Our last post, discussed the risk posed by data tampering. While data theft gets headlines, data modification is an insidious threat that could cripple a business. File integrity monitoring (FIM) is a security control designed to detect the modification of critical data by regularly comparing files to a known, good baseline.
More and more businesses are adopting FIM tools, according to a new report from MarketsandMarkets. The research firm expects the FIM market to see a compound annual growth rate of 13.86 percent, reaching $986 million by 2022. A driving factor in FIM adoption is the need to comply with a growing array of regulations, including PCI DSS, HIPAA, SOX, NERC CIP, FISMA and many others.
FIM solutions fall into two broad categories: agent-based and agentless. Agent-based solutions require that a piece of software be installed on the systems to be monitored, while agentless systems don’t. It might seem that agentless would be the way to go because implementation is easier. However, agent-based solutions provide much more powerful features than agentless systems and enable real-time analysis. As a result, MarketsandMarkets predicts that agent-based systems will see greater adoption.
The cloud is expected to be the fastest-growing deployment model. Cloud-based FIM solutions eliminate the need to deploy and manage hardware to support FIM functionality, and reduce the cost and effort associated with configuration, monitoring and reporting.
Whether you opt for an on-premises or cloud-based deployment, there are several key things to look for in a FIM solution:
- Low Impact on System Performance. As we noted in our last post, there is a long list of files that should be monitored. In order to maximize the benefits of FIM, you need a solution that doesn’t consume too many system resources.
- Ability to Support a Variety of Systems. Your organizations may be running Windows, Unix, Linux and other operating systems. There may be a mix of identity management, security and logging systems. It’s important to analyze your environment and select a FIM solution that supports all of your requirements.
- Integration with Security Information and Event Management Systems. SIEMs gather data from servers, security tools and other devices to enable centralized analysis for rapid identification of security issues. Integrating FIM with SIEM makes it possible to correlate file tampering with other security alerts to minimize false positives and prioritize response to threats.
Once you begin looking at FIM solutions, you’ll find that they can be expensive and difficult to deploy. A better option may be to choose an integrated solution that provides FIM and other security monitoring functionality in one package. An integrated solution also facilitates a layered security approach that can prevent an attacker from circumventing the FIM system.
AlienVault’s Unified Security Management platform offers asset detection, vulnerability assessment, behavioral monitoring, SIEM and log management, and intrusion detection capabilities in a single, unified solution. Its intrusion detection system (IDS) includes FIM as well as cloud, network and host IDS. It’s available as USM Anywhere, a comprehensive, cloud-native platform that significantly simplifies security and reduces deployment time.
Given the risks of data tampering, you need a solution that can protect your operations and aid in regulatory compliance. Let us show you how AlienVault USM Anywhere addresses this threat and provides key security tools in one simple solution.
