.

SIEM Integration

As more and more firms deploy them, what role file integrity monitoring plays with regards to Security Information and Event Managers (SIEM) tools is often a question IT and security personnel ask. The answer is that it is a complementary technology, helping SIEM’s do their job better by receiving system, application, and file change data directly from the file integrity monitoring tool itself.

This allows the SIEM to combine critical change information with other data streams, allowing for enhanced event analysis and correlation. This benefits the enterprise by learning about security events more quickly, and being able to provide better context surrounding those events. What’s more, alerts raised by a SIEM can be traced back to the file integrity monitoring tool, which can provide all of the forensic data (who, what, when, how) for the event, allowing for quick and simple root-cause analysis.

Not all change detection tools integrate easily to a SIEM directly from the tool itself, so it is important to inquire if you are running a security information and event manager currently or want to do so in the future. CimTrak integrates with any security information and event manager including HP ArcSight, RSA Security Analytics, IBM QRadar, and McAfee Enterprise Security Manager.

File Integrity Monitoring