By Mike Buckley | Presales Consultant at Nettitude
49% of US organisations have suffered a data breach in the past year. With almost half of the nation’s businesses losing critical data, something is surely wrong.
Data is considered as one of the most important assets a business can have; it’s essentially the life blood of any organisation. Yet two of the biggest concern’s businesses have is the privacy and security of their data - and rightly so as once it’s compromised, it can cripple an organisation rapidly. Research from the University of Maryland indicates that hackers are active across the globe every 39 seconds. This means that a single computer unit could be under attack multiple times, every minute of the day. But how would you know If there’s a security breach?
File Integrity Monitoring (FIM) software is one of the solutions to this challenge, yet many businesses are unaware that this tool is available to them. However, in the words of Nicolaus Copernicus – To know that we know what we know, and to know that we do not know what we do not know, that is true knowledge.
Been as you’ve landed on this blog post; you’ve taken first step is identifying that your organisation could benefit from FIM. The second step is to find out what FIM is and how it works exactly.
This is where we can help!
What is File Integrity Monitoring (FIM)?
File Integrity Monitoring, commonly known as FIM is a product or service that monitors computer files for changes in content and/or property, such as timestamps. FIM can track how and when the files were changed, who by and depending on product and service, may auto-remediate by replacing the file with a good known backup - or at least offer some manual remediation options.
When we look at coverage, FIM can be deployed pretty much anywhere; Cloud, on premise, and on a variety of systems, web, database, in fact anything that stores your critical data and isn't a SaaS type product.
Why would you need File Integrity Monitoring (FIM) Software?
Not sure if your business needs FIM software to assist in protecting the integrity of your data? FIM software can work alongside your IT team or CISO to extend their capabilities further in monitoring and protecting your data. Unless you have heads on a swivel, FIM can be an essential safety net and will give your IT team some peace of mind so they can concentrate on other important tasks.
Let’s take a look at some of the key benefits of deploying FIM software.
Releasing you’ve been breached
By monitoring files in the way described above, security teams can detect unplanned and possibly malicious changes to files. This is important – taking an example of a critical web facing application; if the configuration files for that webpage are changed to deploy malware or deface the content etc., the changes can be detected as they happen. There is no delay waiting for a customer or user to report the damage.
With todays sophisticated attacks evading security defences, the changes to critical files may be the first sign of compromise.
Of course, there is also the compliance aspect. Some compliance standards such as PCI-DSS (and other global security standards) demand that existing Cardholder Data Environment (CDE) log data and other critical files are monitored for changes. FIM is one way this can be achieved.
Assisting your IT Team
Today, it’s not uncommon in SME’s for an IT team to be the lifeline of the business, relied upon by any and every department, client and external body that interacts with your organisation. However, the pressure of a heavy workload can make it all the more easy for a data breach to silently slip right by your team.
What can File Integrity Monitoring do that an IT team cannot?
Many organisations depend of their IT team or CISO to defend the integrity of their organisations data. While FIM is critical for Enterprise size organisations, it’s also highly important for SME’s as the physical capacity of an IT team can’t effectively monitor 100% of data. Below is some of the ways FIM systems can connect the gaps between human capacity and a managed service.
Your organisation will naturally hold a lot of data. Being able to control access permissions for different user groups within your organisation is a highly effective way of ensuring data isn’t exposes to employees that don’t need to see it. For example, your Marketing team don’t need to access that file where accounts store all their data. FIM enables you to set permissions so that only essential groups have access to the right data.
Minimising Human Error
Ever hit send on that email to accounts departments, only to realise you sent it to the client? It happens to the best of us. Yet in a busy environment, these kinds of mistakes are not always picked up. FIM software gives you the ability to monitor when and where your organisations data is being shared, enabling you to remedy the situation faster.
Identifying an Attack
By monitoring your files using FIM software, you’re not only able to see where data is coming in and out of your organisation, you can potentially see the source of cyber attacks too. Today, there are a number of sophisticated tools that hackers use to gain entry to your systems, but FIM software could enable you to pick up a trace on the attack through things like a source IP address and the breach date and time, helping you to resolve the issue faster.
The challenges to deploying FIM software
Effectively configuring and deploying an FIM solution can be challenging, as with many security products. One of the reasons is that FIM has a reputation for being particularly noisy in the generation of alerts. In addition, the alerts may lack context making investigation and remediation more difficult than they should be.
Another is exacerbated by FIM systems generally being an “addon” to a security product that has a different focus, such as a SIEM tool.
At Nettitude, we benefit from a highly experienced team that have the right tools and knowledge to be able to deploy FIM software effectively within your organisation. Our experienced Security and Network Consultants will work closely with your IT team to ensure we set your FIM software up in a way that cuts through the noise and assists your team and not hinder them.
Overall, when properly configured and deployed, a FIM solution is an important addition to any security toolkit - always think about the mantra of defence in depth.
Interested in finding out more about how your organisation could benefit from FIM software? Don’t hesitate to get in touch with your local Nettitude team.