File Integrity Monitoring (FIM) Software | AlienVault

File Integrity Monitoring

AlienVault Unified Security Management (USM) combines File Integrity Monitoring (FIM) with other essential security capabilities to help you meet compliance requirements and get complete security visibility of your on-premises and cloud environments.

{hero_image_alt}

Accelerate Compliance with File Integrity Monitoring

Changes on critical servers often signal a breach. That's why it's essential to use file integrity monitoring software (FIM) for your critical systems so you're alerted as soon as changes occur in critical files, configuration files, and content files. In fact, if those servers are in scope of your cardholder data environment (CDE), PCI DSS requirements 10.5.5 and 11.5 state you must install file integrity monitoring software to pass your audit.

AlienVault® Unified Security Management™ (USM) helps you to meet your PCI DSS compliance objectives with its built-in file integrity monitoring software and much more. USM combines five essential security capabilities into a single platform that simplifies security and compliance management across your on-premises, cloud, and hybrid environments. 

Implement FIM on Your Critical Assets 

  • Monitor access to sensitive data in your CDE and know when changes are made to critical files
  • Investigate FIM-triggered alarms to identify who accessed, downloaded, and modified critical files
  • Easily report out on FIM activities using the built-in PCI DSS reports and create your own custom views and reports for review

Streamline Server Auditing with Combined Host Intrusion Detection and FIM

  • Deploy file integrity monitoring, registry monitoring, & host-based IDS together in one solution
  • Monitor privileged user activity per PCI DSS requirements

Get Compliance-Ready Faster with Unified Security Essentials

  • Meet your compliance objectives faster and on-budget with AlienVault USM

AlienVault Is Trusted & Verified

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices.

We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes. AlienVault is certified compliant for several regulatory and cybersecurity standards, including PCI DSS and HIPAA, among others.

With the AlienVault USM platform, you can be assured of a secure, compliant product to monitor your on-premises and cloud environments and applications. You can request a copy of our compliance audit reports from your AlienVault sales representative.


HIPAA Compliant

PCI DSS Level 1 Service Provider

SOC 2 Type 1 Certified
Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Implement File Integrity Monitoring on Your Critical Assets

Generally speaking, you should be selective about where and how you enable FIM, since many system and application files will change often in a dynamic network environment. You should focus on monitoring the integrity of critical files on in-scope assets to detect unauthorized modification of critical system files, configuration files, or sensitive content files, all of which could indicate compromised devices or applications. In other words, install FIM wherever you need to monitor changes made to in-scope servers.

The built-in FIM tools in AlienVault USM monitor the systems that contain sensitive data within your CDE by alerting you to changes made to critical files. This provides a necessary audit trail and enables you to validate that any changes were authorized, expected, did not jeopardize the integrity or security of the data in those files, and did not impact the security operations of your business-critical systems.

USM Anywhere features customizable, pre-defined PCI DSS reports that make it fast and simple to review your FIM activity, including access and modification of critical files on your Windows and Linux assets, as well as in Office 365 and G Suite.

The PCI DSS standard is explicit on this. If you need to demonstrate PCI DSS compliance, then you must install FIM on your critical assets to track changes to:

  • Critical system files, including system and application executables
  • Configuration files & content files, including cardholder data and other sensitive information
  • Centrally stored, historical, or archived log and audit files
  • Digital keys and credentials used for secure authentication and authorization of entities and users

AlienVault USM centrally manages and monitors file integrity monitoring data. Any access or modification to a monitored file is tracked, and the correlation capabilities within the USM platform will generate an alarm to notify you of any anomalous activity against the file. Even though not all accesses and changes require a response, it’s important to monitor all activity to first determine a baseline and then detect any abnormalities like policy violations or potential system compromise.

Streamline Server Auditing with Combined Host Intrusion Detection and FIM

Deploy FIM, Windows Registry Monitoring, & HIDS Together

You can simplify the implementation of FIM and a host-based intrusion detection system (HIDS) with the unified AlienVault USM platform, rather than installing multiple single-purpose tools in your environment.

With AlienVault USM, you can perform file integrity monitoring, Windows registry monitoring, and host-based intrusion detection (HIDS), giving you the most robust intrusion detection and change management controls in a single, lightweight solution.

Monitor Privileged User & Administrator Activity

Monitoring privileged user activity on your critical systems and accounts is an essential security best practice. In fact, many regulatory standards, including PCI DSS, explicitly require it.

AlienVault USM’s implementation of host-based IDS enables you to monitor user activity on your critical systems. These events are forensically captured, processed, and correlated with other data to provide the necessary context you need for effective incident response.

Get Compliance-Ready Faster with Unified Security Essentials

While file integrity monitoring is a critical component of PCI DSS compliance, as well as other regulatory standards, FIM tools alone aren’t enough to pass your next audit. You need a broad range of security technologies and capabilities to demonstrate compliance for the other PCI DSS Requirements.

For most IT security teams, it is a significant challenge to source, purchase, and integrate all the multiple point security solutions needed to be compliance-ready. Not only does this consume significant time, resources, and budget, but most organizations need to be audit-ready yesterday.

AlienVault USM addresses the urgency, high costs, and complex technical challenges that surround PCI compliance. By bringing together multiple essential security capabilities needed to meet compliance on one unified platform–including asset discovery, vulnerability assessment, threat detection (including malware and ransomware), incident response, and compliance log management and reporting–USM delivers a fast, affordable, and easy-to-use compliance management solution.

Whether your cardholder environments touch your on-premises infrastructure, AWS or Azure cloud, or exist across a hybrid environment, the USM platform delivers a comprehensive set of security technologies and integrated threat intelligence that can be fully deployed in days, not weeks or months. With it, you can get ready for your fast-approaching audit and maintain continuous security and compliance management all year long.

Discover How AlienVault USM Supports
PCI DSS Requirements

PCI Requirement

PCI Sections AlienVault USM Addresses

How AlienVault USM Helps

1. Install and maintain a firewall configuration to protect cardholder data.

1.1, 1.2, 1.3

  • Built-in asset discovery provides a dynamically updated inventory of assets across your cardholder data environment, ensuring only authorized endpoints are deployed.
  • Capture events relating to configuration changes on firewalls and routers, including when user accounts get updated.
  • Discover unauthorized communications, such as between untrusted networks and systems within the cardholder data environment.

2. Do not use vendor-supplied defaults for system password and other security parameters.

2.1, 2.2, 2.3, 2.4, 2.6

  • Identify use of default system accounts on Windows machines.
  • File Integrity Monitoring can detect changes and access to critical system and application files, and Windows Registry entries.
  • Identify vulnerabilities such as where an application may have a cryptographic algorithm vulnerability, and recommend if patches or workarounds are available.
  • Identify what services are running, and what ports are open, on systems.
  • Built-in asset discovery provides a dynamically updated inventory of what systems are operational in your environment, and what software is running on each.
  • Discover and monitor assets running on-premises and in cloud environments (including Azure, VMware, Hyper-V, AWS)

3. Protect stored cardholder data

3.6, 3.7

  • Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect when SSH or similar cryptographic keys are modified.
  • Unified log review and analysis, with triggered alarms for high risk systems.

4. Encrypt transmission of cardholder data across open, public networks

4.1, 4.3

  • Identify when network traffic goes to unauthorized networks.
  • Identify systems using compromised or insecure protocols that may increase their risk of being attacked.
  • Monitor for changes to Office 365 policies, including Information Management and more.

5. Protect all systems against malware and regularly update antivirus software or programs

5.1, 5.2, 5.3, 5.4

  • Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
  • Identify for indicators of malware-based compromise, and orchestrate manual and automated actions to isolate infected systems and block malicious domains.
  • Monitor and store events from antivirus solutions that could indicate a compromise, or attempt to disable antivirus software.
  • Monitor for changes to Office 365 policies, including Information Management and more.

6. Develop and maintain secure systems and applications

6.1, 6.2

  • Identify systems susceptible to known vulnerabilities, with systems ranked as 'high,' 'medium,' and 'low' risk vulnerabilities.
  • Identify patches or workarounds available to vulnerable systems.

7. Restrict access to cardholder data by business need to know

7.1, 7.3

  • Identify attempts to access systems using privileged accounts.
  • Identify escalation of privilege attempts.
  • Monitor for changes to Office 365 policies, including Information Management and more.

8. Identify and authenticate access to system components

8.1, 8.2, 8.5

  • Aggregate logs and events from systems, applications, and devices from across your on-premises and cloud environments.
  • Identify attempts to use retired or default user credentials.
  • Monitor and alarm on Group Policy errors.

9. Restrict pysical access to cardholder data

N/A

  • Not applicable.

10. Track and monitor all access to network resources and cardholder data

10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8

  • Aggregate, analyze, and archive logs and events from systems, applications, and devices from across your on-premises and cloud environments.
  • Identify logon success and failures.
  • Identify privilege escalation attempts.
  • Identify where systems are out of sync with the current time and/or Domain Controller, or for non-typical traffic on port 123.
  • Identify unauthorized attempts to access or modify key logs.
  • Identify where security tools, such as antivirus and firewalls, have been disabled or have failed to start.
  • Captures all user account creation and modification activities.

11. Regularly test security systems and processes

11.1, 11.2, 11.4, 11.5, 11.6

  • Assess systems for vulnerabilities, and where found rank them as 'high', 'medium,' and 'low' risk.
  • Monitor access to and attempt to modify system and application binaries, configuration files, and log files.
  • Monitor user and administrator activities in cloud environments such as Azure and AWS, and within cloud applications such as Office 365.
  • Apply labels to alarms.
  • Generate incident tickets within popular solutions like ServiceNow, directly from within the USM Anywhere console.

12. Maintain a policy that addresses information security for all personnel

12.1, 12.5, 12.8

  • Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.
  • Monitor all administrative activities through popular authentication and authorization solutions like Azure Active Directory.
  • Monitor network traffic for violations of policy, such as communications that cross your cardholder data environment perimeters.
SC Media 5-Star
CRN Partner Program Guide Winner 2017
SC Magazine Awards 2017 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2017
Watch a Demo ›
GET PRICE FREE TRIAL CHAT