If you wanted to name a technology product category so it got beat up in the schoolyard, you might call it File Integrity Monitoring. Like a lot of products in the security space, File Integrity Monitoring (FIM) as a moniker accurately explains what the solution provides, but it’s about as unsexy as it gets.
Make no mistake; FIM is cool and necessary. It provides validation of the integrity of OS and app files so activity that deviates from normalized behavior can be identified. It’s especially important in modern IT environments where the volume of changes is huge. As we say all the time, any change could be an indicator of a compromise within the infrastructure, but it first has to be detected and understood. With an emphasis on the OS and app layers, FIM complements Lacework and provides an essential compliance component to our solution.
For a FIM tool to do its job effectively, it needs an agent working within the cloud environment to identify all events and activities. The agent can identify issues, and with the help of event analysis like that provided by Lacework, FIM can deliver better information because it now has context for the activities it’s evaluating. Our perspective is that FIM working with Lacework provides more than just a compliance check mark; rather, it becomes an integral part of the threat detection process.
FIM plays a critical role in compliance, as well. In fact, without the use of FIM, it would be nearly impossible for an organization to adequately address its compliance requirements. Once policies are defined and baselines are established for accepted behavior, the FIM process is initiated as a way to monitor files for issues or inconsistencies. FIM provides a control mechanism to identify static files, files in transit, and modifications to files that could impact settings and configurations elsewhere in the cloud stack. Changes could put compliance at risk.
Most FIM solutions generally function as standalone products focused solely on compliance. With Lacework, however, the FIM solution is integrated into our regular cloud security identification and analysis activities through the use of the Lacework agent.
The bottom line is that you need FIM to be compliant. And to use a FIM solution effectively, you need an agent, or host-based IDS. Lacework’s FIM solution automates the setup of continuous monitoring and eliminates the typical labor-intensive rule development, ACL specification and configuration typically required by traditional FIM solutions.
The agent is working continuously to monitor the environment and report findings. This includes information about configurations, settings, additions of resources and users, and any other changes that impact how the overall infrastructure runs. The agent has the ability to capture key data and map it to its corresponding processes, users, and resources. This feeds the FIM so it can determine what, among the collected data, is an issue that creates a state of non-compliance.
In the PCI DSS standard, for example, FIM is specifically called out as a requirement. To note, the spec states that an organization must, “Track and monitor all access to network resources and cardholder data,” and that they must, “…alert personal to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files.”
Cleary, FIM is essential to continuous compliance. PCI governs all credit and debit card transactions, and any organization enabling or supporting them needs to ensure compliance. Deploying a FIM product in conjunction with a cloud security monitoring and analysis solution creates additional complexity for an organization that really just needs to be able to detect security and compliance issues. A solution like Lacework deploys FIM as part of our comprehensive integrated threat detection process. It provides a security system that employs analysis of security practices and activities as part of the compliance process.
Research and Markets has just published a new report, Global File Integrity Monitoring Market – Growth, Trend and Forecasts (2018 – 2023), and in it, they suggest that the FIM market will grow more than 14% this year. There is increased recognition that compliance is not only mandatory to remain in business for certain industries, but it’s also an important part of security management as well as a way to communicate good faith to customers regarding your business practices.