Comprising more than half of all cyberattacks, file-based attacks (.DOCX, .pdf, etc.) enable malware to spread into other files and across different systems. These attacks can be sophisticated, able to use deception to take path-traversal courses to get at sensitive data or spread silently, closing portals and deleting files behind them to hide their presence.
File integrity monitoring (FIM) is an internal control process that checks text files and strings for anomalous changes, dangerous payload, configuration errors, and connective system hygiene compared against an established baseline, without having to examine the entire file. It is a crucial capability to have toward managing internal data, customer information, and IT performance.
What file integrity monitoring (FIM) can do:
Digital data is stored in files, log files, organizational systems, servers, and public and private cloud and virtual application servers. You need early file detection to be able to monitor and manage traffic to, from, and within these data repositories and endpoints, to identify and prevent the insertion of malicious instructions and informational and IT theft and misuse.
FIM can be deployed across AWS, Windows and Google APIs, your hardware servers, virtualized instances, and encryption standards, to protect the integrity of log files, systems, and your control of the data for security and compliance. Files monitored include configuration information, executables, tables, libraries, and registry files, across network and cloud devices, web servers, firewalls, and cloud workloads.
With Atomic OSSEC FIM, customers can:
- Detect attacks in their early stages as the attacker lands and starts changing things in your environment. Employ sophisticated detection of zero day, malware, and vulnerabilities to stop threat actors seeking to change your digital computing environment.
- Identify and contain a breach. Atomic OSSEC provides active response to your detection via advanced open source security (OSSEC) rules, global threat intelligence, and built-in compliance controls. The FIM technology digs into file changes, detects log anomalies, repels sudden brute attacks including DoS, and alerts response to vulnerabilities and threats.
- Monitor configuration files, DLLs, software installed, services running. Be able to study service availability and performance metrics and remove unauthorized access, malware and spyware that bites into optimal performance, via a lightweight agent that doesn’t drain your systems. Scan on bootup, inspect hash values, inspect file characteristics, apply MFA credential management, and back up records for accountability as to who or what did what when.
- Meet regulatory and standards compliance requirements and recommendations such as CIS, NIST, FISMA, and PCI DSS, which call for regular file comparisons, file and system change monitoring, and the collection of artifacts.
- Visualize and actively respond to patterns. Atomic OSSEC comes with a GUI powered by the powerful FIM and intrusion detection engine. Using the GUI, you can generate reports, and search, correlate, visualize, and further analyze events and series.
Atomic OSSEC File Integrity Monitoring (FIM) for NIST 800-171 and PCI DSS Requirements 10.5 and 11.5
Atomic OSSEC provides advanced FIM for best-practice advanced security and compliance with regulations including PCI DSS, NIST, JSIG, and FISMA, and it meets the performance requirements in HIPAA and GDPR.
For Payment Card Industry Data Security Standard (PCI DSS), Atomic OSSEC supplies the majority of required controls, including FIM-specific requirements 10.5 and 11.5.
- PCI DSS Requirement 10.5 demands that secure audit trails cannot be altered, and Atomic OSSEC provides control and captures the full change history for investigations, response and remediation.
- PCI DSS 11 specifies intrusion detection and prevention techniques, and Requirement 11.5 requires FIM or a change detection mechanism to alert security personnel to unauthorized changes to critical system files, configuration files or content files. Atomic OSSEC provides an overarching intrusion protection system that is configurable to perform critical file comparisons once a week or as often as needed.
Atomic OSSEC meets PCI DSS Requirement 10.5 and 11.5 for FIM criteria. It provides a host-based intrusion prevention system (HIPS) for your computing infrastructure, coming with built-in detection and response for major OSs and cloud and container platform APIs, as well as for equipment running on legacy systems such as AIX, HP-UX and Solaris.
Orchestrate file integrity monitoring (FIM) across your computing infrastructure:
- Group your servers and manage and secure your endpoints, OSs, and cloud environments.
- Deploy checksum for payload inspection and traffic filtering. Atomic OSSEC drills in to further enable you to see what’s inside. Examine files to see what changed at the file and log levels. Block the malicious code, and then get log alerts and messages to manage vulnerabilities and prevent data misuse, tampering, and malicious insertion.
- Harden configuration and device control. Use Atomic OSSEC FIM to detect and thwart unauthorized requests and deploy zero trust file access security.
- Audit your file systems and tighten security and compliance controls. Be able to deal with evolving changes to standards and compliance requirements such as CIS, FIPS, PCI DSS version 4.0, and NIST. Atomic OSSEC comes with the security controls and adjustable compliance templates built into the software. (See Figure 1.)
Figure 1. FIM for PCI DSS Detection and Change History
FIM for Advanced Security and Compliance: Join OSSEC Conference 2023
Join Us for Atomicorp OSSEC Conference 2023, where using FIM for PCI DSS and regulatory compliance will be technically addressed. Register for the free Conference Sessions on Feb 7th and 8th. You’ll then also have the opportunity to register for the hands-on Training Session for Feb 9th & Feb 10th.
Register for OSSEC Conference 2023.
Learn more about Atomic OSSEC for FIM and Compliance.
Watch Atomic OSSEC FIM in action.
Meet PCI DSS 6.6 with Atomicorp web application scanning
The Atomicorp solution can come with a web application firewall (WAF) you can customize and virtualize to scan your web application environments. Spin Atomic ModSecurity Rules into custom compliant web architectures, and analyze, benchmark and report within a graphical user interface (GUI).
- Discover Atomic WAF to wield a WAF out of the box.
Get Atomic OSSEC with a WAF. Contact us.