Integrity is one of the three fundamental goals of information security based on the CIA triad, (Confidentiality, Integrity, and Availability). Yet, integrity is probably the most overlooked concept in the information security space today. As an industry, we spend a lot more time and money on confidentiality and availability, than we do integrity.
Below are three basic, real-world examples of file integrity events that we believe should be monitored, alerted, and acted on:
- Critical operating system files are modified
- A new user, particularly an administrative one, is added to a mission critical server
- A new table is created in your e-commerce platform database
It is pretty commonly accepted today among information security teams that compromise isn’t a matter of if, it’s a matter of when. We regretfully tend to agree with this mentality given the state of the Internet and the average environment we see in the field. With the sheer amount of malicious content being generated and the public’s ferocious appetite for the Internet, we wouldn’t expect this to change anytime soon.
File Integrity Monitoring (FIM) helps to identify compromise more quickly, helps to minimize the damage created by an incident, and helps with remediation.