Validate Integrity of Changes to OS, Software Files

Validate Integrity of Changes to OS, Software Files

Changes to configurations, files and file attributes across IT infrastructure are common. Hidden within a large volume of daily changes, however, can be the few that impact file or configuration integrity.

These changes can reduce security posture and may be leading indicators of a breach in progress. Values monitored for unexpected changes to files or configuration items include:

  • Configuration values
  • Content
  • Core attributes and size
  • Credentials
  • Hash values
  • Security Settings/User Privileges

A cloud environment usually contains data that would be valuable to an attacker. That value and the need for a highly available and accessible platform are reasons organizations migrate systems to the cloud. Even when the cloud environment holds limited data, the system can be used to circumvent firewall rules and traffic alerts to remove it from the network.

As a user, you want to know:

  • If someone opens a directory
  • If someone adds new files to a directory
  • If someone modifies a directory or any existing files in a directory

File Integrity Monitoring (FIM) validates the integrity of operating system and application software files using a verification method between the current file state and a known baseline. This comparison often involves comparing a known checksum of the file's original baseline with the calculated checksum of the current state of the file. Other file attributes — such as file size, version, names of users who create or modify files — can also be used to monitor integrity.

Meeting Compliance Objectives with FIM

Meeting Compliance Objectives with FIM

Multiple compliance objectives indicate file integrity monitoring as a requirement. Several examples of compliance objectives with the requirement for file integrity monitoring include:

  • FISMA - Federal Information Security Management Act (NIST SP800-53 Rev3)
  • PCI-DSS - Payment Card Industry Data Security Standard (Requirement 11.5)
  • HIPAA - Health Insurance Portability and Accountability Act of 1996 (NIST Publication 800-66)

Based on the confidence of detections, unexplained data leaving cloud systems — whether large in volume, using a suspicious network port, or containing certain strings or headers — should be monitored and blocked if possible.

Generally, the act of performing file integrity monitoring is automated using internal. Such monitoring can be performed randomly, at a defined interval, or in real-time. Lumen File Integrity Monitoring looks for specific methods that are known to infect networks and hosts, and other traffic patterns that can degrade system service. File Integrity Monitoring’s attack signatures detect, then block, the actual malicious traffic that any threat relies upon to sabotage your network.

Thwart Attacks to Government Agencies, IT Assets

Thwart Attacks to Government Agencies, IT Assets

Local, state and federal government agencies are experiencing unprecedented attacks to their data security and IT integrity. Increases in the sophistication and number of cyberattacks has forced agencies to expand their security consciousness to levels that would have seemed excessive just a few years ago.

Monitoring the integrity of system files often isn’t a priority for internal security groups. With some attacks focused on tampering with data in files, however, a service that monitors critical directories and files residing on a host computer and sends an alert whenever specified files undergo an unexpected change is extremely important.

Lumen File Integrity Monitoring helps keep a constant watch on mission-critical files and programs and protects them from unauthorized, unanticipated, or unintentional modification.

The loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect on an agency’s operations, organizational assets, or individual contributors. File Integrity Monitoring helps government agencies meet the requirements for keeping these assets safe.