File Integrity Monitoring
   HOME

TheInfoList



Click Here for Items Related To - File Integrity Monitoring
OR:
File Integrity Monitoring on:   [Wikipedia]   [Google]   [Amazon]

File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software
files File or filing may refer to: Mechanical tools and processes * File (tool), a tool used to ''remove'' fine amounts of material from a workpiece **Filing (metalworking), a material removal process in manufacturing ** Nail file, a tool used to gent ...
using a verification method between the current file state and a known, good baseline. This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file. Other file attributes can also be used to monitor integrity. Generally, the act of performing file integrity monitoring is automated using internal controls such as an application or process. Such monitoring can be performed randomly, at a defined polling interval, or in real-time.


Security objectives

Changes to configurations, files and file attributes across the IT infrastructure are common, but hidden within a large volume of daily changes can be the few that impact file or configuration integrity. These changes can also reduce security posture and in some cases may be leading indicators of a breach in progress. Values monitored for unexpected changes to files or configuration items include: * Credentials * Privileges and Security Settings * Content * Core attributes and size * Hash values * Configuration values


Compliance objectives

Multiple compliance objectives indicate file integrity monitoring as a requirement. Several examples of compliance objectives with the requirement for file integrity monitoring include: * PCI DSS - Payment Card Industry Data Security Standard (Requirement 11.5) * SOX - Sarbanes-Oxley Act (Section 404) * NERC CIP - NERC CIP Standard (CIP-010-2) * FISMA - Federal Information Security Management Act (NIST SP800-53 Rev3) * HIPAA - Health Insurance Portability and Accountability Act of 1996 (NIST Publication 800-66) * SANS Critical Security Controls (Control 3)


See Also

Procedures and algorithms: * checksum * File verification Applications, some examples (where FIM is used) include: * Advanced Intrusion Detection Environment * Another File Integrity ChecKer * BeyondTrust
CimTrak
*
CloudPassage CloudPassage is a company that provides an automation platform, delivered via software as a service, that improves security for private, public, and hybrid cloud computing environments. CloudPassage is headquartered in San Francisco. History Clo ...
* Kaspersky Lab Hybrid Cloud Security, Embedded Security, Security for Linux, Security for Windows Server * LimaCharlie *
Lockpath Lockpath is a governance, risk management, and compliance and information security software platform based in Overland Park, Kansas. Its Keylight platform integrates business processes to simplify risk management and regulatory compliance ch ...
Blacklight *
LogRhythm LogRhythm, Inc. is an American security intelligence company that specializes in Security Information and Event Management (SIEM), log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm is headquartered ...
*
McAfee Change Control McAfee Change Control is a commercial file integrity monitoring File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a veri ...
* Netwrix-NNT Change Tracker *
OSSEC OSSEC (Open Source HIDS SECurity) is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It pro ...
* Qualys * Samhain * Splunk *
System File Checker System File Checker (SFC) is a utility in Microsoft Windows that allows users to scan for and restore corrupted Windows system files. Overview Microsoft ships this utility with Windows 98, Windows 2000 and all subsequent versions of the Windows ...
(provided with Windows) * Tanium Integrity Monitor * Trend Micro Deep Security * Tripwire products * Trustwave


References

{{Reflist Change management Computer forensics