The capabilities of true File Integrity/Activity Monitoring:
- Detects changes and determines which changes introduce risk
- Determines which changes cause non-compliance
- Distinguishes between high- and low-risk changes
- Integrates with other security point solutions
File Integrity/Activity Monitoring technology helps enterprises to gain visibility and access reports that enable them to know what they did not know before. The capability to detect changes gives IT the possibility to identify authorized changes versus unauthorized changes or possible malicious activities.
FIM provides insight about actual activities and changes being made to the critical infrastructure, and it ensures that operational integrity has not been compromised. It’s also important to understand that while FIM is valuable to PCI, it can and is used to reduce risk of compromise to any IT asset.
File Integrity/Activity Monitoring is a critical capability IT security and compliance need to protect the IT infrastructure and its sensitive data. To be relevant, it must do a lot more than just detect changes. A complete solution must use change detection to help determine whether the changes are good or bad. It must also provide multiple ways to distinguish low-risk change from high-risk change. And it must do this at the speed of change.
In addition, FIM should also work with other security point solutions, like those for log and security event management. Correlating change data with log and event data allows security professionals to better protect their environment, including cardholder data environments. Doing so, allows security professionals to quickly see, trace and relate problem-causing activities with each other. Such visibility and intelligence provides the key for quickly remediating issues before they cause real damage.