Utilize File Integrity Monitoring to Address Critical Compliance Needs

Last updated at Mon, 28 Oct 2019 17:46:51 GMT

With data breaches too often in the news, businesses have been tasked with the nonstop and never-ending activity of monitoring critical systems and keeping up with regulatory standards and laws such as PCI DSS, HIPAA, and GDPR.

Some of these standards require you to deploy a file integrity monitoring (FIM) internal control within your operating environment to protect your organization’s critical assets and data. For PCI DSS, those specifically include your cardholder data environment, and for HIPAA, it is any system that stores or transmits patient data.

To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring for InsightIDR.

What is FIM?

A FIM solution actively watches the changes of files within your environment. By monitoring file modification activities, InsightIDR provides key metrics to detect suspicious behavior applied to critical system files that don’t often change and to privileged data files being sabotaged.

FIM compliance rule coverage and benefits

InsightIDR FIM provides specific coverage for the following compliance requirements:

• PCI DSS Requirement 10.5
• PCI DSS Requirement 11.5
• HIPAA 164.312(b)
• HIPAA 164.312(c)(1)
• HIPAA 164.312(c)(2)
• GDPR Article 32-1.b
• GDPR Article 32-2

PCI

For example, the PCI DSS standard explicitly requires the demonstration of compliance via FIM. Specifically, PCI DSS mandates that you track changes on critical assets such as the following:

• Critical system files, like system and executable files
• Content files that contain card data and personally identifiable information (PII)
• Configuration files to critical applications, such as a database storing card and PII data
• Digital key and credential files for secure authentication and authorization
• Historical and archived log and audit files

HIPAA and GDPR

Like PCI DSS, HIPAA requires the implementation of policies and technologies to safeguard protected health information (PHI) from alteration and destruction. Similarly, GDPR requires the protection of personal data files and applications:

• Configuration and system files to critical PHI/personal data storage applications
• Configuration and system files to critical PHI/personal data transportation/communication applications
• Digital key and credential files to access critical PHI/personal data applications

UBA

In addition to compliance coverage, FIM expands InsightIDR’s industry-leading user behavior analytics (UBA) to apply to file modification events. New file modification events may be looped into an investigation to fully understand the critical file modifications as they relate to a user’s other actions within your environment. Additionally, file modification events may be aggregated into fully customizable dashboard charts to better understand FIM visually within your environment. The charts and underlying data may be exported for your auditor to peruse.

Powered by Insight Agent, monitor in near-real-time

Taking advantage of the Insight Agents already deployed, InsightIDR FIM adds another layer of compliance visibility and critical file-change tracking to an already robust suite of security tools. InsightIDR enables you to keep watch and validate critical file changes that may endanger your business and customers.

Getting started with FIM in InsightIDR

Let’s take a look at how Rapid7 can help you achieve your compliance needs and reap the value of InsightIDR.

FIM for InsightIDR runs on common Windows Audit Policy configurations with which IT teams should be intimately familiar. Take a look at the InsightIDR help page to set up FIM in your environment. As a trusted advisor to your compliance and security needs, Rapid7 offers recommendations to FIM configurations, which will be updated accordingly as the industry moves forward and we learn more over time.