File integrity monitoring
Achieve compliance faster with file integrity monitoring plus the security capabilities you need in one powerful product.
Accelerate Compliance with File Integrity Monitoring
Changes on critical servers often signal a breach. That's why it's essential to use file integrity monitoring (FIM) for your critical systems so you're alerted as soon as file changes occur in critical system files, configuration files, and sensitive data files, as well as log and audit files which could be modified to hide an attacker's tracks. In fact, if those servers are in scope of your cardholder data environment (CDE), PCI DSS requirements 10.5.5 and 11.5 state you must install FIM software to pass your audit.
AlienVault® Unified Security Management™ (USM) helps you meet these PCI DSS requirements by ingesting file integrity monitoring events into the unified platform for threat detection, response, and compliance management. AlienVault USM simplifies security and compliance with centralized visibility of your on-premises and cloud environments, including AWS and Azure, as well as cloud applications such as Office 365 and G Suite, helping to eliminate potentially dangerous blind spots. Our unified platform combines multiple security capabilities within a single pane of glass, including SIEM, log management, intrusion detection, vulnerability assessment, incident response automation, and more, ensuring you have the essential tools at your fingertips to not only demonstrate and maintain compliance, but very importantly, gain crucial full-environment threat detection and response capabilities.
Implement FIM on Your Critical Assets
- Monitor file access to sensitive data in your CDE and know when changes are made to critical files
- Investigate FIM-triggered alarms to identify who accessed, downloaded, and modified critical files
- Easily report out on FIM activities using the built-in PCI DSS reports and create your own custom views and reports for review
Streamline Server Auditing with Combined Host Intrusion Detection and FIM
- Deploy file integrity monitoring, registry monitoring, & host-based IDS together in one solution
- Monitor privileged user activity per PCI DSS requirements
Get Compliance-Ready Faster with Unified Security Essentials
- Meet your compliance objectives faster and on-budget with AlienVault USM
AT&T Cybersecurity is trusted & verified
AT&T Cybersecurity makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices. We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes.
* The ISMS that governs USM Anywhere, USM Central
Implement File Integrity Monitoring on Your Critical Assets
Generally speaking, you should be selective about where and how you enable your FIM solution, since many system and application files will change often in a dynamic environment. You should focus on monitoring the integrity of critical files on in-scope assets to detect unauthorized modifications which could indicate compromised devices or applications. In other words, install FIM wherever you need to monitor changes made to in-scope servers.
The built-in FIM capabilities in AlienVault USM enable you to easily monitor the systems that contain sensitive data within your CDE, whether in the cloud or on-premises, alerting you to changes made to critical files. But it doesn’t stop there, AlienVault USM correlates file integrity monitoring data with other data across the environment, for full visibility and context. Any access or modification to a monitored file is tracked, and the correlation capabilities within the USM platform will generate an alarm to notify you of any anomalous activity against the file. And, though not all accesses and changes require a response, it’s important to monitor all activity to first determine a baseline and then detect any abnormalities like policy violations or potential system compromise. The end result is actionable intelligence that enables you to prioritize accordingly.
Last but not least, AlienVault USM features customizable, pre-defined templates for PCI DSS and other compliance regulations that make it fast and simple to review FIM activity across your environment and quickly generate audit reports on the spot.
The PCI DSS standard is explicit on this. If you need to demonstrate PCI DSS compliance, then you must install FIM on your critical assets to track changes to:
- Critical system files, including system and application executables
- Configuration files & content files, including cardholder data and other sensitive information
- Centrally stored, historical, or archived log and audit files
- Digital keys and credentials used for secure authentication and authorization of entities and users
With AlienVault USM, you get comprehensive visibility and a necessary audit trail, enabling you to easily track changes to critical files, regardless of the asset’s location, enabling you to validate any that changes made were authorized, expected, and did not jeopardize the integrity or security of the data in those files, or negatively impact the security operations of your business-critical systems.
Streamline Server Auditing with Combined Host Intrusion Detection and FIM
Deploy FIM, Windows Registry Monitoring, & HIDS Together
You can simplify the implementation of FIM and a host-based intrusion detection system (HIDS) with the unified AlienVault USM platform, rather than installing multiple single-purpose tools in your environment.
With AlienVault USM, you can perform file integrity monitoring, Windows registry monitoring, and host-based intrusion detection (HIDS), giving you the most robust intrusion detection and change management controls in a single, lightweight solution.
Monitor Privileged User & Administrator Activity
Monitoring privileged user activity on your critical systems and accounts is an essential security best practice. In fact, many regulatory standards, including PCI DSS, explicitly require it.
AlienVault USM’s implementation of host-based IDS enables you to monitor user activity on your critical systems. These events are forensically captured, processed, and correlated with other data to provide the necessary context you need for effective incident response.
Get Compliance-Ready Faster with Unified Security Essentials
While file integrity monitoring is a critical component of PCI DSS compliance, as well as other regulatory standards, FIM tools alone aren’t enough to pass your next audit. You need a broad range of security technologies and capabilities to demonstrate compliance for the other PCI DSS Requirements. And while it may seem tempting to use a standalone file integrity monitoring tool—be it open-source or commercial—to pass your next audit, it's not a viable shortcut to compliance.
For most IT security teams, it is a significant challenge to source, purchase, and integrate all the multiple point security solutions needed to be compliance-ready. Not only does this consume significant time, resources, and budget, but most organizations need to be audit-ready yesterday.
AlienVault USM addresses the urgency, high costs, and complex technical challenges that surround PCI compliance. By bringing together multiple essential security capabilities needed to meet compliance on one unified platform–including asset discovery, vulnerability assessment, threat detection (including malware and ransomware), incident response, and compliance log management and reporting–USM delivers a fast, affordable, and easy-to-use compliance management solution.
Whether your cardholder environments touch your on-premises infrastructure, AWS or Azure cloud, or exist across a hybrid environment, the USM platform delivers a comprehensive set of security technologies and integrated threat intelligence that can be fully deployed in days, not weeks or months. With it, you can get ready for your fast-approaching audit and maintain continuous security and compliance management all year long.
Discover How AlienVault USM Supports
PCI DSS Requirements
PCI Requirement
PCI Sections AlienVault USM Addresses
How AlienVault USM Helps
1. Install and maintain a firewall configuration to protect cardholder data.
1.1, 1.2, 1.3
- Built-in asset discovery provides a dynamically updated inventory of assets across your cardholder data environment, ensuring only authorized endpoints are deployed.
- Capture events relating to configuration changes on firewalls and routers, including when user accounts get updated.
- Discover unauthorized communications, such as between untrusted networks and systems within the cardholder data environment.
2. Do not use vendor-supplied defaults for system password and other security parameters.
2.1, 2.2, 2.3, 2.4, 2.6
- Identify use of default system accounts on Windows machines.
- File Integrity Monitoring can detect changes and access to critical system and application files, and Windows Registry entries.
- Identify vulnerabilities such as where an application may have a cryptographic algorithm vulnerability, and recommend if patches or workarounds are available.
- Identify what services are running, and what ports are open, on systems.
- Built-in asset discovery provides a dynamically updated inventory of what systems are operational in your environment, and what software is running on each.
- Discover and monitor assets running on-premises and in cloud environments (including Azure, VMware, Hyper-V, AWS)
3. Protect stored cardholder data
3.6, 3.7
- Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.
- File Integrity Monitoring can detect when SSH or similar cryptographic keys are modified.
- Unified log review and analysis, with triggered alarms for high risk systems.
4. Encrypt transmission of cardholder data across open, public networks
4.1, 4.3
- Identify when network traffic goes to unauthorized networks.
- Identify systems using compromised or insecure protocols that may increase their risk of being attacked.
- Monitor for changes to Office 365 policies, including Information Management and more.
5. Protect all systems against malware and regularly update antivirus software or programs
5.1, 5.2, 5.3, 5.4
- Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
- Identify for indicators of malware-based compromise, and orchestrate manual and automated actions to isolate infected systems and block malicious domains.
- Monitor and store events from antivirus solutions that could indicate a compromise, or attempt to disable antivirus software.
- Monitor for changes to Office 365 policies, including Information Management and more.
6. Develop and maintain secure systems and applications
6.1, 6.2
- Identify systems susceptible to known vulnerabilities, with systems ranked as 'high,' 'medium,' and 'low' risk vulnerabilities.
- Identify patches or workarounds available to vulnerable systems.
7. Restrict access to cardholder data by business need to know
7.1, 7.3
- Identify attempts to access systems using privileged accounts.
- Identify escalation of privilege attempts.
- Monitor for changes to Office 365 policies, including Information Management and more.
8. Identify and authenticate access to system components
8.1, 8.2, 8.5
- Aggregate logs and events from systems, applications, and devices from across your on-premises and cloud environments.
- Identify attempts to use retired or default user credentials.
- Monitor and alarm on Group Policy errors.
9. Restrict physical access to cardholder data
N/A
- Not applicable.
10. Track and monitor all access to network resources and cardholder data
10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
- Aggregate, analyze, and archive logs and events from systems, applications, and devices from across your on-premises and cloud environments.
- Identify logon success and failures.
- Identify privilege escalation attempts.
- Identify where systems are out of sync with the current time and/or Domain Controller, or for non-typical traffic on port 123.
- Identify unauthorized attempts to access or modify key logs.
- Identify where security tools, such as antivirus and firewalls, have been disabled or have failed to start.
- Captures all user account creation and modification activities.
11. Regularly test security systems and processes
11.1, 11.2, 11.4, 11.5, 11.6
- Assess systems for vulnerabilities, and where found rank them as 'high', 'medium,' and 'low' risk.
- Monitor access to and attempt to modify system and application binaries, configuration files, and log files.
- Monitor user and administrator activities in cloud environments such as Azure and AWS, and within cloud applications such as Office 365.
- Apply labels to alarms.
- Generate incident tickets within popular solutions like ServiceNow, directly from within the USM Anywhere console.
12. Maintain a policy that addresses information security for all personnel
12.1, 12.5, 12.8
- Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.
- Monitor all administrative activities through popular authentication and authorization solutions like Azure Active Directory.
- Monitor network traffic for violations of policy, such as communications that cross your cardholder data environment perimeters.