Upload
tripwire
View
108
Download
1
Embed Size (px)
Citation preview
Introduction: What is FIM?
Common Costs of Cheap FIM
Tripwire True FIM solutions.
2017 - FIM
1997 - Change Audit
2001 - VISA CISP
2004 - PCI DSS 1.0
2006 – PCI DSS 1.1
The overhead on the
endpoint will be too great
ENDPOINT OVERLOAD
FIM will only monitor files on an
operating system
OPERATING SYSTEM
Deploying FIM will generate too
many alerts and false positives
FALSE POSITIVES
Detecting a change doesn’t help
with my security posture
SECURITY POSTURE
No context given around
a detected change on the
endpoint
CONTEXT
Lack of available API’s or integrations
reduces value in the greater security
eco-system
Eco-system Integrations
FIM will only monitor files on a subset of
systems often limited to 100 or less.
Scalability
Open source FIM doesn’t have
the QA, documentation, or
company backing a commercial
product has.
Product Quality
Not all products have the ability to protect
themselves much less the data in your
environment.
Introduced Vulnerabilities
Lack of reporting renders
collected change data
useless.
Reporting
Concerns & Capabilities
True FIM
Solutions
Open Source
Solutions
Bargain-Basement
Solutions
Detects file changes in windows
Reports on file changes
Delivers "who" data & Context
Supports multiple OS's
Reduces Alerts & Noise
Provides Real-time Changes
Ensures Tool Quality & Security
Integrates with policy solutions
Advanced Integrity Reporting
Scalable
Configuration &
Compliance
Management
Log
Management
Vulnerability
Management
Continuous
Monitoring
Operational
Cost Reduction
Threat Detection
and Response
Automation
Risk
Reduction
Context
There is more than just monitoring files—don’t forget Databases, Active Directory,
Virtual Infrastructures, Network Devices and many other custom rules
File Integrity Monitoring is not an onerous task but a foundational control necessary to
achieve integrity and build trust in the security of your systems
Integration with existing technology strengthens and validates the
findings that integrity monitoring solution identifies
tripwire.com | @TripwireInc