Game-Changing File and Integrity Monitoring

Automate setup and eliminate the need for operations-intensive rule development and management in high-velocity cloud implementations

Collect, Identify and Report on File Changes

File tampering is a critical indicator of compromise in your cloud environment. File Integrity Monitoring (FIM) is a critical requirement for an effective compliance mandate and Lacework recognizes that FIM is more than a compliance checklist item.

Designed for high-velocity cloud implementations, Lacework’s FIM solution automates the setup and eliminates the need for operations-intensive rule development and management. Our innovative baselining technology keeps-up with cloud changes while dramatically reducing false positives, so your security teams can focus on the file integrity monitoring changes that really matter.

Our file integrity monitoring solution also identifies malicious files and other anomalies within your clouds and container environments, the actors involved, and contextual alerts that empower your teams with actionable intelligence.

Automation Nation with File Detection

The Lacework file integrity monitoring agent automates the process of collecting and recording files. Our agent records new files as they are added — including the hashes of the files as they change — displaying the old and new for easy comparison.

  • Our agent streams data back to the cloud platform to ensure that the information is reliably collected and stored.
  • Once collected, the checksum is compared against curated threat databases to ensure that no known malicious files exist within the monitored environment.
  • If a known malicious file is found within the environment, Lacework triggers a critical alert where you can investigate quickly to determine what systems the file exists in, as well as any additional research on the file linking back to the VirusTotal database for threat summary.

This expedites the process of identifying files as well as the research needed to understand the impact of the malicious file.

Integrated & Comprehensive File Integrity Monitoring

  • Pinpoint exactly how a file changed: content, metadata, and whether the file was modified or simply appended
  • Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions
  • Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of 5 billion files
  • One-click investigation of events and activities related to FIM signals
  • Cloud-wide capabilities for search, file type summaries, and detection of new files

Cloud Scale and Speed

  • Automated configuration, file discovery, and operations
  • Scalable architecture with no added complexity or performance penalties
  • Included with all Lacework Cloud Security agents

File Security Meets Scale and Compliance

With Lacework, IT security teams can pinpoint exactly how files change down to the content, metadata, and whether the file was modified or simply appended. We add intelligence that extends to:

  • Information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions.
  • One-click investigation of events and activities related to FIM signals.
  • Cloud-wide capabilities for search, file type summaries, and detection of new files.
  • Scalable architecture with no added complexity or performance penalties

What Our Customers Say

 

FAQs About Lacework's File Integrity Monitoring System

Lacework’s file integrity monitoring solution creates a hash of files and compares these against known malicious file hashes. If a malicious file is detected, a critical alert is generated so you can take action.

FIM monitors all binaries associated with processes that are associated with network connections and a predefined list of directories/files once a day.

The default FIM scan interval is one scan per day. The interval was chosen to balance feature needs with CPU, memory and disk IO cost.

File integrity monitoring provides visibility into new and changed files: files with multiple executables, files installed without packages, and malicious files.

We partner with a 3rd party and compare the SHA256 file hash to a list of known malicious file hashes.

Lacework’s FIM solution looks inside the contents of the file and only sends the metadata and file hash.

No, the file contents are not examined by FIM or sent to Lacework.

Supported Platforms

Account security solutions for cloud containers & multicloud
environments via a single unified console

Share this with your network
Twitter Twitter Twitter Share