NNT - New Net Technologies
There are two things that you might consider when selecting a File Integrity Monitoring (FIM) and Change Control solution – 1) Depth of useable features such as efficiency in suppressing change noise and 2) Brand recognition.
Some organizations might choose smart features such as powerful, closed-loop intelligent change control over the brand while some might focus on the brand name at the risk of not paying as much attention to the software’s really useful features and capabilities. The reality is that too often, customers conflate brand recognition with quality and reliability. Just because a brand has more recognition it does not always translate into a higher quality software and service.
Look Beyond the Brand Name
While there is generally a reason why a certain brand has come to be widely recognized in an industry, it’s a mistake to assume that the reason for that is the quality of their product. More often than not, it comes down to length of time in the market, financial backing, big marketing budgets, timing, and even luck. It’s not unusual for brand leaders to grow complacent when it comes to genuine innovation and customer care. For all of these reasons, it’s vital to not just take a brand at their word simply because they are the most well-known solution in a particular space. Don’t let yourself get taken in by marketing claims and instead, remind yourself of the inherent value of File Integrity Monitoring (FIM) in protecting your organization and crucially what it will really take to deliver it!
Cost of Ownership
Particularly in today’s climate, where many organizations are looking to reduce costs due to the global pandemic, the cost of the solution should be a critical factor when selecting a partner. Like in most industries, the cost of ownership for the bigger name brand solutions are generally more expensive than others. However, a higher price point does not dictate a superior product. Weigh the features, capabilities and benefits of the solutions against your needs and budget to make the best decision for your organization.
Maturity and Product Development
With cyber threats and compliance mandates and regulations constantly evolving, it’s important to work with providers who continuously improve their solutions to address the modern security threat landscape. Providers must adopt a revolutionary approach to cybersecurity, which includes continuously updating and improving the product throughout its lifecycle. Those who fail to invest in development and improve a product’s feature set could be considered obsolete – however big the name
Customer management and support is a critical factor to consider when selecting a technology partner. You’d be wrong to assume that the higher the price of the product, the better-quality support you will receive. Requests for support are often passed down the chain and can be seen as someone else’s problem, not theirs. Ask yourself this: If I were to have a real-world cybersecurity problem, am I confident that I’d receive all of the necessary support that I’d need from my vendor in order to remediate my issue? If you’re not 100% sure of your answer, it’s a risky decision and you would do well to reconsider. Down time caused by an IT outage, security incident, or misconfiguration can have devastating impacts on an organization. Be sure to partner with a vendor who will work through your problems with you around the clock to address any of your support needs to avoid IT downtime or reputational damage.
1. Ease of Use/Usability
A product is only useful if you understand how to leverage all of its features and capabilities. Some products can be jam packed with features, but can be impossible to operate without spending hours of time training with technical support teams to learn how to perform these important business functions. Be sure to adopt a FIM solution that is easy enough for a non-technical person to understand how to use, but does not fall short on features and capabilities. This includes a solution with easy to use, built in compliance reporting and alerting capabilities which will help you save time and resources in your compliance audit.
When selecting a FIM solution, compatibility with your IT environment is one of the most important things to address. Today’s enterprise networks are often comprised of a wide range of assets, from cloud and container-mobilized systems to legacy applications. To ensure that all IT assets are protected from attacks and continuously monitored, your FIM tool should have a diverse footprint and be compatible with different types of files, activity logs, operating systems, hardware devices, and cloud settings in order to be a truly effective.
3. Reliable Integrity Monitoring
Many of today’s available FIM solution ignore the integrity element of the file. An effective FIM tool must have the ability to reliably and intelligently separate regular, normal file changes from irregular threats to the integrity of a file. NNT’s Closed-Loop Intelligent Change Control captures and identifies repeated or recurring change patterns as either harmless or potentially harmful as well, discriminating pre-approved changes from unexpected and unwanted changes. With this technology, organizations are able to ensure that changes are mapped to an expected change ticket and that those changes reconcile with that was expected in production. This reduction of change noise revolutionizes breach detection, clearly exposing insider and zero-day malware activity.
4. "Noise" Reduction
Changes within your environment are constant and impossible to prevent. Many FIM tools compound the issue by simply monitoring file activity, while can generate a huge amount of change noise, making spotting malicious activity even harder. So how can you differentiate regular changes from suspicious, potentially malicious ones? The critical element here, is the ability to determine which file activity is known, expected and harmless compared to that which is potentially dangerous or disruptive.
The most effective FIM solutions leverage automatic analysis of file changes to go beyond the simplistic ‘here’s another change to investigate’ method. NNT recommends using threat intelligence in the form of file reputation which can be referenced as a ‘Trusted File Whitelist’ to minimize change noise and false positives. Our F.A.S.T. Cloud change noise reduction technology is comprised of over 9 billion file reputation scores to provide a clear ‘is this file known-safe or otherwise’. With this technology, organizations are able to reduce change noise by more than 90%, leaving only unwanted, unexpected, and potentially malicious changes for you to review.
5. More than just a Check-box FIM Tool
It’s important to leverage a solution that goes beyond the checkbox FIM requirement while also incorporating best practice security measures into products and services like the Center for Internet Security’s CIS Controls. These controls have been proven to mitigate up to 90% of pervasive security threats and significantly strengthen an organizations overall security posture. Having a tool in place that can do more than just check your compliance FIM requirement will help your organization save significant time and resources.