One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 370151 |
| Date de publication | 2017-05-31 13:00:00 (vue: 2017-05-31 13:00:00) |
| Titre | File Integrity Monitoring Solutions – What Are They and Why You Need One, Part 3 |
| Texte |
With the recent WannaCry ransomware attack still top of mind for many IT professionals worldwide, it’s an important reminder to that you should monitor not just your networks and security devices, but also data on your servers and desktops. In the case of WannaCry, having File Integrity Monitoring (FIM) in place can enable you to detect changes to key data files that WannaCry tries to encrypt and inform you of the threat before the affected asset and its data become unusable and possibly irretrievable.
With emerging variants of WannaCry and the continuous onslaught of attacks against your infrastructure, whether you’re looking to protect a key asset like Active Directory, or perform change audit on any of your critical servers, a File Integrity Monitoring solution should be a part of your security defense. With that in mind, it’s important to re-iterate that FIM is not the ‘silver bullet’ of security solutions, but is definitely a powerful and effective defense that you should have in your IT security arsenal.
In my previous blogs on FIM, I introduced (part 1) the ‘what’ and the ‘why’ behind FIM as one invaluable approach to monitoring for malicious changes to files. I then introduced (part 2) some best practices for FIM, including what files to monitor and how to get the best value from your FIM deployment.
This week I’m going to discuss what to look for when selecting a FIM solution, caveats to be aware of, and how our AlienVault Unified Security Management (USM) products – AlienVault USM Anywhere and AlienVault USM Appliance – can help you implement a multi-faceted security program with its several essential security capabilities, including FIM.
Selecting a File Integrity Monitoring Solution
It can be difficult to find the right solution for your unique environment. Just a quick search on ‘File Integrity Monitoring’ brings up an overwhelming number of search results. But, which to look at and what are the differences among the various solutions?
Well, let’s start with the following list, which will provide you the key things to look for in your final solution:
Agent vs. agentless. Agent-based FIM solutions leverage software agents installed on target systems. They typically yield the most powerful analyses and can deliver change monitoring at or near real-time.
In contrast, agentless FIM tools get up and running very quickly because no agent is required. However, the feature set and depth of functions of agentless FIM tools is generally reduced, and the analysis isn’t real-time. This leaves potential risk from not being able to monitor change when you need it most. If you require the depth and feature richness of an agent-based system, consider a unified approach that integrates multiple security functions into a single agent for a smaller footprint and less management effort.
Standalone vs. HIDS. Some FIM solutions integrate with, or are a part of, a host-based intrusion detection system (HIDS). HIDS capabilities are a superset of FIM capabilities and can detect threats in areas other than files, such as system memory (RAM) or I/O. Standalone FIM tools generally provides file analysis only.
Performance. The more people in the organization you tal |
| Notes | |
| Envoyé | Oui |
| Condensat | related ‘file ‘silver 2017lucky 26th ability able about above accelerated achieve across active activities activity actors addition additional affected against agent agentless agents aggregate aggregated alarm alert alerts alienvault all along also alternatives among amount analyses analysis analyze anomalies any anywhere appliance appliance console appliance deliver rich application applications approach are areas arsenal assess assessment asset assets associated assurance attack still attacks audit available avoid aware aws azure back based baseline baselines because become before behavior behavioral behind being beneficial benefits best between block blog blogs both brings budgets bullet’ but can capabilities capability captured carefully case cases caveats center centers chances change changed changes changing checksum checksums circumvented classes clear cloud collect collection combination come commercial compared complete compliance comprehensive compromise compromised connected consider console constrained consume contains context continually continuous contrast control coordinate core correct correlate correlated correlation cost costs cots cover critical cross dashboards data dedicated defense definitely deliver delivered delivering delivers deploy deployed deploying deployment depth designed desktops detail detect detected detection determine determining deviations device devices differences differs difficult directory discover discovered discovery discovery: discuss don’t dss easy effect effective effectiveness effort either elements eliminating emerging enable enables enabling encrypt enhance ensuring environment environments essential essentials evading even event events every exhibit expensive exploitation external eye faceted false feature file files fim final find first five fixes flagging following fool footprint forensically forensics from functional functions generally generates generating get glass: going graphical happen hardware have having help helping here hids hope host house how however hybrid hyper i’m i/o identify identity ids impact implement implementation important incident incidents include included including incorporates increase inform information infrastructure install installed instance integrate integrated integrates integration integrity intelligence internal intervals introduced intrusion intrusions invaluable investigation irretrievable isn’t it’s iterate its just key know labs lack landscape later latest layered layers learning leaves less lesson lessons let’s leverage lightweight like linux list location log look looking made malicious malware manage management many matter may maybe mechanism meet meeting memory mentioned might mind minimal minimize minutes mitigate mix monitor monitored monitoring monitoring’ more most much multi multiple multiplied must nature near nearly necessary need needed needs: network networks never not number objectives off offer offers older one only onslaught open operating operational optimal organization organizations other otherwise out overwhelming own package pane part particularly pci people perform performance performs physical place plan platform point policy portfolio positives possible possibly potential potentially powerful practices predecessor predictable premises previous prioritize private problem processed product products professionals program progress propositions: protect protected protecting protection proven provide provides providing public purpose put quick quickly ram ransomware rather ready real reasonable receives recent recognize reduce reduced regulations rely remain reminder replacement require required requirements requiring research researching reside resides resource resources respond response rest results retention richness right risk roll rollback rules running saas said same scalability scaling scanning search seconds secure security securityare select selecting sending sensors series server servers set seve |
| Tags | |
| Stories | Wannacry |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.