File Integrity Monitoring Solutions
Automate setup and eliminate the need for operations-intensive rule development and management in high-velocity cloud implementations
Collect, Identify and Report on File Changes
File tampering is a critical indicator of compromise so it’s easy to understand why File Integrity Monitoring (FIM) is a critical requirement in most compliance mandates. Lacework recognizes that FIM is more than a compliance checklist item, so Lacework’s file integrity monitoring solution identifies the instance of malicious files and other anomalies in cloud and container environments, as well as the actors who are involved and then delivers contextual alerts.
Designed for high-velocity cloud implementations, Lacework’s FIM solution automates the setup and eliminates the need for operations-intensive rule development and management. With innovative baselining technology, Lacework keeps up with cloud changes while dramatically reducing false positives so security teams can focus on the file integrity monitoring changes that really matter.
Automating File Detection
The Lacework file integrity monitoring agent automates the process of collecting and recording files. The agent records new files as they are added and records the hashes of the files as they change, displaying the old and new for easy comparison. The agent streams this data back to the cloud platform to ensure that the information is reliably collected and stored. Once the hashes have been collected, the checksum is compared against curated threat databases to ensure that no known malicious files exist within the monitored environment. If a known malicious file is found within the environment, Lacework will trigger a critical alert. From there, you can investigate quickly to determine what systems the file exists in, as well as any additional research on the file linking back to VirusTotal database for threat summary. This expedites the process of identifying files as well as the research needed to understand the impact of the malicious file.
Integrated & Comprehensive File Monitoring
- Pinpoint exactly how a file changed: content, metadata, and whether the file was modified or simply appended
- Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions
- Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of 5 billion files
- One-click investigation of events and activities related to FIM signals
- Cloud-wide capabilities for search, file type summaries, and detection of new files
Cloud-Scale & Speed
- Automated configuration, file discovery, and operations
- Scalable architecture with no added complexity or performance penalties
- Included with all Lacework Cloud Security agents
Meet Compliance Mandates
- Protect log and configuration files against tampering
- Daily re-check of all files monitored
- Pre-defined directory maps monitor critical files and directories
- Easily configurable; users can add directories to the watch list
- “As a Lacework customer we are excited to see their continued innovation in the area of multi-cloud support and, in particular, deep integration with Kubernetes and GKE.”
Will Gregorian | Iterable
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
Mario Duarte | Snowflake Computing
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
Devin Ertel | Guidebook
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
Ian O’Brien | Arista Networks
FAQs About Lacework's File Integrity Monitoring System
Lacework’s file integrity monitoring solution creates a hash of files and compares these against known malicious file hashes. If a malicious file is detected, a critical alert is generated so you can take action.
FIM monitors all binaries associated with processes that are associated with network connections and a predefined list of directories/files once a day.
The default FIM scan interval is one scan per day. The interval was chosen to balance feature needs with CPU, memory and disk IO cost.
File integrity monitoring provides visibility into new and changed files: files with multiple executables, files installed without packages, and malicious files.
We partner with a 3rd party and compare the SHA256 file hash to a list of known malicious file hashes.
Lacework’s FIM solution looks inside the contents of the file and only sends the metadata and file hash.
No, the file contents are not examined by FIM or sent to Lacework.