Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly.

Organizations commonly respond to this dynamism by investing in asset discovery and secure configuration management (SCM). These foundational controls allow companies to build an inventory of approved devices and monitor those products’ configurations. Even so, companies are left with an important challenge: reconciling change in important files. For that challenge, many enterprises are turning to file integrity monitoring (FIM).

What Exactly is File Integrity Monitoring?

FIM is a technology that monitors and detects file changes that could be indicative of a cyberattack. Otherwise known as change monitoring, FIM specifically involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized. Companies can leverage the control to supervise static files for suspicious modifications such as adjustments to their IP stack and email client configuration. As such, FIM is useful for detecting malware as well as achieving compliance with regulations like the Payment Card Industry Data Security Standard (PCI DSS).

File integrity monitoring was invented in part by Tripwire founder Gene Kim. From there, it went on to become the security control around which many organizations now build their cybersecurity programs. The specific term “file integrity monitoring” itself was widely popularized by the PCI standard.

Unfortunately, for many organizations, FIM mostly means noise that complicates the work of security personnel. Too many changes, no context around these changes, and very little insight into whether the changes actually pose force security teams into a position where they need to investigate which changes relate (Read more...)