Mark Kerrison
Mark Kerrison
CEO
NNT - New Net Technologies

There are two things that you might consider when selecting a File Integrity Monitoring (FIM) and Change Control solution – 1) Depth of useable features such as efficiency in suppressing change noise and 2) Brand recognition.

Some organizations might choose smart features such as powerful, closed-loop intelligent change control over the brand while some might focus on the brand name at the risk of not paying as much attention to the software’s really useful features and capabilities. The reality is that too often, customers conflate brand recognition with quality and reliability. Just because a brand has more recognition it does not always translate into a higher quality software and service.

intelligent FIM

Let’s dive deeper into each aspect that you should consider before choosing a partner

Look Beyond the Brand Name

While there is generally a reason why a certain brand has come to be widely recognized in an industry, it’s a mistake to assume that the reason for that is the quality of their product. More often than not, it comes down to length of time in the market, financial backing, big marketing budgets, timing, and even luck. It’s not unusual for brand leaders to grow complacent when it comes to genuine innovation and customer care. For all of these reasons, it’s vital to not just take a brand at their word simply because they are the most well-known solution in a particular space. Don’t let yourself get taken in by marketing claims and instead, remind yourself of the inherent value of File Integrity Monitoring (FIM) in protecting your organization and crucially what it will really take to deliver it!

Cost of Ownership

Particularly in today’s climate, where many organizations are looking to reduce costs due to the global pandemic, the cost of the solution should be a critical factor when selecting a partner. Like in most industries, the cost of ownership for the bigger name brand solutions are generally more expensive than others. However, a higher price point does not dictate a superior product. Weigh the features, capabilities and benefits of the solutions against your needs and budget to make the best decision for your organization.

“NNT is very affordable and as our need for was to cover a smaller requirement, it didn’t make sense for us to be spending a huge amount of money. Big Brand is out of proportion to its value. NNT fits into that slice of work price-wise,”
Security Manager for Non-Profit Health Care Organization

Maturity and Product Development

With cyber threats and compliance mandates and regulations constantly evolving, it’s important to work with providers who continuously improve their solutions to address the modern security threat landscape. Providers must adopt a revolutionary approach to cybersecurity, which includes continuously updating and improving the product throughout its lifecycle. Those who fail to invest in development and improve a product’s feature set could be considered obsolete – however big the name

“Big Brand was a decent product back in the day – it used to be revolutionary as there was nothing else like it. The world has moved on though and Big Brand is now a legacy product. NNT is now the revolutionary approach to change control. I did my due diligence and got confident fairly quickly that NNT could deliver what I needed. I have got other security areas that I need to look at where there is an RFP process that takes place first, but the NNT product was one of the simplest decisions for me – it wasn’t difficult at all.”
CIO at New York Bank

Customer Management

Customer management and support is a critical factor to consider when selecting a technology partner. You’d be wrong to assume that the higher the price of the product, the better-quality support you will receive. Requests for support are often passed down the chain and can be seen as someone else’s problem, not theirs. Ask yourself this: If I were to have a real-world cybersecurity problem, am I confident that I’d receive all of the necessary support that I’d need from my vendor in order to remediate my issue? If you’re not 100% sure of your answer, it’s a risky decision and you would do well to reconsider. Down time caused by an IT outage, security incident, or misconfiguration can have devastating impacts on an organization. Be sure to partner with a vendor who will work through your problems with you around the clock to address any of your support needs to avoid IT downtime or reputational damage.

“I always found your support very good. We found that with Big Brand – any issues we were experiencing with their solution was always “it’s something on your IT estate.” It was always someone else’s problem, not theirs. Working with NNT is different as you work through the problems with us.”
IT Security Manager at Online Payments

Five Critical Elements to Check with Your FIM Software Provider

1. Ease of Use/Usability

A product is only useful if you understand how to leverage all of its features and capabilities. Some products can be jam packed with features, but can be impossible to operate without spending hours of time training with technical support teams to learn how to perform these important business functions. Be sure to adopt a FIM solution that is easy enough for a non-technical person to understand how to use, but does not fall short on features and capabilities. This includes a solution with easy to use, built in compliance reporting and alerting capabilities which will help you save time and resources in your compliance audit.

“Your product has improved the way we do things dramatically vs. the manual management the change process. It’s saving our team lots of time!”
CIO at IDB Bank

2. Compatibility

When selecting a FIM solution, compatibility with your IT environment is one of the most important things to address. Today’s enterprise networks are often comprised of a wide range of assets, from cloud and container-mobilized systems to legacy applications. To ensure that all IT assets are protected from attacks and continuously monitored, your FIM tool should have a diverse footprint and be compatible with different types of files, activity logs, operating systems, hardware devices, and cloud settings in order to be a truly effective.

“The continuous monitoring, alerting, and the fact that NNT supports the broadest range of operating systems were key propositions for us.”
Senior Manager of Security at Global Technology Solution Company

3. Reliable Integrity Monitoring

Many of today’s available FIM solution ignore the integrity element of the file. An effective FIM tool must have the ability to reliably and intelligently separate regular, normal file changes from irregular threats to the integrity of a file. NNT’s Closed-Loop Intelligent Change Control captures and identifies repeated or recurring change patterns as either harmless or potentially harmful as well, discriminating pre-approved changes from unexpected and unwanted changes. With this technology, organizations are able to ensure that changes are mapped to an expected change ticket and that those changes reconcile with that was expected in production. This reduction of change noise revolutionizes breach detection, clearly exposing insider and zero-day malware activity.

“We have a ‘Defense in depth’ strategy at our bank and we need to know how to differentiate between a good change and an evil change. We have about 600-1,000 changes in a given week so that is a heavy change volume. Differentiating those changes and how do I find that evil change is much harder than people think. Change Tracker helps us solve that.”
CIO at New York Bank

4. "Noise" Reduction

Changes within your environment are constant and impossible to prevent. Many FIM tools compound the issue by simply monitoring file activity, while can generate a huge amount of change noise, making spotting malicious activity even harder. So how can you differentiate regular changes from suspicious, potentially malicious ones? The critical element here, is the ability to determine which file activity is known, expected and harmless compared to that which is potentially dangerous or disruptive.

The most effective FIM solutions leverage automatic analysis of file changes to go beyond the simplistic ‘here’s another change to investigate’ method. NNT recommends using threat intelligence in the form of file reputation which can be referenced as a ‘Trusted File Whitelist’ to minimize change noise and false positives. Our F.A.S.T. Cloud change noise reduction technology is comprised of over 9 billion file reputation scores to provide a clear ‘is this file known-safe or otherwise’. With this technology, organizations are able to reduce change noise by more than 90%, leaving only unwanted, unexpected, and potentially malicious changes for you to review.

“The FAST Cloud is really effective at eliminating change noise. I almost don’t have to do anything; it magically works by itself.”
Security Manager at Non-Profit Healthcare Organization

5. More than just a Check-box FIM Tool

It’s important to leverage a solution that goes beyond the checkbox FIM requirement while also incorporating best practice security measures into products and services like the Center for Internet Security’s CIS Controls. These controls have been proven to mitigate up to 90% of pervasive security threats and significantly strengthen an organizations overall security posture. Having a tool in place that can do more than just check your compliance FIM requirement will help your organization save significant time and resources.

“The feature set and ability to implement the closed-loop change cycle were key value propositions for me. There there’s the bonus feature of being able to track the CIS Controls. Instead of using a lot of different security tools to perform the function I need, I use NNT. I don’t want to run 13 different age-based solutions- NNT does it all.”
CIO at New York Bank

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.