Expected and authorized changes to a system, such as OS updates, application patches, or any other scheduled software change, adds to change noise and can lead to endless amounts of alerts and false positives when monitoring for integrity drift. Without an integrated ticketing and workflow process to manage the good and expected change, bad change can never be pinpointed in a timely manner regardless of any use or implementation of a file integrity monitoring tool.
CimTrak has continually brought file integrity monitoring innovations to market. What makes CimTrak different from other FIM solutions?
CimTrak's integrity management approach provides a comprehensive solution to exceed just simple change detection in the case of FIM by using a closed-loop workflow that detects changes in real-time - determining if those changes are good or bad.
Simple to install, configure, and use
Extensive training is not required
Seamlessly output all major SIEM solutions
VirusTotal integration to easily determine if changes are a threat
Integrated ticketing capability allows changes to be planned and classified
The CimTrak Ticketing module is also the integration point with vendors such as CA Service Desk, Service Now, Cherwell, and Jira to ensure that tickets are not duplicated and a closed-loop process of all change management is consistently adhered to.
1. The threat actor is assigned a ticket in the ticketing tool or ITSM.
2. The threat actor sees the requested change and instead makes a different malicious change.
3. The threat actor comments in the ticket "The job is all done!" fooling his team that the expected change was completed.
4. The threat actor closes the ticket and nobody ever looks at it again—trusting him.