File Integrity Monitoring:
How it works and why you need to implement it
File integrity monitoring (FIM) detects changes to critical files including system, application, and configuration files. Next generation FIM tools can also monitor other closely related items such as the Registry, installed software, and local users and groups.
Organizations choose to implement FIM for a variety of reasons, including securing their systems from threats such as zero-day attacks and complying with various regulations such as PCI-DSS, HIPAA, NERC, and FISMA.
What’s Going On Here?
Knowing what changed is only part of the story though. Advanced FIM solutions like CimTrak give you a deeper dive into changes by not only letting you know exactly what changed, but also other forensic details such as:
- WHO made the change
- WHEN did the change occur
- WHAT exactly changed and what process was used
This level of detail is simply not available in most products, but it is critical to have a complete view of changes. Just knowing that a change happened is of little use without understanding the corresponding metadata associated with the change.