File Integrity Monitoring for Servers

Trusted by organizations worldwide, CimTrak is a critical component of your multi-layered security approach, CimTrak for Servers allows users to detect and classify changes to vital computer server elements, including operating system files, directories, data files, file attributes, Windows Registry, and more. No matter what your environment, we have you covered. CimTrak works on both physical and virtual servers such as VMWare as well as Cloud-based systems such as Amazon EC2 and supports many operating systems including Windows, Linux, and UNIX.

CimTrak is SmartFIM™

For over 15 years, CimTrak has continually brought file integrity monitoring innovations to market. What makes CimTrak different from other FIM solutions? Plenty:

  • Simple to install, configure and use
  • Extensive training is not required
  • Seamlessly output to all major SIEM solutions
  • VirusTotal integration to easily determine if changes are a threat
  • Integrated ticketing capability allows changes to be planned and classified
  • Trusted File Registry™ allows users to automatically promote known vendor patches/updates, greatly reducing false positives
  • No costly professional services needed to deploy solution

Simply put, CimTrak’s SmartFIM™ technology creates a superior file integrity monitoring experience by maximizing your valuable time and saving you valuable money.

 

CimTrakForServersArchitecture.jpg

 

Real-time File Integrity Monitoring


Because when it comes to threats to your IT environment, seconds count; CimTrak utilizes a truly real-time, proprietary methodology for detecting changes to servers. It was the first product to bring real-time change detection to the file integrity monitoring market. An important item to consider is that CimTrak does not work in a fashion that approximate real-time by continuously “polling” the server or opening multiple listening ports. It is truly “real-time detection.” Our highly specialized, proprietary technology ensures that no other change detection/file integrity monitoring solution can make this claim!

Get Complete Change Details


CimTrak gives you deep insight to changes that are occurring on your servers. By letting you know “who” made a change, “what” exactly changed, and “when” it changed, and the process was used to make a change, users get actionable information, not just an alert that requires time-consuming, manual effort to investigate. Users can even drill-down further and get a side-by-side comparison of what a particular file looked like pre-change vs. post-change and zero in on exactly what changed. This extraordinary level of detail saves already stretched IT staff time, money, and frustration by quickly getting to the root of changes.

Easily Classify Changes

While knowing that a change has occurred can be extremely helpful, knowing whether that change is a good or bad change takes change detection to the next level! Through its fully integrated, change ticketing module, CimTrak allows users to proactively plan changes so that expected changes can be simply promoted to the known, good baseline, eliminating significant time investigating changes. Instead of focusing on all changes, you can focus on those that are unexpected, maximizing the security of your environment. The CimTrak Ticketing Module can be used as a stand-alone solution for organizations that do not have their own system, or integrated to an existing, third party system.

CimTrak’s Trusted File Registry™ service goes one step further by automatically recognizing known, trusted vendor updates/patches and instantly reconciling them through promotion to the authoritative baseline. The Trusted File Registry™ provides the ultimate in system security and greatly minimizes the time spend by IT security personnel when it comes to investigating changes.

Extensive Reporting and Alerting Capabilities

With a wide selection of reports, which can be scheduled or created on-demand, CimTrak ensures that you have the information that you need for auditing, compliance, or change management purposes.

Upon detection of changes, alerts can be sent to the appropriate personnel within your organization. Further, change details can be sent to a syslog server or a security information and event manager (SIEM). CimTrak offers out-of-the-box integration with all major SIEM solutions including HP ArcSight, IBM QRadar, McAfee Enterprise Security Manager, RSA Security Analytics, Splunk, and more!

Restore File Changes or Prevent Them Completely

CimTrak’s unique architecture gives it the unprecedented ability to go beyond simply change detection. Various modes of operation including “update baseline,”deny rights,” and “restore” give users extreme versatility unlike any other solution.

  • Log – Changes are logged and alerted on and an audit trail is created.
  • Update Baseline – An incremental “snapshot” of a file or configuration is taken and stored in the CimTrak Master Repository as changes occur. This feature allows for changes between snapshots to be analyzed and previous baseline to be redeployed at any time with one-click.
  • Deny Rights – Denies any access to a file. Since CimTrak runs as the local system account, it does not matter what privilege access a user has, access to a file will not be allowed thus denying reads, changes, deletions or additions.
  • Restore – Instantaneously reverses a change upon detection. This effectively allows a system to “self-heal.”

Users can deploy these modes of operation selectively to monitor a particular file or group of files as appropriate. This granular nature of deployment allows precision monitoring of your unique environment in the way that fits your operational needs.

Proactively Respond to IT Security Threats

When changes occur, CimTrak’s unique ability to take pro-active action via the “deny right” or “restore” mode, helps to ensure the integrity and security of your business critical servers. CimTrak protects against external attacks that slip by your perimeter defenses as well as internal attacks and occasional accidents that originate from inside your corporate perimeter. While intrusion detection systems and anti-virus are essential, they are dependent on known attack-signatures to be effective and they are often useless against zero-day attacks, disgruntled employees, or programmer mistakes. CimTrak is not dependent on outside intelligence of new hacker or virus methods to be 100 percent effective.

As cyber attacks, data breaches and new forms of malware become more and more prevalent, new methods of defense are necessary. With CimTrak’s powerful modes of operation, you are able to stop changes from occurring without specific authorization. This efficiently and effectively prevents new IT security threats from wreaking havoc on your IT systems.

CimTrak Technical Summary Download

 Real-Time Insight into Your Entire Network

Do you have the confidence and trust with your FIM software?