Tripwire's industry-leading FIM solution not only detects changes to files, but helps IT remediate unauthorized changes, reduce risk and maximize uptime.
Full Visibility of Changes
Capture all the changes and the details of who made the change and when.
Customized to You
Customize severities and scoring to reflect your risk profile and business context.
Auto-reconciliation of detected changes streamlines the monitoring process and differentiates good from bad changes.
FIM is a fundamental control and is part of almost every IT compliance regulation and IT security standard.
What is File Integrity Monitoring (FIM)?
The term “file integrity monitoring” was first used back in 2001 when VISA was working on a security specification that would eventually become the PCI standard.
FIM is technology that monitors and detects changes in files that may indicate a cyber attack. Unfortunately, for many organizations, FIM mostly means noise: too many changes, no context around these changes, and very little insight into whether a change actually poses a risk. FIM is a critical security control, but it must provide sufficient insight and actionable intelligence. “True FIM” is more than change detection. It helps you determine whether those changes are good or bad.
A true FIM process consists of the following steps:
1. Set policy: Start by defining your policy, identifying which files on which devices need to be monitored.
2. Baseline files: Then ensure the files you assess are in a known good state. This may involve evaluating version, creation and modification dates, or any other file attribute.
3. Monitor & Reconcile Changes: You may see hundreds of file changes on a normal day on a single system. Knowing a good change from a bad one is essential.
4. Alert: When unauthorized changes are detected, focus on the highest priority alerts and take corrective action before more damage is done.
5. Report: FIM is required for PCI compliance and most other standards. Clear reports with the ability to drill-down are important both for operational processes and audit compliance.
Know Who Changed Your Files
Knowing only that a file has changed is of little use unless you know what about the file has changed. Each file has dozens of attributes that, if changed, could spell trouble. Capturing these attributes can provide information essential in determining if the change was harmful or not. A true FIM solution will be able to harvest this level of information. In addition, knowing who made a change is often key to determining if a change is low-risk or high. But capturing the “who data” is not easy, and most FIM solutions are unable to provide this important intelligence.
Most changes are intended to make improvements or to correct problems. However, just because a change is scheduled does not mean that it was actually made. Confirmation that a change was correctly applied is critical. Otherwise, issues you thought you resolved may not be. A true FIM solution needs to detect a change, and must also be able to compare that change against what was expected. Such capability provides independent confirmation of change processes and policies.
Critical Controls from the Inventor of File Integrity Monitoring
Tripwire File Integrity Monitoring has the unique, built-in capability to reduce noise by providing multiple ways of determining low-risk from high-risk change. Auto-promoting countless business-as-usual changes reduces the noise so IT has more time to investigate changes that may truly impact security and introduce risk. Tripwire uses agents to continuously capture detailed who, what, and when details in real time. This enables you to detect all change, capture details about each one, and use those details to determine the impact.
Tripwire’s file integrity monitoring empowers IT professionals to enforce change and configuration management policies. This can ensure compliance with internal governance, external regulatory requirements, and industry best practices. By adopting Tripwire IT automation solutions, organizations achieve a known and trusted state by automating compliance, mitigating security risk and improving operational efficiency.
Need Help Understanding How Tripwire Adds Value to FIM?
A FIM solution should not only detect any changes to files, but also include capabilities that help IT immediately remediate issues caused by improper change.