Author Box
Articles Categories
All Categories
Articles Resources

File Integrity Monitoring And The Art of Layered Security

March 15, 2012 | Comments: 0 | Views: 127

There is an art and a skill to building an effective security framework which requires a process, methodology and a set of tools that is right for your environment. The 'art' of good security and compliance requires an integrated and layered approach that can continuously monitor and evaluate all IT System activity in real-time to identify potential risks and threats from both internal and external sources.

The process, methodology and tools come together within this layered approach to provide the security needed to effectively and efficiently protect the environment and ensure a secure and compliant state. One of the best known examples of a formal security standard which utilises a layered security approach is the PCI DSS. PCI compliance requires adoption of all proven best practise measures for data security in order to protect cardholder data.

What is the Art of Layered Security?

The technology should be 'layered' to maximize security - including Perimeter Security, Firewall, Intrusion Detection, Penetration & Vulnerability Testing, Anti-Virus, Patch Management, Device Hardening, Change & Configuration Management, File Integrity Monitoring, Security Information and Event Log Management

The project should be delivered in a phased approach - understand the scope and environment, groups and types, priorities and locations to build up a picture of what 'good looks like' for the environment. Track all aspects of change and movement within this scope and understand how these relate to the change management process. Start small and grow, don't bite off more than you can chew

Utilize an integrated ecosystem of tools - events and changes happen all the time. Ensure the systems have the intelligence to understand the consequence of these events and what impact they may have had, whether the change was planned or unplanned and how it has impacted the compliant state.

File Integrity Monitoring vs. Anti Virus

File integrity monitoring works on a 'black and white' change comparison for a file system. FIM detects any changes to configuration settings or system files. In this way, FIM is a technology prone to false alarms, but is utterly comprehensive in detecting threats.

For each file, a complete inventory of file attributes must be collected, including a Secure Hash value. This way, even if a Trojan is introduced to the file system, this can be detected.

Anti-Virus technology works by comparing new files to a database of known malware 'signatures' and is therefore less prone to false alarms. However, by definition therefore AV can only detect known, previously identified malware and as a consequence is 'blind' to both 'zero day' threats and 'inside man' threats. Similarly, the Advanced Persistent Threat or APT favored for both Government-backed espionage and highly orchestrated intellectual property theft initiatives will always use targeted malware vectors, used sparingly to avoid detection for prolonged periods of time. In this way, Antivirus is also an ineffective defense against the APT.

The Art of Layered Security determines that both technologies should be used together to provide the best possible protection against malware. Each technology has advantages and disadvantages when compared to the other, but the conclusion is not that one is better than the other, but that both technologies need to be used together to provide maximum security for data.

The State of the Art in File Integrity Monitoring

The state of the art in FIM for system files now delivers real-time file change detection for Windows and Linux or Unix. In order to detect potentially significant changes to system files and protect systems from malware, it is essential to not just simply run a comparison of the file system once per day as has traditionally been the approach, but to provide an alert within seconds of a significant file change occurring.

The best File Integrity monitoring technology will also now identify who made the change, detailing the account name and process used to make changes, crucial for forensically investigating security breaches. It is good to know that a potential breach has occurred but even better if you can establish who and how the change was made.

NNT is a leading provider of PCI DSS and general Security and Compliance solutions. As both a File Integrity Monitoring Software Manufacturer and Security Services Provider, we are firmly focused on helping organisations protect their sensitive data against security threats and network breaches in the most efficient and cost effective manner. NNT solutions are straightforward to use and offer exceptional value for money, making it easy and affordable for organisations of any size to achieve and retain compliance at all times. Each product has the guidelines of the PCI DSS at its core, which can then be tailored to suit any internal best practice or external compliance initiative.

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

File Integrity Monitoring


File Integrity


Layered Security


Integrity Monitoring

Windows 8 will change the way you work and play, says Microsoft and we agree. Nearly all of the previous iterations of the Windows OS have been evolutionary but Windows 8 is set to change all that.

By: Sakshi Sharma l Computers & Technology > Mobile Computing l April 03, 2013 lViews: 662

Many antivirus programs available today have various features but it entirely depends on the user to make the best choice from among these different computer virus protection programs online. Before

By: Alex l Computers & Technology > Software l December 28, 2012 lViews: 370

You can add a new color to your entertainment life with iskysoft video converter for mac & iskysoft dvd creator for mac and make your Christmas holidays all the more special. iskysoft video

By: Zaithyn Galter l Computers & Technology > Software l December 23, 2012 lViews: 1070

The choices you make regarding the type of recruiting software you choose to use are important. Being an informed consumer is essential to getting a system or components that complement systems of

By: Maria Warne l Computers & Technology > Software l December 14, 2012 lViews: 306

The Cisco certification has become the most popular IT training in recent days and it offers three different levels of these certifications include as: associate, professional and expert-level.

By: sandidas chakma l Computers & Technology > Certification Tests l December 11, 2012 lViews: 237

Millions of prospective 12th standard students are gearing up their preparations for the Joint Entrance Exam for engineering seats. From 2013, it has been decided by the IITs, CBSE, JEE organizing

By: Sarkariexam l Computers & Technology > Certification Tests l December 07, 2012 lViews: 633

Users of the game Diablo III have had many of their online valuables wrongfully stolen from them. Some of the valuables consist of online currency and precious hard to obtain gear.

By: David Kyl Computers & Technology > Computer Forensicsl June 21, 2012 lViews: 156

SCADA typically refers to computer based industrial control system which basically aids to monitor and control facility based industrial processes and infrastructure. Here industrial processes

By: Ananta Modakl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 183

The reason why the PCI DSS is often seen as overly prescriptive and over-bearing in its demands for so much security process is that card data theft still happens on a daily basis. What's more

By: Mark Kedgleyl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 150

An important part of an private investigation can be preliminarily accomplished with nothing more than a telephone, reliable laptop and an Internet connection. Conducting thorough and successful

By: Joseph C Gioconda, Esql Computers & Technology > Computer Forensicsl June 14, 2012 lViews: 253

Since the birth of computers and computer crimes, a relatively new field called computer forensics has served to expertly retrieve data or evidence from these devices. There are various computer

By: Samora Jinqual Computers & Technology > Computer Forensicsl June 13, 2012 lViews: 157

The best SEO companies provide e-marketing services. These firms train online businesses specifically small-scale proprietors to sell their merchandise in a highly cost effective way to intended

By: Roy Allensl Computers & Technology > Computer Forensicsl June 12, 2012 lViews: 153

The reason why the PCI DSS is often seen as overly prescriptive and over-bearing in its demands for so much security process is that card data theft still happens on a daily basis. What's more

By: Mark Kedgleyl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 150

The Payment Card Industry Data Security Standard (PCI-DSS) has now been around for over 6 years, but every day we speak to organizations that have yet to implement any PCI measures. So what's the

By: Mark Kedgleyl Computers & Technology > Computer Forensicsl February 22, 2012 lViews: 130

Discuss this Article

comments powered by Disqus