File Integrity Monitoring

File Integrity Monitoring (FIM) is an essential security control that, done properly, monitors and reports any change to the integrity of system and configuration files. Maintaining integrity is key because changes to files could represent a malware infection.

Malware will typically reside within an executable file or have some means of triggering a command or code. Malware will either embed itself within an existing file or create a new one masquerading as a legitimate inclusion.

NNT is quite simply the best and most effective FIM solution on the market today because it is the only one that combines inbuilt self-learning intelligence to determine the validity of activity with the world’s largest file whitelisting service to determine the authenticity of activity.

The result is a precision system that will sift through the mass of legitimate file changes and only alert you to those that may be potentially harmful. NNT puts the ‘I’ back in FIM!

Are all FIM solutions created equal? No!

No, not by a long way. In fact, many so called FIM tools will actually compound the issue by simply monitoring file activity, which will generate an enormous amount of change noise, making the task of identifying malicious activity even harder. You would almost be better off with nothing!

The critical element here, is the ability to determine which file activity is known, expected and harmless compared to that which is potentially dangerous or disruptive.

NNT is unique in that we combine forensic analysis and behavioral analytics with essential integrations with other trusted source information, such as the ability to determine whether or not the change was part of a planned change, matches an approved change manifest or is whitelisted and recognized good. To fully understand how, ask us for a demo and find out how to unleash the power of effective File Integrity Monitoring for your organization.

The reality of “traditional” FIM technologies is very apparent…

Traditional FIM technologies have no discerning way to determine and validate if a change is expected or unexpected. They just simply alert if a baseline has been changed.

Consequence – Without the ability to determine if change(s) are expected, authorized or non-malicious, an origination is essentially driving blind to risk of availability, compliance or security issues.

The velocity and volume of change on a daily basis is so great that IT personnel often discontinue using these traditional solutions because of the complexity to manage the amount of change called “noise”.

Consequence – If the problem of change “noise” is not addressed in a comprehensive manner as a critical detective control for mitigating the risk of downtime and security breaches, operational instability and exposure to breaches will continue to rise.

IT personnel have no way to validate and verify the authenticity of the individual files changing which introduces “integrity drift”. As the confidence of integrity diminishes, risk of downtime and security breaches increases!

Consequence - Integrity drift occurs when the proper detective controls ARE NOT in place to manage and reconcile observed changes with expected changes. This results in a decreased confidence and can leads to service availability issues, compliance problems or worse…a security breach.

NNT provides a state-of-the-art FIM solution that will maintain 100% confidence on a daily basis.

So What Makes NNT Different From Other FIM Solutions?

NNT puts the "I" in FIM!
NNT has introduced a number of revolutionary concepts into its suite of products giving FIM the “Integrity” element it is sadly absent in other ‘so called’ FIM solutions. It also solves the issue of “noise” and "integrity drift" while delivering the necessary manageability and scalability where traditional solutions fall short.

Noise Reduction

Noise Reduction
NNT has developed a unique intelligent change control technology which is proven to reduce change noise as much as 99% leaving only unknown, unwanted or unauthorized changes highlighted .

Integrity Drift

Prevent Integrity Drift
NNT has a white-list database of over 9 billion known and trusted files in its Fast Cloud Integrity Assurance product that can validate and verify the integrity and authenticity of system and application files in real-time.

Scalability/Manageability

Scalability/Manageability
NNT’s modern, componentized architecture can support at a minimum 10 times more devices with a single console than any competitive FIM solution. This solves the problem of having multiple consoles deployed to manage what a single NNT console can provide.

Continuous Compliance and Assurance

Continuous Compliance & Assurance
NNT can deliver continuous compliance in real-time...whatever the standards, regulations or policies. If systems deviate, NNT provides descriptive details on how to rectify the compliance requirement so the issue will no longer present itself.

NNT's FIM solution helps you to strengthen security in 4 key areas:

1. Compliance

All governance, regulatory and compliance standards like NIST 800-53, SOX, PCI DSS, NERC CIP, HIPAA , FedRAMP, DISA STIG all mandate the need for cyber security controls. Maintaining system integrity is a key control for provably secure systems, as is vulnerability mitigation and malware protection. File Integrity Monitoring technology is a central requirement to all compliance standards including the application of a Hardened Build Standard.

2. System Hardening / Vulnerability Management

The science of rendering servers, database systems, firewalls, EPOS systems and all other IT devices fundamentally secure is still the most effective - but often the most neglected - security best practice. Todays' contemporary networked systems rely on inter-operation, ease of use and open access – all in direct opposition to system security. A Hardened System is one that has a 'locked down' configuration, removing all unnecessary function, access and other potential vulnerabilities that could be exploited by a hacker. NNT utilizes the information security industry's leading authority on secure configuration guidance, which is the Center for Internet Security. CIS Benchmarks are the recommended hardened build-standard for all security and compliance initiatives. Combining a defined, compliant and hardened system standard with real time File Integrity Monitoring offers the reassurance that systems are and will remain in a secure state at all times.

3. Breach Detection and Malware Protection

Zero Day Threats, by definition, are invisible to Anti-Virus systems. Trojans that masquerade as legitimate system files can be hidden in plain-sight. Application Backdoors, once embedded, will remain operational forever unless regular file integrity checks are run. Breach and Intrusion detection requires forensic-level change detection for files, registry hives, service and process lists and other indicators such as operating network ports. NNT doesn't just report file changes. NNT forensically evaluates the normal operation of all of your systems and applications and alerts you to unauthorized or suspicious changes that could well be a zero day or an otherwise unknown breach. In fact, any change to the process, service states, registries, applications software, anything that might be subject to change can be tracked. Thankfully even the most sophisticated Malware has to precipitate some sort of a change in order to function. Deploy NNT and give yourself the reassurance of spotting even zero day or otherwise unknown forms of breach!

4. Configuration Management and Change Control

The only constant in IT is the perpetual state of change. Patching, upgrades, new users, new sites, new applications all require changes to the network, servers and workstations. Any change may re-introduce vulnerabilities that contravene your organization's Hardened Build Standard, so continuous File Integrity Monitoring is essential for maintaining security. NNT has the inbuilt intelligence to automate the process of defining good and expected changes from the unexpected and potentially harmful ones.

NNT provides a state-of-the-art FIM solution.
Traditional FIM and SIEM FIM simply won’t measure up!

White paper: Security Best Practices & FIM

White paper: Threat Intelligence & FIM

Additional FIM Resources

File Integrity Monitoring Articles

File Integrity Monitoring White Papers

File Integrity Monitoring Videos

File Integrity Monitoring Blog Posts

File Integrity Monitoring Case Studies

Without integrity you don't have security and without security you don't have trusted computing – Ron Ross, NIST

NNT Suite of Products

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

Latest Resources

CIS

Access CIS Resources
Access a broad range of CIS Benchmark reports to audit your enterprise and continuously monitor for any drift from your hardened state.
Download Reports »

Server Hardening

Server Hardening Resources
Download Hardened Services checklists, derived by NNT in conjunction with Microsoft, to manually audit your servers for compliance.
Download Checklists »

Audit Policy

Audit Policy Template Resources
Gain access to audit policies derived from the Center for Internet Security to generate audit logs on all relevant security levels.
Download Audit Policies »