Proper File Integrity Monitoring Critical in Light of Big Breaches & Regulatory Pressure

Share and earn Cybytes
Facebook Twitter LinkedIn Email

In light of the recent mega data breaches that have plagued our market over the last year, and the continued escalation of attempted cyberattacks against critical systems during peak periods (i.e. the retail sector POS and payment systems), reported in the Carbon Black Threat Analysis Unit (TAU) report, it is time again to take a closer look at the critical security controls that help to ease the pressure our market faces. 

To compound that pressure, we’ve also experienced a dramatic increase in mandatory cyber-regulations and laws that have been enacted upon the industry to enforce the protection of PII and critical sensitive data (GDPR, California Data Privacy Law, New York’s Department of Financial Services etc.)  

These laws and mandates are placing an increased burden on businesses that are already struggling to keep pace with the necessary requirements they need to protect their systems and core data. There are a number of security technologies and controls that have become vital in helping to prove the effectiveness of enterprise data security policies as well as security control efficacy.  File or data integrity monitoring and control (FIM) is one required security solution that has become increasingly important in helping businesses ensure that they can both protect their infrastructure from data threats but also ensure they can prove the effectiveness of their data protection policy.  Some element of FIM as a requirement can be found in almost every major regulation that is mandated on various verticals in the marketplace today:

Employment of FIM solutions for file control monitoring is growing and the technique holds its place as a standard measure for the modern enterprise.  Investment in FIM controls are also here to stay and are projected to grow to a $1.6B industry by 2025.

File integrity monitoring at its core is the process of detecting changes to files and the associated attributes that determine the type of change.  FIM is generally split into three categories based on the security application for monitoring:

  • File Hash delta based FIM for analyzing system file changes in order to determine good or bad changes to critical system and application files.

  • System configuration monitoring for analyzing the changes to the contents of critical configuration files that could lead to the compromise of systems holding valuable data.

  • File and folder access monitoring, which provides protection for the critical data that companies process, store, and transmit in order to conduct business.

The last FIM category has grown in importance considerably, especially with the pressure on system endpoints to focus on data risk and the liability incurred when not providing adequate proof of security protection for that data.  Further to that, the inability to detect, recognize, and understand unauthorized access to critical data is a paramount necessity in order to satisfy and remain compliant with many data security/privacy laws.  The lack of proper file access monitoring can also be attributed to many historical data breaches within the market.

The following two examples illustrate how Carbon Black extends its file integrity monitoring capabilities to provide analysis of suspicious and/or unauthorized changes in order to facilitate full coverage file access monitoring.

Intercept and alert upon a non-system file within the downloads folder executing and establishing a network connection.

Intercept and isolate a non-system file attempting to make changes to critical system folders

Due to the complexity of building a secure and compliant data protection posture, it’s not uncommon for companies today to find themselves using multiple security solutions to satisfy their file and data integrity needs. Disparate technologies without proper integrations can allow gaps to form within security policies which can lead to exploitable vulnerabilities.  Carbon Black provides a multitude of coverage when it comes to FIM as well as the growing need to provide evidence of a robust data protection policy. 

Carbon Black’s Consolidated Endpoint Security Platform and the Cb PSC (Carbon Black Predictive Security Cloud) can enable businesses to proactively investigate endpoints and identify system file and process vulnerability gaps at strategic intervals to ensure that measures can be taken to keep system hygiene sound and compliance posture up to date.  Carbon Black’s protection and active response solutions can also provide full coverage for monitoring, identifying, and protecting file change and can round out the full spectrum of a robust file integrity monitoring and control solution that will help protect critical data and promote security control measure needed to comply with the toughest cyber-regulations.  

The post Proper File Integrity Monitoring Critical in Light of Big Breaches & Regulatory Pressure appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?