Open source software is flexible and free, enabling DevSecOps-oriented IT organizations to get more out of the software without having to wait for commercial vendor developments and updates. Open source software provides the fabric and foundation for Red Hat middleware, Kubernetes container environments, as well as application cluster deployments. It is also commonly used to […]
Comprising more than half of all cyberattacks, file-based attacks (.DOCX, .pdf, etc.) enable malware to spread into other files and across different systems. These attacks can be sophisticated, able to use deception to take path-traversal courses to get at sensitive data or spread silently, closing portals and deleting files behind them to hide their presence. […]
By Atomicorp (Get more out of your OSSEC intrusion detection … not just rules and basic detection. With Atomic OSSEC, you get professional support, installation and configuration assistance, multiple threat feeds, vulnerability intelligence, active response (HIPS), FIM, SCAP and CIS compliance tools, web based graphical analysis, and more.) Free open-source software and free security […]
Written By Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP During Atomicorp OSSEC Conference 2021, Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP, described how he solves audit and accountability (AU) control and other compliance challenges in NIST 800-171. Complying With NIST-800-171 NIST 800-171 provides guidance to federal agencies to safeguard controlled unclassified information (CUI), and seeks to establish […]
There is no such thing as perfect security. Therefore, having robust detection capabilities is key to determining if you have been hit with a cyber attack that evaded your protection capabilities. One of the most important detection and compliance capabilities today, file integrity monitoring (FIM) provides the ability to detect signs of intrusion or improper […]
Practice FIM, Web Application Protection, DevSecOps, Kubernetes Troubleshooting— Topics such as file integrity monitoring (FIM), ModSecurity web application security, securing Kubernetes, and the importance of security in DevOps will be explored during Atomicorp’s OSSEC Conference 2021, a four-day virtual conference, Tuesday, Oct. 19 through Friday, Oct. 22. OSSEC Conference 2021 consists of two full days […]
File integrity monitoring (FIM) tools and a host-based intrusion detection system (HIDS) are the foundation for security and compliance, including NIST, PCI-DSS, GDPR, and more. HIDS (host-based intrusion detection system) is a security system that monitors the computing devices on which it is installed, the traffic between devices, the containers on the device, and that […]
Your security systems can’t stop an attack unless they detect there is one, making file integrity monitoring (FIM), or the ability to automatically track changes to the environment, crucial in detection and prevention. This detection needs to be not only fast but deep enough to stop the likes of the SolarWinds Sunburst attack, which leveraged […]
“What is advanced FIM – file integrity monitoring? Leading FIM tools all inspect more than just files, they detect threats, prompt rapid response, and provide a foundation for compliance.” When there’s turnover and shortage of training, skills or personnel, companies turn to software, SaaS, and process automation from the cloud to help them run, manage […]
(File integrity monitoring tools are crucial for meeting security and compliance requirements, but they’re also critical to answering the most important question when something happens: What changed? The following blog and FIM whitepaper explore compliance challenges and empowering agents such as FIM.) Compliance challenges. Manually going through logs. Auditing. Tired human eyes missing evidence of […]
