File Integrity Monitoring
Collect, Identify and Report on File Changes
File tampering is a critical indicator of compromise so it’s easy to understand why File Integrity Monitoring (FIM) is a critical requirement in most compliance mandates. Lacework recognizes that FIM is more than a compliance checklist item, so the Lacework solution identifies the instance of malicious files and other anomalies in cloud and container environments, as well as the actors who are involved, and then delivers contextual alerts.
Designed for high-velocity cloud implementations, Lacework’s FIM solution automates setup and eliminates the need for operations-intensive rule development and management. With our innovative baselining technology, Lacework keeps up with cloud changes while dramatically reducing false positives so security teams can focus on the FIM changes that really matter.
Automating File Detection
The Lacework agent automates the process of collecting and recording files. The agent records new files as they are added and records the hashes of the files as they change, displaying the old and new for easy comparison. The agent streams this data back to the cloud platform to ensure that the information is reliably collected and stored. Additionally, Lacework any files that are known to be malicious using external Threat feeds. Once the hashes have been collected, the checksum is compared against curated threat databases to ensure that no known malicious files exist within monitored environment.. If a known malicious file is found within the environment, Lacework will trigger a a critical alert. From there, you can investigate quickly to determine what systems does this file exist on and also can do additional research on the files linking back to VirusTotal database for threat summary. This expedites the process of identifying files as well as the research needed to understand the impact of the malicious file.