Alert Logic File Integrity Monitoring

Over the last couple of decades, we have seen entire technology categories become commoditized into a feature. For example, Intrusion Prevention Systems have become just a feature in the Next Generation Firewall. In the File Integrity Monitoring category, the most used FIM solutions are either open source tools with high integration and management overhead or commercially licensed point technologies that are feature rich which come at high costs. 

We have spoken to many customers that have chosen the feature-rich, commercially licensed point technologies and the majority of feedback is that it’s not worth the expense of the additional implementation costs, licensing, and on-going management when all they want to do is check the box for PCI Compliance (10.5.5 and 11.5).

This is where Alert Logic File Integrity Monitoring comes in.  This is a cost-effective way to meet PCI-DSS 10.5.5 and 11.5 and it’s included with Alert Logic MDR Professional.  However, our file integrity monitoring feature goes beyond just compliance, it provides rich detection across multiple deployments that allows you to respond to file change data that can provide useful context in an investigation. For example, if critical files are deleted during non-work hours could be an indication of an intrusion or insider threat.

With Alert Logic File Integrity Monitoring you can monitor changes to files and directories of assets associated with your Alert Logic deployments in the Alert Logic console. You can choose to enable 42 pre-populated file paths that span Linux, Windows and Windows Registry. Additionally, we provide you the ability to configure custom file paths or entire directories for monitoring or exclusions. This is important as it will allow you tailor the exact file paths and directors for your deployments that are in scope for PCI-DSS.

Alert Logic File Integrity Monitoring allows you to be aware of file changes and related details in your deployment. The following are examples of what you can monitor:

  • When a file was created and last modified
  • Unauthorized access to specific files
  • Security permission changes, such as newly added permissions, deleted permissions and changes to existing permissions
  • Registry changes, such as changed registry values, removed registry keys and sub keys
  • Changes in system binaries and configuration files, and new processes

We are super excited to bring this compliance checkbox feature to help our customers reduce agent fatigue and more importantly, reduce cost/spend that can be re-allocated to other projects within their organization.  While the primary driver was PCI-DSS this will also help meet other regulatory requirements including:

  • SOX - Section 404
  • NIST SP 800-53 - Control # SI-7 (7) & (8) 
  • HIPAA - §164.312 (b), (c)(1) & (2)
  • SOC 2
  • HITRUST

If you are not a current Alert Logic customer and reading this blog, I leave you with one important question, what would you do if you had an extra $30,000 - $90,000 to spend on security or reallocate that spend to your overall IT budget? At the very least, give us a call or drop us an email and we will save you a lot of money and provide you the best MDR solution in the market.

You can see Alert Logic FIM in action in this demo video.

About the Author

John Pirc - Director of Product Management at Alert Logic

John Pirc

John, currently the Director of Product Management for Alert Logic’s MDR Platform is a seasoned security expert with multinational security and business experience spanning over 20 years. He was most recently the Director of Network Security for Secureworks, Director of Security for Forsythe Technology, Co-Founder and CSO of Bricata, LLC and prior to that, John was the CTO at NSS Labs.  Previously, John had responsibility for all Security products at Hewlett Packard/TippingPoint/HP Security Research, in addition to working as the Director of product management with both IBM Security and Cisco running billion-dollar product portfolios.

John is a published author and frequently takes the stage to speak at Security industry events and has been interviewed on multiple live TV engagements.  John’s greatest professional achievements include working for the Central Intelligence Agency, authoring three books, and being published in Time Magazine.

More Posts by John Pirc