File Integrity Monitoring

File Integrity Monitoring (FIM) is a foundational control that involves analyzing operating system and application software files to determine if and when they have changed, how they changed and who made the change using a verification method between a current file state and a known baseline.

Over the past decade, FIM requirements have made their way into various compliance requirements including PCI-DSS, SOX (Sarbanes-Oxley Act), FISMA, HIPAA, SANS and other regulatory mandates with a "check the box mentality". The fact of the matter is that FIM alone as a detective control lacks additional functionality to guarantee continuous compliance and assurance on an ongoing basis.

View with sound

Are all FIM solutions created equal?
No!

Traditional FIM Solutions
Traditional FIM solutions take a very narrow look at Integrity and the unknown or unsuspecting consequence of “baselines” as they pertain to security breaches and checking the box of compliance mandates. They simply establish a baseline to determine if any additions, modification or deletions have been made to the target files or directories and alert on those changes.

Additional Info

The first problem arises in the fact that a baseline assumes that all the files are known to be good and originated with a high degree of trust and authenticity which is far from reality. The second problem, in the case of the Target breach, changes made inside an authorized change management window have no way of validating and verifying expected or authorized change against observed change. The Target hackers breached the perimeter security and simply deposited bits of unsuspecting code during the authorized change management window and VOILA…the “baseline” was compromised.

Learn more

The reality of “traditional” FIM technologies is very apparent…

Traditional FIM technologies have no discerning way to determine and validate if a change is expected or unexpected. They just simply alert if a baseline has been changed.

Consequence – Without the ability to determine if change(s) are expected, authorized or non-malicious, an origination is essentially driving blind to risk of availability, compliance or security issues.

The velocity and volume of change on a daily basis is so great that IT personnel often discontinue using these traditional solutions because of the complexity to manage the amount of change called “noise”.

Consequence – If the problem of change “noise” is not addressed in a comprehensive manner as a critical detective control for mitigating the risk of downtime and security breaches, operational instability and exposure to breaches will continue to rise.

IT personnel have no way to validate and verify the authenticity of the individual files changing which introduces “integrity drift”. As the confidence of integrity diminishes, risk of downtime and security breaches increases!

Consequence - Integrity drift occurs when the proper detective controls ARE NOT in place to manage and reconcile observed changes with expected changes. This results in a decreased confidence and can leads to service availability issues, compliance problems or worse…a security breach.

NNT provides a state-of-the-art FIM solution that will maintain 100% confidence on a daily basis.

So What Makes NNT Different From Other FIM Solutions?

NNT puts the "I" in FIM!

NNT has introduced a number of revolutionary concepts into its suite of products giving FIM the “Integrity” element it is sadly absent in other ‘so called’ FIM solutions. It also solves the issue of “noise” and "integrity drift" while delivering the necessary manageability and scalability where traditional solutions fall short.

Noise Reduction

Noise Reduction
NNT has developed a unique intelligent change control technology which is proven to reduce change noise as much as 99% leaving only unknown, unwanted or unauthorized changes highlighted .

Integrity Drift

Prevent Integrity Drift
NNT has a white-list database of over 9 billion known and trusted files in its Fast Cloud Integrity Assurance product that can validate and verify the integrity and authenticity of system and application files in real-time.

Scalability/Manageability

Scalability/Manageability
NNT’s modern, componentized architecture can support at a minimum 10 times more devices with a single console than any competitive FIM solution. This solves the problem of having multiple consoles deployed to manage what a single NNT console can provide.

Continuous Compliance and Assurance

Continuous Compliance & Assurance
NNT can deliver continuous compliance in real-time...whatever the standards, regulations or policies. If systems deviate, NNT provides descriptive details on how to rectify the compliance requirement so the issue will no longer present itself.

NNT provides a state-of-the-art FIM solution.
Traditional FIM and SIEM FIM simply won’t measure up!

White paper: Security Best Practices & FIM

White paper: Threat Intelligence & FIM

Additional FIM Resources

File Integrity Monitoring Articles

File Integrity Monitoring White Papers

File Integrity Monitoring Videos

File Integrity Monitoring Blog Posts

File Integrity Monitoring Case Studies

NNT's FIM solution helps you to strengthen security in 4 key areas:

1. Compliance

All governance, regulatory and compliance standards like NIST 800-53, SOX, PCI DSS, NERC CIP, HIPAA , FedRAMP, DISA STIG all mandate the need for cyber security controls. Maintaining system integrity is a key control for provably secure systems, as is vulnerability mitigation and malware protection. File Integrity Monitoring technology is a central requirement to all compliance standards including the application of a Hardened Build Standard.

2. System Hardening / Vulnerability Management

The science of rendering servers, database systems, firewalls, EPOS systems and all other IT devices fundamentally secure is still the most effective - but often the most neglected - security best practice. Todays' contemporary networked systems rely on inter-operation, ease of use and open access – all in direct opposition to system security. A Hardened System is one that has a 'locked down' configuration, removing all unnecessary function, access and other potential vulnerabilities that could be exploited by a hacker. NNT utilizes the information security industry's leading authority on secure configuration guidance, which is the Center for Internet Security. CIS Benchmarks are the recommended hardened build-standard for all security and compliance initiatives. Combining a defined, compliant and hardened system standard with real time File Integrity Monitoring offers the reassurance that systems are and will remain in a secure state at all times.

3. Breach Detection and Malware Protection

Zero Day Threats, by definition, are invisible to Anti-Virus systems. Trojans that masquerade as legitimate system files can be hidden in plain-sight. Application Backdoors, once embedded, will remain operational forever unless regular file integrity checks are run. Breach and Intrusion detection requires forensic-level change detection for files, registry hives, service and process lists and other indicators such as operating network ports. NNT doesn't just report file changes. NNT forensically evaluates the normal operation of all of your systems and applications and alerts you to unauthorized or suspicious changes that could well be a zero day or an otherwise unknown breach. In fact, any change to the process, service states, registries, applications software, anything that might be subject to change can be tracked. Thankfully even the most sophisticated Malware has to precipitate some sort of a change in order to function. Deploy NNT and give yourself the reassurance of spotting even zero day or otherwise unknown forms of breach!

4. Configuration Management and Change Control

The only constant in IT is the perpetual state of change. Patching, upgrades, new users, new sites, new applications all require changes to the network, servers and workstations. Any change may re-introduce vulnerabilities that contravene your organization's Hardened Build Standard, so continuous File Integrity Monitoring is essential for maintaining security. NNT has the inbuilt intelligence to automate the process of defining good and expected changes from the unexpected and potentially harmful ones.

NNT Suite of Products

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

Without integrity you don't have security and without security you don't have trusted computing – Ron Ross, NIST

Latest Resources

CIS

Access CIS Resources
Access a broad range of CIS Benchmark reports to audit your enterprise and continuously monitor for any drift from your hardened state.
Download Reports »

Server Hardening

Server Hardening Resources
Download Hardened Services checklists, derived by NNT in conjunction with Microsoft, to manually audit your servers for compliance.
Download Checklists »

Audit Policy

Audit Policy Template Resources
Gain access to audit policies derived from the Center for Internet Security to generate audit logs on all relevant security levels.
Download Audit Policies »