However strong the perimeter security, in the vast majority of organizations there are far too many opportunities for hackers or malware attacks to slide in undetected.
From Target to Home Depot and most recently the Carbanak APT, estimated to have stolen $1B from banks around the world, the fallout of a major breach is horrendous. The negative publicity is even worse when monitoring tools were in place, had identified a suspicious system change or two and were sending out alerts to raise the alarm. The fact that alerts simply got lost in the noise is no excuse. Did no one have the time to investigate or, more realistically, did no one actually believe a breach was likely?
The problem? Noise. File Integrity Monitoring (FIM) is a great tool and an essential component of the security toolkit. It provides a complete view of every single change that occurs across the IT infrastructure, but unless it is used hand in hand with rigid, zero-tolerance change control, the amount of noise generated on a daily and weekly, let alone monthly basis is unmanageable.
In a world of constantly emerging threats security is a tough job – but the concepts of best practice have been devised for a reason. The challenge for organizations is to attain that balance between unworkable change control practices and an anarchic environment that provides ample opportunities to hide. Closing the loop on change control delivers that vital visibility of all integrity changes but with just a fraction of the noise generated by traditional FIM implementation, enabling organizations to have far more confidence both in the validity of alarms and their ability to investigate and disarm.