Next-Gen File Integrity Monitoring

What is File Integrity Monitoring (FIM)?

File Integrity Monitoring (FIM) is a category of cybersecurity technologies that monitors critical files and detects changes. While legacy tools were limited to monitoring system files, today's Next-Gen FIM tools can detect change to critical data wherever it exists, including:

  • Windows Registry
  • Drivers
  • Installed Software
  • Security Policies
  • Services
  • Network Share Files & Configuration
  • Local Users / Groups
  • Active Directory / LDAP
  • Microsoft Exchange
  • Network Devices (Firewalls, Switches, Routers)
  • Hypervisors (ESXi, HyperV, XenServer)
  • Databases (MSSQL, Oracle, MYSQL, Maria DB, IBM, DB2)
Dashboard LOG MODE
To detect change, FIM tools compare each file against a known and trusted baseline. If a file has been changed, updated, or compromised, the tool alerts a human analyst to investigate further. Next-Gen FIM tools take this a step further by making it easy to "roll back" files to their trusted state and even block changes to sensitive files.

File Integrity Monitoring Best Practices

There's a big difference between File Integrity Monitoring tools. The table below shows how legacy tools stack up against Next-Gen FIM software.

Basic File Monitoring

  • Lots of noisy alerts
  • Uses a denylist to identify malicious changes
  • Resource-intensive and relies on daily active scans
  • "Shelfware" that's usually only present to satisfy compliance requirements

File and System Integrity Monitoring

  • Cuts irrelevant change noise by 95%
  • Uses denylists, allowlists, and trusted file registry to uncover malicious activity without swamping analysts with alerts
  • Detects change in real-time and barely registers on the resource monitor
  • Fundamental to maintaining real-time system integrity across corporate IT environments

Maintain Integrity in Your IT Environment

Integrity assurance establishes a known, trusted, and authoritative baseline of what is allowed and then prevents, limits, or rolls back everything else. Whenever an unknown change occurs, it's managed by exception. Acceptable changes are added to the baseline, while dangerous changes are prevented. 

 

8 Steps + NIST

 

Next-Gen FIM automates the integrity assurance loop, slashing "change noise" common with legacy FIM tools and enforcing integrity across IT environments and the full data lifecycle.

File Monitoring and Integrity Verification
in Real-Time

Legacy FIM tools lack real-time monitoring. This prevents organizations from responding to attacks for up to 24 hours, giving attackers time to cause damage, traverse the network, or steal data. 

Next-Gen File Integrity Monitoring tools monitor for changes and verify file and data integrity in real-time. This provides two huge benefits:

Respond Instantly to Attacks

Known bad changes are prevented or rolled back automatically. E.g., if a configuration setting is changed out of compliance with CIS Benchmarks, the tool can instantly reverse the change. 

Incident responders can triage unknown changes quickly without wasting time on "noisy" false positives. 

Save Network Resources

Next-Gen tools scan the environment once to establish a baseline, then receive change data from agents and modules across the environment. 

This process is highly efficient and barely registers on the resource monitor. 

Next-Gen FIM Automates
Compliance and System Hardening

Automate compliance with PCI-DSSHIPAANIST 800-171CMMC, and many more, PLUS system hardening best practice frameworks like CIS Benchmarks and DISA STIGS.

Compliance Automation
in 3 Easy Steps

A Next-Gen FIM tool automates compliance and system hardening by:

1. Building requirements of all applicable frameworks into the trusted baseline.

2. Continually monitoring all files and configurations against the baseline.

3. Raising alerts for issues or misconfiguration and providing clear evidence and guidance to resolve it.

How Next-Gen FIM Maps to
9 Compliance Frameworks

Next-Gen FIM can help your organization reach and maintain compliance with any framework. Just update your trusted baseline to include all relevant compliance requirements and then action a manageable number of alerts. 

compliance_frameworks