SlideShare a Scribd company logo

Meeting the True Intent of File Integrity Monitoring

Tripwire
Tripwire

Today, organizations simply use file integrity monitoring (FIM) to meet one of the many regulations, like PCI, that require it. But for most, the term “FIM” has become synonymous with “noise” due to the volume of change data it indiscriminately produces. Learn what true FIM is, and why it’s still critical for security and compliance. Whitepaper here: http://www.tripwire.com/register/meeting-the-true-intent-of-file-integrity-monitoring/

Technology
1 of 5
Download to read offline
Meeting the True Intent of File Integrity Monitoring WHITE PAPER
Introduction The term “file integrity monitoring,” or FIM, popped up however, a true FIM tool must provide additional information. back in 2001 when the VISA started working on a security That information, or intelligence, would allow it to only alert specification that would eventually become the Payment security teams to changes that pose increased threat to card- Card Industry Data Security Standard (PCI DSS, or just PCI). holder data, and not to the hundreds of thousands or even FIM was referenced in two requirements of PCI specification, millions of changes that occur daily on large, enterprise-level but requirement 10.5.5 specifically instructed organizations IT infrastructure. It’s also important to understand that while that processed, transmitted or stored cardholder data to FIM is valuable to PCI, it can and is used to reduce risk of “Use file integrity monitoring/change detection software compromise to any IT asset, not just cardholder data. (such as Tripwire) on logs to ensure that existing log data cannot be changed without generating alerts.” In reality, FIM had been around before its reference in the Making FIM an Effective evolving PCI standard. Previously, though, it used a different Security Tool name: “change audit.” So here we are ten years later. Where To return FIM to its rightful place at the security table, we is FIM now? Is it still relevant or important? Does it really must change how we use FIM and ensure our FIM solution protect data and improve security? The answers, in order are: has specific capabilities. We must decide what in the infra- 1. FIM is still called file integrity monitoring (FIM), and is structure needs to be monitored and how to manage the now part of almost every IT compliance regulation and changes to those IT assets that our FIM solution detects. We standard and every IT security standard. Some refer to also need a solution that gives us more information than FIM as “change audit.” a basic “something changed.” Finally, we need to analyze each change to identify when changes introduce risk. 2. Yes, FIM is still relevant and important, although many organizations that must use FIM solutions complain that DETERMINING WHAT TO MONITOR AND MANAGING the term “FIM” is now synonymous with “noise” due to DETECTED CHANGES the huge volume of changes these solutions detect. Monitoring every file on every device or application all the 3. Yes, FIM does protect data and improve security, but only time is impractical and unnecessary, so the first step for when FIM has specific capabilities. effective FIM is controlling what is monitored. Ideally, a In this paper, we give an overview of FIM, an explanation FIM solution would provide a way to control what files are of how FIM provides data protection and improves security, monitored for change and the level of monitoring these and what capabilities FIM must offer to effectively provide files require. In other words, the solution would let you that data protection and security. determine how much information about these files—the file properties—you want to capture. You would make those AN OVERVIEW OF FIM determinations based on the type of file being monitored FIM is technology that monitors files of all types and detects and how much risk changes to a file might introduce. For changes in these files that can lead to increased risk of data example, a permissions file for a financial application rep- compromise. Unfortunately, many merchants subject to FIM resents a high-risk file. You would likely want to harvest under PCI have lost sight of its intent and spirit. For these enough properties about changes to this file to help you merchants, FIM means noise: too many changes, no context determine if a change is “expected” or if it is “suspect.” around these changes, and very little insight into whether or Although you will limit the scope of the files you moni- not a given detected change poses a risk or is just business- tor, as well as the properties you capture for each monitored as-usual. It’s hard to argue with them given that this has file, even a medium-sized organization will generate a been their experience with the FIM tools they’ve used. large amount of change data. Managing the large vol- FIM actually is a critical tool in the fight against cardholder ume of change data captured by a FIM solution requires a data compromise, and really, of any type of sensitive data; 2 | WHITE PAPER | Meeting the True Intent of File Integrity Monitoring
version-based architecture that is compact and fast, and proposed and scheduled does not mean that it was actually that stores data permanently. One approach that has proven made or made correctly. Being able to confirm that a change highly successful is to capture the initial state, or baseline, has successfully been made is critical; otherwise improve- of every monitored file or element and store it in a data- ments that you think were made are not always realized and base. From that point on, the solution detects any changes problems remain when you think they have been resolved. to an element, including the properties you determined A true FIM solution needs to detect a change, and must also need to be monitored, and stores that change data in the be able to compare that change against what was expected database as the original baseline version plus these typically to change. Such capability provides independent confirma- minor changes. These “delta” versions, where delta means tion of change processes and policies. incremental change to the element’s properties, must be While most changes are intentional, or at least not harm- stored indefinitely in the database. But to truly add value, ful, some changes simply shouldn’t be made because they the solution must allow this captured history of each ele- pose increased risk to the environment. Critical configura- ment to be accessed, analyzed and acted upon at any point tion files are one example. Each of these files contains in time. one or more configuration settings values that must be in predefined states or ranges to meet and maintain security DETERMINING WHAT CHANGED AND WHO MADE policy. If any of these configuration files are changed, the THE CHANGE settings values must immediately be re-evaluated to deter- Knowing only that a file has changed is of little use unless mine if they still conform to the security policy. Application you know what about the file or what within the file has executable (.exe) files of mission critical applications are changed. Each file has dozens of attributes that, if changed, another example of file types that should probably generate could spell trouble. Capturing these attributes can provide an alert if they change for any reason. A true FIM solution information essential in determining if the change is harm- must know what has changed, what specific files are sup- ful or harmless—it tells you exactly what within a file posed to change, and if a given change is within policy. This changed so you can quickly determine if the change was ability to analyze changes converts volumes of change data high-risk and provides the information required to fix the from “noise” into actionable intelligence. issue. A true FIM solution will be able to harvest this level of information, including changes to configuration files and ADDRESSING THE ISSUE OF UNAUTHORIZED VS. even character-for-character differences to human-readable UNDESIRED/SUSPECT CHANGE file types like Word documents or PDF files. PCI DSS 11.5 requires merchants to “…alert on unauthorized In addition, knowing who made a change is often key to modification of critical system, content or configuration determining if a change is suspect or low-risk. But captur- files…,” but the term “unauthorized” is fairly misleading. ing the “who data” is not easy, and most FIM solutions are Many interpret the term to mean that they must measure unable to provide this important information. Most FIM how well the organization adheres to change process policy. solutions available today need to enable OS Auditing on the In fact, the intent of the term in the requirement is for monitored device to get this “who” information; yet most IT organizations to be alerted to changes that are undesirable professionals will not allow this due to concerns about secu- and could put cardholder data at risk of compromise. The rity. The use of real-time detection agents installed on each 11.5.b Testing Procedure that was added in version 2.0 of monitored device can overcome this issue. the security standard clarifies that it is an audit require- ment to “Verify the tools are configured to alert personnel DETERMINING IF EXPECTED, ACCEPTABLE CHANGES to unauthorized modification of critical files…”. WERE MADE Auditors have typically required proof that appropriate Many changes are intended to make improvements or change data has been captured, but there has been incon- to correct problems. However, just because a change is sistency in verifying whether the FIM solution was also Meeting the True Intent of File Integrity Monitoring | WHITE PAPER | 3
configured to determine if any of detected changes were change is the issue that must be addressed by FIM—and not authorized. Too often, the change data has just been that is the true intent of the PCI DSS 11.5 requirement. And stored “in bulk” in an effort to meet compliance require- not only should FIM detect bad change, it should detect it ments. However, if the data is not continually analyzed for immediately so the damage can be minimized. A true FIM “high-risk” change, the FIM solution provides limited—or solution helps merchants automatically determine if detect- no—protection against cardholder data compromise. Even ed change is authorized (or even most likely authorized). in cases where the FIM solution is being used to help deter- More importantly, a true FIM helps automatically determine mine which changes don’t follow approved change process, if a change is suspect and needs immediate investigation, or unauthorized change differs a great deal from suspect or is expected and can be considered low- or no-risk. undesired change. Unfortunately, many presume that unau- thorized change is always “bad,” which is not necessarily true. While an unauthorized change may not have followed Conclusion: True FIM Makes defined change process policy, it may actually resolve a FIM Relevant critical problem. On the other hand, defining a change as So again, we ask, “Is FIM still relevant and important?” The authorized presumes it is a “good” change, which may be answer is a resounding yes. FIM is a critical capability IT security and compliance need to protect the IT infrastruc- THE CAPABILITIES OF TRUE FIM ture and its sensitive data. But for FIM to be relevant, it Detects changes must do a lot more than just detect changes. “True FIM” Determines which changes introduce risk must use change detection to help determine whether the Determines which changes result in non-compliance changes are good or bad. It must also provide multiple ways to distinguish low-risk change from high-risk change. And it Distinguishes between high- and low-risk changes must do this at the speed of change. Integrates with other security point solutions In addition, True FIM should also work with other security point solutions, like those for log and security event man- equally untrue. Many authorized changes cause problems agement. Correlating change data with log and event data and have to be rolled back or modified—sometimes using an allows security professionals to better protect their environ- unauthorized process. ment, including cardholder data environments. Doing so, Whether a detected change can be reconciled to some allows security professionals to quickly see, trace and relate form of authorization or not fails to address the issue of a problem-causing activities with each other. Such visibility “bad” change; that is, a change that exposes a device or and intelligence provides the key for quickly remediating application to increased risk of compromise. Finding bad issues before they cause real damage. 4 | WHITE PAPER | Meeting the True Intent of File Integrity Monitoring
ABOUT TRIPWIRE Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses, government agencies, and service providers take control of their physical, virtual, and cloud infrastructure. Thousands of customers rely on Tripwire’s integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire VIA, the integrated compliance and security software platform, delivers best-of-breed file integrity, policy compliance and log and event management solutions, paving the way for organizations to proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and TripwireInc on Twitter. ©2011 Tripwire, Inc. | Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. | WPTFIM2a

Recommended

.The Complete Guide to Log and Event Management
.The Complete Guide to Log and Event Management.The Complete Guide to Log and Event Management
.The Complete Guide to Log and Event ManagementEnterprise Technology Management (ETM)
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Symantec control compliance suite
Symantec control compliance suiteSymantec control compliance suite
Symantec control compliance suiteSymantec
 
IT GRC with Symantec
IT GRC with SymantecIT GRC with Symantec
IT GRC with SymantecArrow ECS UK
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 

Recommended

.The Complete Guide to Log and Event Management
.The Complete Guide to Log and Event Management.The Complete Guide to Log and Event Management
.The Complete Guide to Log and Event ManagementEnterprise Technology Management (ETM)
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Symantec control compliance suite
Symantec control compliance suiteSymantec control compliance suite
Symantec control compliance suiteSymantec
 
IT GRC with Symantec
IT GRC with SymantecIT GRC with Symantec
IT GRC with SymantecArrow ECS UK
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergdawnrk
 
Digital Rights Management One For Sharepoint
Digital Rights Management One For SharepointDigital Rights Management One For Sharepoint
Digital Rights Management One For Sharepointpabatan
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)pabatan
 
Closing Compliance Gap
Closing Compliance GapClosing Compliance Gap
Closing Compliance GapSEEBURGER
 
Fasoo Company And Product Information
Fasoo Company And Product InformationFasoo Company And Product Information
Fasoo Company And Product Informationpabatan
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Directorate of Information Security | Ditjen Aptika
 
IBM Governance, Risk and Compliance for Data Movement and Exchange
IBM Governance, Risk and Compliance for Data Movement and ExchangeIBM Governance, Risk and Compliance for Data Movement and Exchange
IBM Governance, Risk and Compliance for Data Movement and ExchangeLightwell
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Securityebuc
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Computer engineering company
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business valueEnterprise Technology Management (ETM)
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperIBM
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Issue identification cloud computing
Issue identification cloud computingIssue identification cloud computing
Issue identification cloud computinggirish0984
 
Building a Business Case for Credentialed Vulnerability Scanning
Building a Business Case for Credentialed Vulnerability ScanningBuilding a Business Case for Credentialed Vulnerability Scanning
Building a Business Case for Credentialed Vulnerability ScanningTripwire
 
What’s New in PCI DSS v2
What’s New in PCI DSS v2What’s New in PCI DSS v2
What’s New in PCI DSS v2Tripwire
 
Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Tripwire
 

More Related Content

What's hot

Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergdawnrk
 
Digital Rights Management One For Sharepoint
Digital Rights Management One For SharepointDigital Rights Management One For Sharepoint
Digital Rights Management One For Sharepointpabatan
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)pabatan
 
Closing Compliance Gap
Closing Compliance GapClosing Compliance Gap
Closing Compliance GapSEEBURGER
 
Fasoo Company And Product Information
Fasoo Company And Product InformationFasoo Company And Product Information
Fasoo Company And Product Informationpabatan
 
IBM Governance, Risk and Compliance for Data Movement and Exchange
IBM Governance, Risk and Compliance for Data Movement and ExchangeIBM Governance, Risk and Compliance for Data Movement and Exchange
IBM Governance, Risk and Compliance for Data Movement and ExchangeLightwell
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Securityebuc
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Computer engineering company
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperIBM
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Issue identification cloud computing
Issue identification cloud computingIssue identification cloud computing
Issue identification cloud computinggirish0984
 

What's hot (19)

Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Digital Rights Management One For Sharepoint
Digital Rights Management One For SharepointDigital Rights Management One For Sharepoint
Digital Rights Management One For Sharepoint
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)
 
Closing Compliance Gap
Closing Compliance GapClosing Compliance Gap
Closing Compliance Gap
 
Fasoo Company And Product Information
Fasoo Company And Product InformationFasoo Company And Product Information
Fasoo Company And Product Information
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
IBM Governance, Risk and Compliance for Data Movement and Exchange
IBM Governance, Risk and Compliance for Data Movement and ExchangeIBM Governance, Risk and Compliance for Data Movement and Exchange
IBM Governance, Risk and Compliance for Data Movement and Exchange
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Brief
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & Cost
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security Paper
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Issue identification cloud computing
Issue identification cloud computingIssue identification cloud computing
Issue identification cloud computing
 

Viewers also liked

Building a Business Case for Credentialed Vulnerability Scanning
Building a Business Case for Credentialed Vulnerability ScanningBuilding a Business Case for Credentialed Vulnerability Scanning
Building a Business Case for Credentialed Vulnerability ScanningTripwire
 
What’s New in PCI DSS v2
What’s New in PCI DSS v2What’s New in PCI DSS v2
What’s New in PCI DSS v2Tripwire
 
Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Tripwire
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicTripwire
 
Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime ControlsCombating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime ControlsTripwire
 
Shedding Light on Smart Grid & Cyber Security
Shedding Light on Smart Grid & Cyber SecurityShedding Light on Smart Grid & Cyber Security
Shedding Light on Smart Grid & Cyber SecurityTripwire
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
 

Viewers also liked (7)

Building a Business Case for Credentialed Vulnerability Scanning
Building a Business Case for Credentialed Vulnerability ScanningBuilding a Business Case for Credentialed Vulnerability Scanning
Building a Business Case for Credentialed Vulnerability Scanning
 
What’s New in PCI DSS v2
What’s New in PCI DSS v2What’s New in PCI DSS v2
What’s New in PCI DSS v2
 
Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
 
Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime ControlsCombating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
 
Shedding Light on Smart Grid & Cyber Security
Shedding Light on Smart Grid & Cyber SecurityShedding Light on Smart Grid & Cyber Security
Shedding Light on Smart Grid & Cyber Security
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
 

Similar to Meeting the True Intent of File Integrity Monitoring

IBM Managed File Transfer Suite
IBM Managed File Transfer SuiteIBM Managed File Transfer Suite
IBM Managed File Transfer SuiteLightwell
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxrtodd599
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxjeffsrosalyn
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalDataExpress
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalDataExpress
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
EMC Data Domain Retention Lock Software: Detailed Review
EMC Data Domain Retention Lock Software: Detailed ReviewEMC Data Domain Retention Lock Software: Detailed Review
EMC Data Domain Retention Lock Software: Detailed ReviewEMC
 
File Integrity Monitoring Data Sheet
File Integrity Monitoring Data SheetFile Integrity Monitoring Data Sheet
File Integrity Monitoring Data Sheetjordagro
 
7 Best Secure Managed File Transfer Tools for Businesses.docx
7 Best Secure Managed File Transfer Tools for Businesses.docx7 Best Secure Managed File Transfer Tools for Businesses.docx
7 Best Secure Managed File Transfer Tools for Businesses.docxSameerShaik43
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Information and communication systems
Information and communication systemsInformation and communication systems
Information and communication systemsYasmina Rayeh
 
Choosing A Secondary Storage
Choosing A Secondary StorageChoosing A Secondary Storage
Choosing A Secondary StorageJessica Tanner
 
Seclore File Secure Introduction Brief
Seclore File Secure Introduction BriefSeclore File Secure Introduction Brief
Seclore File Secure Introduction BriefNováccent
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 

Similar to Meeting the True Intent of File Integrity Monitoring (20)

IBM Managed File Transfer Suite
IBM Managed File Transfer SuiteIBM Managed File Transfer Suite
IBM Managed File Transfer Suite
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docx
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docx
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express final
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express final
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
EMC Data Domain Retention Lock Software: Detailed Review
EMC Data Domain Retention Lock Software: Detailed ReviewEMC Data Domain Retention Lock Software: Detailed Review
EMC Data Domain Retention Lock Software: Detailed Review
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance Software
 
File Integrity Monitoring Data Sheet
File Integrity Monitoring Data SheetFile Integrity Monitoring Data Sheet
File Integrity Monitoring Data Sheet
 
7 Best Secure Managed File Transfer Tools for Businesses.docx
7 Best Secure Managed File Transfer Tools for Businesses.docx7 Best Secure Managed File Transfer Tools for Businesses.docx
7 Best Secure Managed File Transfer Tools for Businesses.docx
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
 
Information and communication systems
Information and communication systemsInformation and communication systems
Information and communication systems
 
Choosing A Secondary Storage
Choosing A Secondary StorageChoosing A Secondary Storage
Choosing A Secondary Storage
 
Seclore File Secure Introduction Brief
Seclore File Secure Introduction BriefSeclore File Secure Introduction Brief
Seclore File Secure Introduction Brief
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
 

More from Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Meeting the True Intent of File Integrity Monitoring

  • 1. Meeting the True Intent of File Integrity Monitoring WHITE PAPER
  • 2. Introduction The term “file integrity monitoring,” or FIM, popped up however, a true FIM tool must provide additional information. back in 2001 when the VISA started working on a security That information, or intelligence, would allow it to only alert specification that would eventually become the Payment security teams to changes that pose increased threat to card- Card Industry Data Security Standard (PCI DSS, or just PCI). holder data, and not to the hundreds of thousands or even FIM was referenced in two requirements of PCI specification, millions of changes that occur daily on large, enterprise-level but requirement 10.5.5 specifically instructed organizations IT infrastructure. It’s also important to understand that while that processed, transmitted or stored cardholder data to FIM is valuable to PCI, it can and is used to reduce risk of “Use file integrity monitoring/change detection software compromise to any IT asset, not just cardholder data. (such as Tripwire) on logs to ensure that existing log data cannot be changed without generating alerts.” In reality, FIM had been around before its reference in the Making FIM an Effective evolving PCI standard. Previously, though, it used a different Security Tool name: “change audit.” So here we are ten years later. Where To return FIM to its rightful place at the security table, we is FIM now? Is it still relevant or important? Does it really must change how we use FIM and ensure our FIM solution protect data and improve security? The answers, in order are: has specific capabilities. We must decide what in the infra- 1. FIM is still called file integrity monitoring (FIM), and is structure needs to be monitored and how to manage the now part of almost every IT compliance regulation and changes to those IT assets that our FIM solution detects. We standard and every IT security standard. Some refer to also need a solution that gives us more information than FIM as “change audit.” a basic “something changed.” Finally, we need to analyze each change to identify when changes introduce risk. 2. Yes, FIM is still relevant and important, although many organizations that must use FIM solutions complain that DETERMINING WHAT TO MONITOR AND MANAGING the term “FIM” is now synonymous with “noise” due to DETECTED CHANGES the huge volume of changes these solutions detect. Monitoring every file on every device or application all the 3. Yes, FIM does protect data and improve security, but only time is impractical and unnecessary, so the first step for when FIM has specific capabilities. effective FIM is controlling what is monitored. Ideally, a In this paper, we give an overview of FIM, an explanation FIM solution would provide a way to control what files are of how FIM provides data protection and improves security, monitored for change and the level of monitoring these and what capabilities FIM must offer to effectively provide files require. In other words, the solution would let you that data protection and security. determine how much information about these files—the file properties—you want to capture. You would make those AN OVERVIEW OF FIM determinations based on the type of file being monitored FIM is technology that monitors files of all types and detects and how much risk changes to a file might introduce. For changes in these files that can lead to increased risk of data example, a permissions file for a financial application rep- compromise. Unfortunately, many merchants subject to FIM resents a high-risk file. You would likely want to harvest under PCI have lost sight of its intent and spirit. For these enough properties about changes to this file to help you merchants, FIM means noise: too many changes, no context determine if a change is “expected” or if it is “suspect.” around these changes, and very little insight into whether or Although you will limit the scope of the files you moni- not a given detected change poses a risk or is just business- tor, as well as the properties you capture for each monitored as-usual. It’s hard to argue with them given that this has file, even a medium-sized organization will generate a been their experience with the FIM tools they’ve used. large amount of change data. Managing the large vol- FIM actually is a critical tool in the fight against cardholder ume of change data captured by a FIM solution requires a data compromise, and really, of any type of sensitive data; 2 | WHITE PAPER | Meeting the True Intent of File Integrity Monitoring
  • 3. version-based architecture that is compact and fast, and proposed and scheduled does not mean that it was actually that stores data permanently. One approach that has proven made or made correctly. Being able to confirm that a change highly successful is to capture the initial state, or baseline, has successfully been made is critical; otherwise improve- of every monitored file or element and store it in a data- ments that you think were made are not always realized and base. From that point on, the solution detects any changes problems remain when you think they have been resolved. to an element, including the properties you determined A true FIM solution needs to detect a change, and must also need to be monitored, and stores that change data in the be able to compare that change against what was expected database as the original baseline version plus these typically to change. Such capability provides independent confirma- minor changes. These “delta” versions, where delta means tion of change processes and policies. incremental change to the element’s properties, must be While most changes are intentional, or at least not harm- stored indefinitely in the database. But to truly add value, ful, some changes simply shouldn’t be made because they the solution must allow this captured history of each ele- pose increased risk to the environment. Critical configura- ment to be accessed, analyzed and acted upon at any point tion files are one example. Each of these files contains in time. one or more configuration settings values that must be in predefined states or ranges to meet and maintain security DETERMINING WHAT CHANGED AND WHO MADE policy. If any of these configuration files are changed, the THE CHANGE settings values must immediately be re-evaluated to deter- Knowing only that a file has changed is of little use unless mine if they still conform to the security policy. Application you know what about the file or what within the file has executable (.exe) files of mission critical applications are changed. Each file has dozens of attributes that, if changed, another example of file types that should probably generate could spell trouble. Capturing these attributes can provide an alert if they change for any reason. A true FIM solution information essential in determining if the change is harm- must know what has changed, what specific files are sup- ful or harmless—it tells you exactly what within a file posed to change, and if a given change is within policy. This changed so you can quickly determine if the change was ability to analyze changes converts volumes of change data high-risk and provides the information required to fix the from “noise” into actionable intelligence. issue. A true FIM solution will be able to harvest this level of information, including changes to configuration files and ADDRESSING THE ISSUE OF UNAUTHORIZED VS. even character-for-character differences to human-readable UNDESIRED/SUSPECT CHANGE file types like Word documents or PDF files. PCI DSS 11.5 requires merchants to “…alert on unauthorized In addition, knowing who made a change is often key to modification of critical system, content or configuration determining if a change is suspect or low-risk. But captur- files…,” but the term “unauthorized” is fairly misleading. ing the “who data” is not easy, and most FIM solutions are Many interpret the term to mean that they must measure unable to provide this important information. Most FIM how well the organization adheres to change process policy. solutions available today need to enable OS Auditing on the In fact, the intent of the term in the requirement is for monitored device to get this “who” information; yet most IT organizations to be alerted to changes that are undesirable professionals will not allow this due to concerns about secu- and could put cardholder data at risk of compromise. The rity. The use of real-time detection agents installed on each 11.5.b Testing Procedure that was added in version 2.0 of monitored device can overcome this issue. the security standard clarifies that it is an audit require- ment to “Verify the tools are configured to alert personnel DETERMINING IF EXPECTED, ACCEPTABLE CHANGES to unauthorized modification of critical files…”. WERE MADE Auditors have typically required proof that appropriate Many changes are intended to make improvements or change data has been captured, but there has been incon- to correct problems. However, just because a change is sistency in verifying whether the FIM solution was also Meeting the True Intent of File Integrity Monitoring | WHITE PAPER | 3
  • 4. configured to determine if any of detected changes were change is the issue that must be addressed by FIM—and not authorized. Too often, the change data has just been that is the true intent of the PCI DSS 11.5 requirement. And stored “in bulk” in an effort to meet compliance require- not only should FIM detect bad change, it should detect it ments. However, if the data is not continually analyzed for immediately so the damage can be minimized. A true FIM “high-risk” change, the FIM solution provides limited—or solution helps merchants automatically determine if detect- no—protection against cardholder data compromise. Even ed change is authorized (or even most likely authorized). in cases where the FIM solution is being used to help deter- More importantly, a true FIM helps automatically determine mine which changes don’t follow approved change process, if a change is suspect and needs immediate investigation, or unauthorized change differs a great deal from suspect or is expected and can be considered low- or no-risk. undesired change. Unfortunately, many presume that unau- thorized change is always “bad,” which is not necessarily true. While an unauthorized change may not have followed Conclusion: True FIM Makes defined change process policy, it may actually resolve a FIM Relevant critical problem. On the other hand, defining a change as So again, we ask, “Is FIM still relevant and important?” The authorized presumes it is a “good” change, which may be answer is a resounding yes. FIM is a critical capability IT security and compliance need to protect the IT infrastruc- THE CAPABILITIES OF TRUE FIM ture and its sensitive data. But for FIM to be relevant, it Detects changes must do a lot more than just detect changes. “True FIM” Determines which changes introduce risk must use change detection to help determine whether the Determines which changes result in non-compliance changes are good or bad. It must also provide multiple ways to distinguish low-risk change from high-risk change. And it Distinguishes between high- and low-risk changes must do this at the speed of change. Integrates with other security point solutions In addition, True FIM should also work with other security point solutions, like those for log and security event man- equally untrue. Many authorized changes cause problems agement. Correlating change data with log and event data and have to be rolled back or modified—sometimes using an allows security professionals to better protect their environ- unauthorized process. ment, including cardholder data environments. Doing so, Whether a detected change can be reconciled to some allows security professionals to quickly see, trace and relate form of authorization or not fails to address the issue of a problem-causing activities with each other. Such visibility “bad” change; that is, a change that exposes a device or and intelligence provides the key for quickly remediating application to increased risk of compromise. Finding bad issues before they cause real damage. 4 | WHITE PAPER | Meeting the True Intent of File Integrity Monitoring
  • 5. ABOUT TRIPWIRE Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses, government agencies, and service providers take control of their physical, virtual, and cloud infrastructure. Thousands of customers rely on Tripwire’s integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire VIA, the integrated compliance and security software platform, delivers best-of-breed file integrity, policy compliance and log and event management solutions, paving the way for organizations to proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and TripwireInc on Twitter. ©2011 Tripwire, Inc. | Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. | WPTFIM2a