LOGON is known for its expertise in delivering solutions and services that help customers mitigate security threats by protecting the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Contact us to discuss your File Integrity Management requirements.
What Is File Integrity Monitoring (FIM)?
FIM is a technology that monitors and detects changes in files that may indicate a cyberattack. Unfortunately, for many organizations, FIM mostly means noise: too many changes, no context around these changes, and very little insight into whether a change actually poses a risk. FIM is a critical security control, but it must provide sufficient insight and actionable intelligence. Otherwise known as change monitoring, file integrity monitoring involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized. Companies can leverage the control to supervise static files for suspicious modifications such as adjustments to their IP stack and email client configuration. As such, FIM is useful for detecting malware as well as achieving compliance with regulations like the Payment Card Industry Data Security Standard (PCI DSS).
Advantages of Implementing File Integrity Monitoring.
- Protect IT Infrastructure: FIM solutions monitor file changes on servers, databases, network devices, directory servers, applications, cloud environments, virtual images and to alert you to unauthorized changes.
- Reduce Noise: A strong FIM solution uses change intelligence to only notify you when needed—along with business context and remediation steps. Look for detailed security metrics and dashboarding in your FIM solution.
- Stay Compliant: FIM helps you meet many regulatory compliance standards like PCI-DSS, NERC CIP, FISMA, SOX, NIST and HIPAA, as well as best practice frameworks like the CIS security benchmarks.
How does File Integrity Monitoring (FIM) Work?
- Set a policy: FIM begins when an organization defines a relevant policy. This step involves identifying which files on which computers the company needs to monitor.
- Establish a baseline: Before they can actively monitor files for changes, organizations need a reference point against which they can detect alterations. Companies should, therefore, document a baseline, or a known good state for files that will fall under their FIM policy. This standard should take into account the version, creation date, modification date, and other data that can help IT professionals provide assurance that the file is legitimate.
- Monitor changes: With a detailed baseline, enterprises can proceed to monitor all designated files for changes. They can augment their monitoring processes by auto-promoting expected changes, thereby minimizing false positives.
- Send alerts: If their file integrity monitoring solution detects an unauthorized change, those responsible for the process should send out an alert to the relevant personnel who can fix the issue.
- Report results: Sometimes companies use FIM tools for ensuring PCI DSS compliance. In that event, organizations might need to generate reports for audits in order to substantiate the deployment of their file integrity monitoring assessor.
Evaluating File Integrity Monitoring Tools?
- Management: Out-of-the-box policy customisation should come with the solution.
- Granularity: The product should be capable of supporting different policies according to the device type.
- Editing: Organizations should have the ability to revise a policy according to their individual requirements.
- Updates: All systems should quickly update via content downloads.
More Information About:
LOGON is a pan-asian company operating in China, Hong Kong (HK), India, Singapore, Malaysia, Indonesia, Vietnam, Philippines and Thailand. LOGON has local dedicated trained product specialists in Hong Kong, Guangzhou, Kuala Lumpur, Mumbai and Bangalore. LOGON acts both as value added reseller and sole distributor for award winning software solutions. Customers can buy new licenses, purchase upgrades and renewals from any of our local offices. Contact us for first line support during evaluations, PoCs. We offer best practices consulting services and classroom & online training. Check our site for latest offers, special discounts, bundle deals, etc..