Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • What Is FIM (File Integrity Monitoring)?
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware

What Is FIM (File Integrity Monitoring)?

4 years ago David Bisson
What Is FIM (File Integrity Monitoring)?

Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly.

Organizations commonly respond to this dynamism by investing in asset discovery and secure configuration management (SCM). These foundational controls allow companies to build an inventory of approved devices and monitor those products’ configurations. Even so, companies are left with an important challenge: reconciling change in important files. For that challenge, many enterprises are turning to file integrity monitoring (FIM).

What Exactly is File Integrity Monitoring?

FIM is a technology that monitors and detects file changes that could be indicative of a cyberattack. Otherwise known as change monitoring, FIM specifically involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized. Companies can leverage the control to supervise static files for suspicious modifications such as adjustments to their IP stack and email client configuration. As such, FIM is useful for detecting malware as well as achieving compliance with regulations like the Payment Card Industry Data Security Standard (PCI DSS).

File integrity monitoring was invented in part by Tripwire founder Gene Kim. From there, it went on to become the security control around which many organizations now build their cybersecurity programs. The specific term “file integrity monitoring” itself was widely popularized by the PCI standard.

Unfortunately, for many organizations, FIM mostly means noise that complicates the work of security personnel. Too many changes, no context around these changes, and very little insight into whether the changes actually pose force security teams into a position where they need to investigate which changes relate to one another. In the process, these professionals could waste their time looking into false positives, thus contributing to a sentiment of alert fatigue that leaves organizations exposed to data breaches and other digital threats.

This highlights the reality of FIM. It is a critical security control, but it must provide sufficient insight and actionable intelligence for organizations to augment their security postures.

3 Advantages of Running a Successful File Integrity Monitoring Program

  1. Protect IT Infrastructure: FIM solutions monitor file changes on servers, databases, network devices, directory servers, applications, cloud environments, and virtual images to alert you to unauthorized changes.
  2. Reduce Noise: A strong FIM solution uses change intelligence to only notify you when needed—along with business context and remediation steps. Look for detailed security metrics and dashboarding in your FIM solution.
  3. Stay Compliant: FIM helps you meet many regulatory compliance standards like PCI-DSS, NERC CIP, FISMA, SOX, NIST and HIPAA, as well as best practice frameworks like the CIS security benchmarks.

How File Integrity Monitoring Works (in 5 Steps)

There are five steps to file integrity monitoring:

  1. Setting a policy: FIM begins when an organization defines a relevant policy. This step involves identifying which files on which computers the company needs to monitor.
  2. Establishing a baseline for files: Before they can actively monitor files for changes, organizations need a reference point against which they can use to detect alterations. Companies should therefore document a baseline, or a known good state for files that will fall under their FIM policy. This standard should take into account the version, creation date, modification date, and other data that can help IT professionals provide assurance that the file is legitimate going forward.
  3. Monitoring changes: With a detailed baseline, enterprises can proceed to monitor all designated files for changes. They can augment their monitoring processes by auto-promoting expected changes, thereby minimizing instances of false positives.
  4. Sending an alert: If their file integrity monitoring solution detects an unauthorized change, those responsible for the process should send out an alert to the relevant personnel so that they can quickly fix the issue.
  5. Reporting results: Sometimes, companies use FIM tools for ensuring PCI DSS compliance. In that event, organizations might need to generate reports for audits in order to substantiate the deployment of their file integrity monitoring assessor.

4 Things to Look for When Assessing File Integrity Monitoring Tools

To complement the phases described above, organizations should look for additional features in their file integrity monitoring solution. That functionality should include, for example, a lightweight agent that can toggle “on” and “off” and that can accommodate additional functions when necessary. The solution should also come with total control over a FIM policy. Such visibility should incorporate:

  • Management: The solution should come with built-in policy customizations.
  • Granularity: The product should be capable of supporting different policies according to the types of devices that fall within the scope of an enterprise FIM program.
  • Editing: Organizations should have the ability to revise a policy according to their evolving security requirements.
  • Updates: All systems should quickly update via content downloads.

File Integrity Monitoring with Tripwire

Tripwire’s file integrity monitoring solution focuses on adding business context to data for all changes that occur in an organization’s environment. As such, it provides IT and security teams with real-time intelligence that they can use to identify incidents that are of real concern. It also helps personnel learn the who, what, when, and how of a change, data which they can use to validate planned modifications.

Here are two core components of Tripwire’s FIM solution.

Component #1: Detecting Change

Every security breach begins with a single change. A small alteration to one file can expose your whole network to a potential attack. File integrity monitoring, in its simplest sense, is about keeping track of change from an established baseline and alerting you to any unexpected change that may represent a security risk or a compromise in regulatory compliance. Whether it’s a phishing scam, distributed denial of service (DDoS) attack, malware incident, ransomware infection, or insider threat, Tripwire’s FIM solution will alert you right away anytime a cybercriminal is in the process of penetrating your system.

Component #2: Comparing Against a Secure Baseline

In order to know which file changes are relevant to your security, you must first establish an authoritative data integrity baseline. A FIM solution like Tripwire® File Integrity Manager will capture your system’s configuration baseline and deliver the “who, what, and when” details of each relevant file change—all without bogging you down in notifications about routine changes.

Learn More about Tripwire and FIM

Please download the white paper FIM Isn’t Just for Files Anymore for information on other core security measures of interest. You can also see Tripwire’s file integrity monitoring tool in action by watching the video posted below.

Part of a Broader Security Effort

File integrity monitoring is just one of the foundational controls for which organizations should look when purchasing a new solution. To learn how Tripwire’s tools can help your organization implement those other security measures, click here.

The post ” What Is FIM (File Integrity Monitoring)?” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Cloud, Critical Severity, Malware, Phishing, Ransomware, TripWire

Continue Reading

Previous Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO
Next Millions of Routers Exposed to RCE by USB Kernel Bug

More Stories

  • Cyber Attacks
  • Data Breach

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

7 hours ago [email protected] (The Hacker News)
  • Data Breach

Meta to Use Off-Site Business Data for Feed and AI Personalization

19 hours ago [email protected] (The Hacker News)

Recent Posts

  • Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
  • Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
  • ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
  • Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
  • Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT