File integrity monitoring is a method of monitoring changes to files. Such solutions are able to identify who changed what, when and how. They are also able to advise how to restore the file to its original state if required.
File integrity monitoring does not only cover data that is created by users. It also applies perhaps more significantly to application data. One of the key indicators of compromise is the change to system files, log files etc. FIM solutions will identify and alert on these changes giving an early indication that something malicious may be occuring.
This granular monitoring of files means that FIM can also be a useful tool for detecting and remediating ransomware and other forms of malware.
File integrity monitoring is most effective when the network has been evaluated and critical data identified. Normally this will encompass highly regulated data (such as personal information) or business critical data (such as the schematics for a nuclear power plant).
File integrity monitoring is also extremely useful when working towards compliance. Some standards like PCI DSS mandate that the integrity of files should be maintained. Others like Sarbanes-Oxley imply it. In any case, ensuring that integrity is maintained is one of the key principles of data security and as such should be considered a priority.
One of the major challenges when implementing a FIM system is how compatible it is with change management. Careful coordination and integration of the two systems is essential in order to weed out the false positives.
Talk with an Expert
Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.