Attend OSSEC Conference, February 7-10, 2023: Open Source Security, FIM, Malware Detection, and Training

Posted on by Dean Lombardo

Open source software is flexible and free, enabling DevSecOps-oriented IT organizations to get more out of the software without having to wait for commercial vendor developments and updates. Open source software provides the fabric and foundation for Red Hat middleware, Kubernetes container environments, as well as application cluster deployments. It is also commonly used to […]

The Bond Between File Integrity Monitoring (FIM), PCI DSS, and Regulatory Compliance

Posted on by Dean Lombardo

Comprising more than half of all cyberattacks, file-based attacks (.DOCX, .pdf, etc.) enable malware to spread into other files and across different systems. These attacks can be sophisticated, able to use deception to take path-traversal courses to get at sensitive data or spread silently, closing portals and deleting files behind them to hide their presence. […]

5 Ways to Get More Out of an OSSEC Host-Based Intrusion Detection System (HIDS)

Posted on by Dean Lombardo

By Atomicorp  (Get more out of your OSSEC intrusion detection … not just rules and basic detection. With Atomic OSSEC, you get professional support, installation and configuration assistance, multiple threat feeds, vulnerability intelligence, active response (HIPS), FIM, SCAP and CIS compliance tools, web based graphical analysis, and more.)   Free open-source software and free security […]

How to Use OSSEC to Comply With NIST 800-171, A Real-World Use Case

Posted on by Dean Lombardo

Written By Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP During Atomicorp OSSEC Conference 2021, Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP, described how he solves audit and accountability (AU) control and other compliance challenges in NIST 800-171. Complying With NIST-800-171 NIST 800-171 provides guidance to federal agencies to safeguard controlled unclassified information (CUI), and seeks to establish […]

How to Reduce False Positives and False Negatives Using OSSEC FIM

Posted on by Casey Priester

There is no such thing as perfect security. Therefore, having robust detection capabilities is key to determining if you have been hit with a cyber attack that evaded your protection capabilities. One of the most important detection and compliance capabilities today, file integrity monitoring (FIM) provides the ability to detect signs of intrusion or improper […]

Dig Into FIM, ModSec, DevSecOps, and Secure Kubernetes at Atomicorp OSSEC Conference 2021

Posted on by Dean Lombardo

Practice FIM, Web Application Protection, DevSecOps, Kubernetes Troubleshooting— Topics such as file integrity monitoring (FIM), ModSecurity web application security, securing Kubernetes, and the importance of security in DevOps will be explored during Atomicorp’s OSSEC Conference 2021, a four-day virtual conference, Tuesday, Oct. 19 through Friday, Oct. 22. OSSEC Conference 2021 consists of two full days […]

File Integrity Monitoring (FIM) Tools and HIDS – the Foundation for Security and Compliance in a Cloudy World

Posted on by Mike Shinn

File integrity monitoring (FIM) tools and a host-based intrusion detection system (HIDS) are the foundation for security and compliance, including NIST, PCI-DSS, GDPR, and more. HIDS (host-based intrusion detection system) is a security system that monitors the computing devices on which it is installed, the traffic between devices, the containers on the device, and that […]

File Integrity Monitoring (FIM) Tools ‘in Action’ for Endpoint Intrusion Detection and Response

Posted on by sshinn

Your security systems can’t stop an attack unless they detect there is one, making file integrity monitoring (FIM), or the ability to automatically track changes to the environment, crucial in detection and prevention. This detection needs to be not only fast but deep enough to stop the likes of the SolarWinds Sunburst attack, which leveraged […]

Six Ways to Employ FIM Toward Security and Compliance

Posted on by Mike Shinn

“What is advanced FIM – file integrity monitoring? Leading FIM tools all inspect more than just files, they detect threats, prompt rapid response, and provide a foundation for compliance.”  When there’s turnover and shortage of training, skills or personnel, companies turn to software, SaaS, and process automation from the cloud to help them run, manage […]

Meet PCI-DSS and Compliance Requirements With File Integrity Monitoring Tools (FIM) From Atomicorp

Posted on by Mike Shinn

(File integrity monitoring tools are crucial for meeting security and compliance requirements, but they’re also critical to answering the most important question when something happens: What changed? The following blog and FIM whitepaper explore compliance challenges and empowering agents such as FIM.) Compliance challenges. Manually going through logs. Auditing. Tired human eyes missing evidence of […]