The right file integrity monitoring solution does more than just detect change. It adds invaluable insight and context, including the who, what, and why. FIM solutions vary widely from limited “checkbox” compliance programs to robust integrity monitoring that can positively transform your organization's overall security posture.
With a wide range of capabilities and approaches available, it's easy to get overwhelmed. This in-depth buyer's guide will help you understand the essential elements of FIM and what capabilities to look for in FIM solution. Complete the form to download your copy and learn:
- What is file integrity monitoring?
- What should be monitored?
- Key product requirement checklists
- Operational and security requirements
- Integration and reporting requirements
What Is FIM software?
In an IT network, a file can range from simple text file to a configuration script, and any change can compromise its integrity. A change to a single line item in a 100-line script could prove detrimental to the entire file or even operating system. For example, incorrectly assigning the wrong IP address to a startup script or a newly installed network printer could disrupt the network. Below are some examples of the type of configuration settings a file integrity monitoring solution detects and monitors:
File integrity monitoring (FIM) solutions, also called change auditing solutions, ensure the file for a server, device, hypervisor, application, or other element in the IT infrastructure remains in a known good state, even in the face of inevitable changes to these files. Ideally a FIM not only detects any changes to files, but also includes capabilities that help IT immediately remediate issues caused by improper change.
When IT deploys a system/component into its technology infrastructure, it typically does so with the knowledge that the component is initially configured appropriately. A FIM solution captures the known good state of the entire system’s IT configuration settings when it is deployed — or when it has been configured with recommended settings — and uses this state as a baseline configuration against which the solution can compare a later configuration. Many times this configuration state is referred to as a golden, compliance, or configuration baseline. A baseline-to-current-configuration comparison lets the solution immediately and automatically detect discrepancies caused by change.
Tripwire Integrity and Compliance Monitoring Software
Given the rapid deployment of virtual machines, an ideal file integrity monitoring solution would also include in the baseline the configurations of virtual environment elements. These elements include the physical server, hypervisor, each guest OS, and all applications and databases running on a guest OS.
When the solution detects change, IT needs to determine whether or not the integrity of a file has been compromised and whether the change requires immediate attention. IT should have the ability to specify which devices and files are critical — and therefore require high-level, immediate attention — versus those that do not. For example the configuration file of an e-commerce site or a database populated with sensitive customer financial or medical data would warrant immediate attention, while configuration changes to non-critical systems could be given a “best effort” response.
Superior file integrity monitoring — FIM that includes compliance policy management — requires not only the detection and reporting of unauthorized changes, specific types of changes, changes made under certain conditions and user-specified severity of changes. It must also perform an assessment of how an existing (or just changed) configuration compares with established organizational and regulatory guidelines.