Secure Configuration Management & File Integrity Monitoring

Security configuration management, file integrity monitoring, and log and event management are critical to reducing risk in your enterprise. Solutions should deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Key criteria should include:

  • Providing continuous, flexible monitoring of the entire IT infrastructure to immediately determine when changes adversely affect your security and compliance
  • Automating and assure regulatory and policy compliance
  • Delivering actionable, risk-based insight and analytics aligned with business initiatives
  • Measuring security performance against internal goals
  • Offering flexible deployment options including on premise, cloud-based or hybrid
  • File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and the known, good baseline. This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file. Other file attributes can also be used to monitor integrity. Generally, the act of performing file integrity monitoring is automated using internal controls such as an application or process. Such monitoring can be performed randomly, at a defined polling interval, or in real-time.

Data breaches continue to rank as a top threat to corporate environments, as more and more attackers successfully find their way into networks. While there’s no such thing as a 100 percent secure IT environment, taking the fundamental steps to assess and harden IT systems is basic “blocking and tackling” that eliminates the root cause of the vast majority of breaches. These steps include (1) Assess and inventory configurations on all servers and devices, and compare the results to some understood, recognized security standard (like CIS, NIST, or ISO 27001) and (2) Gain immediate, real-time insight into any changes to the files, configurations items and states that define this security standard. By eliminating the “easy ins” (like open ports and unused services, the use of default or easily guessed administrator passwords, or improperly configured firewalls), and keeping continuous watch on these systems, it enables the enterprise to reduce the attack surface while detecting the events and changes that indicate attacks in progress—like security controls disabled by anti-forensic activities, oddly elevated permissions, or unexpected changes to critical files.

Continuous Security Configuration Management (SCM) solutions help organizations of all shapes and sizes successfully automate the hardening of their IT infrastructure and continuously monitor the integrity of those systems. Security Configuration Management is one of the most effective and cost-effective security controls you can implement, and it’s foundational to many regulatory standards and security frameworks. The solution provides best-in-class SCM so you can measurably reduce your infrastructure’s attack surface while improving your security posture. The solution offers agent and agentless, best of breed Policy Management, File Integrity Monitoring, Configuration Management and Discovery solutions so you can effectively automate the configuration management of every device on your network. The next-generation approach delivers it continuously at the speed of change and in context of your business for total visibility of your risk.

ComGuard is the value added distributor for NNT

To learn more NNT CLICK HERE

Our Technology Partners