File Integrity Monitoring
   HOME

TheInfoList



Click Here for Items Related To - File Integrity Monitoring
OR:
File Integrity Monitoring on:   [Wikipedia]   [Google]   [Amazon]

File integrity monitoring (FIM) is an
internal control Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad ...
or
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
that performs the act of validating the
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...
of
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
and
application software Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a ...
files using a verification method between the current file state and a known, good baseline. This comparison method often involves calculating a known cryptographic
checksum A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...
of the file's original baseline and comparing with the calculated checksum of the current state of the file. Other file attributes can also be used to monitor integrity. Generally, the act of performing file integrity monitoring is automated using internal controls such as an application or
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
. Such monitoring can be performed
randomly In common usage, randomness is the apparent or actual lack of pattern or predictability in events. A random sequence of events, symbols or steps often has no :wikt:order, order and does not follow an intelligible pattern or combination. Ind ...
, at a defined
polling Poll, polled, or polling may refer to: Figurative head counts * Poll, a formal election ** Election verification exit poll, a survey taken to verify election counts ** Polling, voting to make decisions or determine opinions ** Polling places o ...
interval, or in
real-time Real-time or real time describes various operations in computing or other processes that must guarantee response times within a specified time (deadline), usually a relatively short time. A real-time process is generally one that happens in defined ...
.


Security objectives

Changes to configurations, files and file attributes across the IT infrastructure are common, but hidden within a large volume of daily changes can be the few that impact file or configuration integrity. These changes can also reduce security posture and in some cases may be leading indicators of a breach in progress. Values monitored for unexpected changes to files or configuration items include: * Credentials * Privileges and Security Settings * Content * Core attributes and size * Hash values * Configuration values


Compliance objectives

Multiple compliance objectives indicate file integrity monitoring as a
requirement In product development and process optimization, a requirement is a singular documented physical or functional need that a particular design, product or process aims to satisfy. It is commonly used in a formal sense in engineering design, includ ...
. Several examples of compliance objectives with the requirement for file integrity monitoring include: * PCI DSS - Payment Card Industry Data Security Standard (Requirement 11.5) * SOX - Sarbanes-Oxley Act (Section 404) * NERC CIP - NERC CIP Standard (CIP-010-2) * FISMA - Federal Information Security Management Act (NIST SP800-53 Rev3) * HIPAA - Health Insurance Portability and Accountability Act of 1996 (NIST Publication 800-66) * SANS Critical Security Controls (Control 3)


See Also

Procedures and algorithms: *
checksum A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...
*
File verification File verification is the process of using an algorithm for verifying the integrity of a computer file, usually by checksum. This can be done by comparing two files bit-by-bit, but requires two copies of the same file, and may miss systematic corru ...
Applications, some examples (where FIM is used) include: * Advanced Intrusion Detection Environment * Another File Integrity ChecKer *
BeyondTrust BeyondTrust (formerly Symark) is an American company that develops, markets, and supports a family of privileged identity management / access management (PIM/PAM), privileged remote access, and vulnerability management products for UNIX, Linux, W ...

CimTrak
* CloudPassage *
Kaspersky Lab Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in th ...
Hybrid Cloud Security, Embedded Security, Security for Linux, Security for Windows Server * LimaCharlie * Lockpath Blacklight * LogRhythm * McAfee Change Control * Netwrix-NNT Change Tracker * OSSEC *
Qualys Qualys, Inc. provides cloud security, compliance and related services and is based in Foster City, California. Qualys provides vulnerability management solutions using a "software as a service" (SaaS) model. It has added cloud-based compliance a ...
*
Samhain Samhain ( , , , ; gv, Sauin ) is a Gaelic festival on 1 NovemberÓ hÓgáin, Dáithí. ''Myth Legend and Romance: An Encyclopaedia of the Irish Folk Tradition''. Prentice Hall Press, 1991. p. 402. Quote: "The basic Irish division of the year ...
*
Splunk Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a Web-style interface. Its software helps capture, index and correlate ...
* System File Checker (provided with Windows) *
Tanium Tanium is a privately held cybersecurity and systems management company with headquarters in Kirkland, Washington and its operations center in Emeryville, California Emeryville is a city located in northwest Alameda County, California, in the ...
Integrity Monitor *
Trend Micro is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and ...
Deep Security *
Tripwire A tripwire is a passive triggering mechanism. Typically, a wire or cord is attached to a device for detecting or reacting to physical movement. Military applications Such tripwires may be attached to one or more mines – especially fragm ...
products *
Trustwave Trustwave Holdings is an American standalone business unit cybersecurity independent subsidiary and brand of multinational telecommunications company Singtel Group Enterprise. It focuses on providing managed detection and response (MDR), managed ...


References

{{Reflist Change management Computer forensics