If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring file hashes.
And FIM has staying power. It’s still around, and there are still new deployments. There aren’t a lot of security controls that continue to be valuable over such a long time frame. After all, knowing how and when files change is universally useful and pretty important to security.
Technology has evolved, however. While 1998 might have produced a killer 233Mhz CPU for your desktop, 2018 has driven your applications to the cloud. In the meantime, FIM itself hasn’t changed all that much. It’s still about detecting changes in files in most cases.
It’s time for FIM to grow up and evolve into integrity management.
Integrity management is the process of establishing baselines and monitoring for changes. It’s about defining a desired state and maintaining it. That concept is, ultimately, what information security is all about. FIM applies the concept very narrowly to files and maybe to some additional configuration elements.
Integrity management seeks to apply the concept to the entirety of your IT eco-system including systems, network devices, and cloud infrastructure. They might even occur outside of your organization as changes in the threat environment.
If you think of your desired state measured in terms of acceptable risk, then maintaining integrity is all about maintaining that acceptable level of risk. Changes that impact your risk posture or profile must be addressed, and the sooner the better.
In order to make the concept of integrity management more real, let’s take a brief look at the core steps involved.
1. Start with a Secure Deployment.
The first place to apply the principles of integrity (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tim Erlin. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/file-integrity-monitoring/what-is-integrity-management/