Integrity and FIM: It’s More than Just Data Security
Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization’s entire security program.
Fundamentally, integrity ensures that no one tampers with your assets, whatever and wherever they may be. From protecting your network, systems, physical assets, and more, applying integrity to your entire security program can transform your security posture. But first, we need to understand exactly what integrity is.
Defining Integrity
Integrity helps establish what matters to an organization and what it should prioritize. It acts as the basis for trust and reliability and becomes the ultimate measure of system security. True integrity allows for no discrepancy between something’s original and current state. In other words, it proves that a business can trust something’s current state because it has stayed the same from its original, trustworthy state.
Managing integrity is ultimately about managing change throughout your entire environment. Change can be internal or external, authorized or unauthorized, intentional or accidental, benign or malicious. When you take an expansive view of change, it’s clear that managing integrity is at the core of foundational security.
Expanding the Focus Beyond Data Integrity
As we touched on earlier, integrity is one of the three CIA Triad principles – confidentiality, integrity, and availability – that serve as a framework for organizations to make sound cybersecurity policies. In this context, integrity generally focuses on the nature of organizational data and an organization’s responsibility to make sure that external sources don’t succeed in compromising that information. But it does so much more than that.
Here’s how you can leverage integrity across your security program:
- Data – Encompassing data backup and recovery, encryption, blockchain, identity and access management (IAM), and File Integrity Monitoring (FIM), data integrity protects data from being corrupted or tampered with.
- Systems – Through solutions such as FIM, security configuration management (SCM), host-based intrusion detection systems (IDS), vulnerability management and patching, and privileged account management (PAM), system integrity ensures that no one can make unauthorized changes to critical assets.
- Networks – Organizations can maintain the reliability of connections and protect data moving through their network with firewalls, network-based intrusion detection systems (IDS), encryption, virtual private networks (VPNs), and secure remote access.
- Physical Assets – Businesses can protect the facilities and spaces within which critical assets reside through access controls, security monitoring, mitigation of all hazards (fire, water, earthquakes, etc.), and uninterrupted power supplies.
- Process – By implementing process integrity, organizations can ensure they have correctly integrated, configured, and coordinated multiple controls to provide a holistic approach to incorruptibility and resilience. It includes security incident and event management (SIEM), security orchestration, automation and response (SOAR), analytics and reporting, and a well-functioning security operations center (SOC).
- People – The concept of people integrity ensures that organizations can trust the humans who use IT and OT systems, create and use data, and oversee enterprise security efforts. You can achieve people integrity by implementing security awareness training, certification, role-based access controls (RBAC), end-user behavior analytics (EUBA), organizational policy enforcement, and background screening.
What is File Integrity Monitoring?
You’ll notice that FIM solutions help protect multiple types of integrity. As such, they are essential for maintaining integrity across your organization. FIM solutions detect unauthorized changes to critical files, configurations, or system settings by regularly checking and verifying the integrity of files and systems within an organization’s IT infrastructure. They work in five stages:
- Establishing Policies – Organizations first define a relevant policy outlining the specific files and computer systems the solution will monitor.
- Creating Baselines – Businesses determine a baseline or reference point that takes the version, creation date, modification date, and other data that can validate the legitimacy of an asset.
- Monitoring for Change – The solution uses this baseline to monitor designated files for modifications. Organizations may auto-promote expected changes to refine accuracy, thus minimizing false positives.
- Alerts – When the solution detects an authorized change, it notifies security personnel, who investigate and respond.
- Reporting – FIM tools can generate audit reports to validate their efficacy. Some regulations, such as PCI DSS, require this feature to ensure compliance.
Integrity and Tripwire
Organizations can incorporate trust into their people, processes, and technology by building an enterprise security strategy focused on integrity. They only need the right security solutions provider to walk with them and help enable their security efforts.
That’s where Fortra’s Tripwire comes in. The company’s best-in-class technology and services empower customers to focus on the right endpoints in real-time, on-site, and in the cloud and enable intelligent decisions and actions that strengthen security.