Dispelling the Rumors
File integrity monitoring is often misunderstood by IT professionals as being extremely hard to use, very expensive, and a technology that creates tons of false positives all leading to dissatisfaction or discontinued use – that is if it is even installed in the first place.
Another myth many people believe is that Tripwire® is the only FIM product on the market. Because of this, they suffer through with the extremely high costs and product complexity believing they have no other option available.
Advanced FIM tools such as CimTrak break all of these familiar stereotypes by being very easy to use, budget friendly, and more useable through its proprietary features for eliminating false positives. There’s a reason that organizations such as NASA, Cornell University, and the Chicago Stock Exchange rely on CimTrak to keep their assets secure and compliant!
So Happy Together!
As more and more firms deploy them, what role FIM plays with regards to Security Information and Event Managers (SIEM) tools is often a question that IT and security personnel ask. The answer is that it is a complementary technology, helping SIEM’s do their job better by receiving system, application, and file change data directly from the file integrity monitoring tool itself.
This allows the SIEM to combine critical change information with other data streams, allowing for enhanced event analysis and correlation. This benefits the enterprise by learning about security events more quickly, and being able to provide better context surrounding those events. What’s more, alerts raised by a SIEM can be traced back to the FIM tool, which can provide all of the forensic data (who, what, when, how) for the event, allowing for quick and simple root-cause analysis.
Not all change detection tools integrate easily to a SIEM directly from the tool itself, so it is important to inquire if you are running a security information and event manager currently or want to do so in the future. CimTrak integrates with any security information and event manager including HP ArcSight, RSA Security Analytics, IBM QRadar, and McAfee Enterprise Security Manager.