File Integrity Monitoring

as a Service

Unauthorized or inadvertent changes to key system configuration files (such as httpd.conf) or router/firewall configuration can lead to security issues. Malware can modify key system files. Bad actors (for example, insider threats) can steal forbidden files. It is important to maintain control of key files and directories.

The Stratejm SIEM provides mechanisms for tracking and detecting key file changes. It can monitor the start-up and running configurations of network devices via SSH. It can monitor configuration files on servers. In addition, the SIEM agents can efficiently monitor large server infrastructures. An alert or report can be generated when the file changes from one version to another or deviates from a blessed, hardened configuration.

Stratejm uses the FIM agent for PCI assets as part of its standard offering. The FIM agent is a highly scalable, centralized cloud app that logs and centrally tracks file change events on common enterprise operating systems in organizations of all sizes. The FIM agent provides its users a simple way to achieve centralized cloud-based visibility of activities resulting from normal patching and administrative tasks, change control exceptions or violations, or malicious activity — then reports on that system activity as part of compliance mandates.

The FIM agent collects the critical details needed to quickly identify changes and root out activities that violate policy or are potentially malicious. As a cloud-based service, the FIM agent allows teams to eliminate the expense and complexity of deploying and maintaining their own point solutions in order to globally comply with change control policy enforcement and change monitoring requirements.