What is File Integrity Monitoring (FIM)
Today, most IT systems that store and process information use file-based architectures. The core operating system and applications binaries, system and application configuration data, organizational data, and logs are stored in files. These files ultimately:
Determine how the operating system, its subsystems and hosted applications should operate;
Track (in log files) the actions and activities that take place across the operating system and applications;
Store business data.
When an attacker compromises these critical files, havoc ensues. Attackers may attempt to overtake the operating system or application, steal or modify business-critical information, or manipulate log files to hide any malicious activities. This is where File Integrity Monitoring helps, by ensuring that you’re notified when such suspicious activities take place on critical files.
Even authorized changes may result in misconfigurations or situations that can expose the organization to increased risk and compromise, such as where customer information from one bank was exposed when an authorized vendor uploaded a file to a server without enabling the proper security protocols.
FIM technologies typically work with one of the following approaches:
1. Baseline comparison, wherein one or more file attributes will be captured or calculated and stored as a baseline that can be compared against at some future time. This can be as simple as the time and date of the file, however, since this data can be easily spoofed, a more trustworthy approach is typically used. This may include periodically assessing the cryptographic checksum for a monitored file, (e.g. using the MD5 or SHA-2 hashing algorithm) and then comparing the result to the previously calculated checksum.
2. Real-time change notification, which is typically implemented within or as an extension to the kernel of the operating system that will flag when a file is accessed or modified.
Regardless of approach, the end result is the same—to identify and alert you to any changes (creation, modification or deletion) to a monitored file or directory.
Feel free to contact E-SPIN for the solution for your system and operation to reduce risk of your businesses and organization. We can secure and protect your businesses with our various software security technology, include file integrity monitoring (FIM) technologies and solutions.