Open Source Security Learning Event: Live Q&A: Charity’s Corner- Why FIM?

Atomicorp Announces Live Q&A Series on Open Source Security, Cyberdefense, and Compliance

If you prefer videos and virtual discussions over online reading, you’ve come to the right place.

Atomicorp will be producing a series of live Q&A webinars, where participants can join us in discussing IT security and compliance challenges and capabilities.

In the first session of the series, known as “Charity’s Corner,” we’ll be exploring file integrity monitoring (FIM) as both an advantageous security control and compliance requirement in many regulations and standards spanning NIST, JSIG, and PCI DSS, as well as DISA STIG, FISMA, GDPR, and HIPAA.

FIM is also a best practice in deep and rapid detection, scanning for subtle changes to files and environments. Toward this pursuit, the live Q&A event will delve into how FIM can be deployed to scan files and systems in real time, employing fuzzy hashing to detect, alert, and trigger active response in your Linux, Windows and AIX environments, cloud endpoints and workflows.

Register now.

 

“Q&A: Charity’s Corner – Why FIM?”

Sept. 7, 2023 1:00 PM Eastern Time (US and Canada)

Why FIM, Open Source XDR, and More

Open source extended detection and response (XDR) has its advantages. Crowd-developed open source software comprises an estimated 70-90 percent of any given modern software application and approximately 60 percent of the overall codebase. It provides the foundation for many server and cloud environments including containers and application clusters. Commercial software vendors, whose offerings are ‘technically’ derived from open source software, don’t always fully understand the vulnerabilities or expertise needed to secure the underlying open-source code. (Read the open source security SWOT article.

An open source security (OSSEC) host-based intrusion detection system (HIDS) with advanced FIM provides versatile and deep level monitoring into the software base. It can versatilely be used to monitor the integrity of heterogeneous computing and communications, including the commercial software supply chain, hence, treating and mitigating risk. It requires little vendor dependence and can give you an unbiased, non-assumptive look at the data. 

Atomicorp is an endpoint and cloud workload protection and compliance solutions provider with advanced software capabilities and expertise in open source security and its orchestration to cloud and web endpoints. Our open source XDR FIM works across many modern and legacy operating systems, including real-time FIM in Linux, Windows, and AIX, while supporting major cloud platforms such AWS, Azure, and GCP systems and applications, and many end of life and legacy OSs. Atomic OSSEC’s energetic real-time FIM benchmarks and catches subtle changes, even vanishing trace ones that slip past timer-based detectors in your environment. 

Open-source XDR starts with FIM and so does our Live Q&A series. “Why file integrity monitoring (FIM)?” will be the first in the open source security learning series, a 45-minute interactive presentation and Q&A session.

Join us Sept. 7 to discover and discuss how to:

  • Configure FIM for optimal detection at any endpoint (server, web server, cloud API).
  • Orchestrate real-time FIM and fuzzy hashing as an early-warning system against the sneakiest, subtlest of malware and lateral attacks.
  • Employ FIM controls and tools for compliance as a required part of PCI DSS 11.5, NIST 800-53, and JSIG.
  • Visualize your FIM data in prioritized lists, groups, categories, charts, graphs, and reports, and capture artifacts for forensics, auditing and reporting.
  • Deploy FIM detection over legacy systems such as HP-UX and Solaris to facilitate prevention, compliance, auditing, and reporting there as well.

Register now.

 

Future Episodes in Open Source Security Learning

CVE Scanning, PCI DSS v.4.0, and ModSecurity’s Future in Web Application Security

Future topics on Charity’s Corner will include:

Foundations for Compliance Requirements – FIM and Beyond. The discussion will cover NIST, JSIG, PCI DSS, and other compliance requirements and standards, and the open source AU controls, vulnerability management, and active response that FIM can activate.

Putting the XDR into HIDS with active response. Detection must trigger response. Atomic OSSEC XDR and log-based IDS is loaded with automatic protection rules alerted by an advanced version of the OSSEC HIDS foundation. Our regularly updated open source XDR and vulnerability detection rules keep you in front of threats and attacks.  

CVE and Vulnerability Scanning. Want to be better equipped to detect and resolve software flaws and vulnerabilities? In the future, we’ll be discussing CVE scanning and global threat intelligence producing easier security patching and risk management.   

ModSecurity Rules, WAFs, and Evolving Web Application Security. Discuss how ModSecurity Rules are evolving for deep open-source detection and protection at the web application layer, guarding against denial of service (DoS), cross-site scripting (XSS), SQL injection, while empowering virtual patching of web servers and web hosting panels.  

Ensure Integrity of Commercial Software Supply Chain. Open source security software can remediate specific vulnerabilities or be part of a more widespread and strategic plan to intelligently resolve software bill of materials or supply chain risk for greater defense in depth. (Read the article.) 

Air Gapping. With the notion of zero trust being reincarnated in today’s secure access service edge (SASE) and zero trust network architectures (ZTNAs), the discussion of cutting off risk through air gapping has returned. To find out more about air gapping in the meantime, read the Scott Shinn article


We hope you join us for the first in this live and interactive Q&A webinar series:

 

“Q&A: Charity’s Corner – Why FIM?”

Sept. 7, 2023 1:00 PM Eastern Time (US and Canada)

Sign up for future updates about Charity’s Corner live Q&A events.

Register here. (Please use your company’s or organization’s address.)

 

Watch an overview video of the Atomic OSSEC open-source XDR solution.

Enhance your open source XDR with Atomicorp.

Schedule a demo.