Sorry, you need to enable JavaScript to visit this website.

File Integrity Monitoring

 

Integrity is a must, not a nice-to-have.

When attempting to monitor a system for a potential breach, infection, or misconfiguration, the integrity of files on the systems are akin to built-in canaries in a coal-mine. Stopping a breach or virus in its tracks requires knowledge of how a system is changing, whether it's on a Friday at 9AM or on a Saturday at 2AM. Keeping track of permissions, ownership, and integrity of files on a system is the first step to remediate any active exploitation of an environment and preventing careless errors from taking down your critical operations.

PCI Requirements

10.5.5
Use file-integrity monitoring and change detection software on logs to ensure that existing log data cannot be changed without generating alerts.

11.5
Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files, and configure the software to perform critical file comparisons at least weekly.

The cost of non-compliance is higher than compliance, get fully compliant now

HIPAA Requirements

4.16 Integrity (§ 164.312(c))
(#4) Identify and implement methods that will be used to protect the information from modification. Identify and implement tools and techniques to be developed or procured that support the assurance of integrity.
(#5) Implement electronic mechanisms to corroborate that electronic Private Health Information (EPHI) has not been altered or destroyed in an unauthorized manner. Consider possible electronic mechanisms for authentication such as:

  • Magnetic Disk Storage
  • Error-Correcting Memory
  • Digital Signatures
  • Check Sum Technology

HIPAA requires complex planning and continuous compliance efforts

Government Guidelines

SI-7 - Page 189
Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. State-of-the-practice integrity checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications.

Read more on the NIST guidelines for FISMA standards (PDF)

File Integrity Monitoring done right.

Acting quickly when an unexpected filesystem change occurs can be the difference between a crisis and a minor annoyance. By being able to act intelligently regarding the changes occurring to the important file resources on your systems, the ability to resolve misconfiguration or security breaches before they spiral out of control is now possible. Instead of waiting for your engineers to stumble across a file that accidentally changed or for your forensics team to tell you that you were infected, let us notify you of serious issues, nearly right after they occur.

File Integrity Monitoring (FIM) allows for specific files and directories being monitored to alert whenever file contents, permissions, or ownership is changed. By monitoring your Windows and Linux servers, NetWorks Group is able to catch these changes through our lightweight agent on your system and then analyze the change to decide whether it's an innocuous blip or an indicator of a much more serious problem. With our team of security analysts, we're able to comb through the details to give you peace of mind that changes won't go unnoticed in your environment.

Through a comprehensive integration of FIM and log aggregation, we're able to generate reports to let you know statuses, as requested, on which of your files have changed, how, and when. If you're looking to become compliant with PCI, adhere to rigorous standards put forth by HIPAA, or just want the added assurance that you understand how your infrastructure is changing, let us take care of the hard part and give you all of the benefits.

Don't be the last to know about changes

Servers have a complex deployment of files that require high amounts of integrity to ensure systems run correctly. FIM provides the insight to act accordingly to mitigate failures and attacks before it's too late.

Get a clear picture of how changes have occurred

Trying to make sense of how systems evolve day-to-day or year-to-year can be quite a challenge. Through FIM you can understand when and how files change as well as better correlate the actions of administrators, or, understand the results of a system breach much easier by investigating the state of a given file.

Find disparities among many systems

Since FIM records a unique value to represent the contents of a given file, the ability to compare the value across many systems at any specific period of time exists to decide which systems are out of date or different than the others.

Keep ahead of compliance needs

Whether your organization handles credit card, medical, or other sensitive data, FIM can provide the ability to handle requirements of many standards and regulations interested with protecting private information. By knowing the status of a file's integrity, FIM allows for assurances that what you think is there, hasn't changed or been manipulated improperly.

Our approach to File Integrity Monitoring.

Powerful technologies often come with a few road bumps in properly deploying and managing the requisite software and hardware involved. NetWorks Group streamlines this process for your organization by doing the heavy lifting of the complex File Integrity Monitoring backend and reporting services. Let our team worry about the details and we'll be there when you need us. Whether it's getting you a report of recently changed files, alerting you to worrisome results, or just giving you a better night's sleep about the integrity of your infrastructure, we're here to make it all happen.

Support For Your Server

Our File Integrity Monitoring deployment supports a variety of versions for both Windows and Linux. Having support for most deployment types helps to ensure that whether your infrastructure is a lot of Windows servers and a few Linux servers, or vice versa, we'll be able to provide the monitoring you require. With NetWorks Group, you don't have to compromise on coverage.

Trusted Technologies Count

By utilizing Trend Micro's OSSEC File Integrity Monitoring solution and our powerful log aggregation and reporting technology, ClearView, NetWorks Group can provide your organization with a comprehensive solution. Our FIM offering provides your organization with the trusted brands you've come to respect but without any of the overhead or learning curve that can sometimes comes with a new product.

Policies Aren't Always Easy

Configuring and monitoring FIM can be a challenge and time-sink for many organizations. With NetWorks Group on your side, we'll be able to guide your policy decisions to help make sure that your most important data is being watched for changes, 24/7/365. Whether you have one or one hundred servers, we're ready for the challenge to bring integrity back to your environment.

Don't Leave Integrity to Chance

By utilizing real-time filesystem monitoring, OSSEC is able to see changes on your supported platforms as they happen and report back to our powerful log aggregation system. When ClearView receives the events, NetWorks Group analyzes and reports upon the changes and then provides a clear picture of how a system is evolving.

We're Watching and Waiting

Our security analysts are trained to understand how changes to files may affect an environment. Whether your Windows or Linux system has a flurry of changes or just a trickle, we monitor the events and alert you when we notice a change that could be indicative of a threat or misconfiguration.

Compliance and More

NetWorks Group File Integrity Monitoring allows your organization to meet many different compliance requirements with one simple service. Our process allows your team to have insights they have not had prior by being able to find out when and how files have changed, which files are different across systems, and how active administrators are with a particular host.

The right combination for integrity.

At NetWorks Group, we're aware that navigating through the landscape of how products become solutions can be difficult and unclear. We've integrated two products that offer the power, speed, efficiency, and technology needed to solve the problems of File Integrity Monitoring that your team wants handled.

Trend Micro OSSEC

Trend Micro's OSSEC File Integrity Monitoring software is an open-source product with active development that provides first-class FIM technology to a variety of supported platforms. Using OSSEC, we're able to ensure that the technology behind our FIM service is in the top of its class and deliver a wide-array of functionality to this difficult problem of system integrity.

Trend Micro OSSEC


NWG Technologies Clearview

Utilizing NetWorks Group's technology ClearView allows for us to aggregate, correlate, and report upon the changing landscape of your system's files and directories. By integrating tightly with OSSEC log and event data, we're able to provide the comprehensive approach to FIM that we do with all of our other managed services.

NWG Technologies Clearview

Reach Out Today!

Personal Information
Company Details
What are you interested in?
Anything else we should know?
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
5 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Subscribe to our mailing list.

* indicates required