In any organization’s IT environment, change is an integral part. Hardware keeps changing. Software programs are often updated or even changed. Network configurations, user roles and privileges all undergo changes all the time.
Many companies have asset discovery & secure configuration management (SCM) software in place within which these changes are usually pre-authorized. But there are many cases wherein such systems are not treated with the respect they deserve. The urgency of getting things done often overrules the sanctity of systems. Hence while most of these changes are authorized, some are not.
Often, in the case of unauthorized changes, there could be a dilemma whether a particular change was intended or does it indicate a cyberattack or a malware activity. Hence it is necessary to keep monitoring all IT assets at all times and detect and flag changes whether authorized or unauthorized.
And most SCM deployments are pretty elementary. These solutions help organizations to build an inventory of devices & monitor these products’ configurations from time to time. But these solutions do not provide information about important file level changes. This shortcoming is fulfilled by a FIM solution.
File Integrity Monitoring, popularly known as FIM, is an integral part of an IT security policy framework. A FIM solution executes change auditing scans, analyses & reports on operating systems, databases & application software to determine whether they have been tampered with. FIM creates a digital footprint of the files. Reactive auditing as well as proactive rule-based active monitoring are both possible using FIM.
The FIM technology first audits and analyses the selected files and generates a good baseline digital fingerprint of the files. Thereafter, for each subsequent scan it compares the digitally created fingerprint of a file with the last known good baseline fingerprint.
A good quality FIM tool is needed to monitor various elements of the IT environment like OS, Database, Middleware, Servers, Network Devices, Active Directory, Hypervisor, Cloud-based Services etc. The FIM software looks for many aspects of the files like
While a FIM audit can be carried out at any time, it is best if it is done at regular intervals.
An enterprise-grade FIM solution needs to provide insights into change management, centralized logging & reporting, alerts etc. FIM specifically involves examining files to see if and when they’ve changed, how they’ve changed, who changed them, and what can be done to restore those files if those modifications are unauthorized.
Important steps for File Integrity Monitoring:
FIM is useful for detecting malware as well as achieving compliance with regulations like PCI DSS, NERC, CIP, FISMA, SOX, NIST and HIPAA, and other such best practice frameworks.
Considering that FIM plays a major role in compliance monitoring, a correct selection of a FIM solution becomes very critical. I recommend considering the below points for selecting the FIM solution for your business.
So if you haven’t yet implemented anything on the FIM front, do reach out to us and our team shall be happy to guide you.