While InsightIDR excels at surfacing unknown attacks, it will also help you face a known challenge: demonstrating compliance across your security program. This includes audit logging and log management (e.g. PCI Requirement 10), user monitoring (e.g. NIST CSF Detect), and now, file integrity monitoring (FIM), a regulation mandated across PCI, HIPAA, and GDPR.
Once you deploy the included Insight Agent to your critical assets, you can activate file integrity monitoring to flag any changes to any specified files or directories on that endpoint.
Track changes around: critical system files (system and executable files); content files that contain card data and personally identifiable information (PII); configuration files for critical applications; digital key and credential files for secure authentication and authorization; and historical and archived log and audit files.
While HIPAA is not as prescriptive around FIM, it requires the implementation of policies and tech to safeguard Protected Health Information (PHI) from alteration and destruction. You can use InsightIDR to help monitor items like: ePHI files/databases, system and application executables, configuration files, and log/SIEM audit files
Similar to the above, GDPR requires the protection of personal data files and applications. Use FIM in InsightIDR to monitor the critical config, system, and key/credential files that power your personal data applications.
If an adversary is tampering with critical files, they already have internal access to your network, and are deep in their ATT&CK chain. That’s why InsightIDR uses a combination of user behavior analytics, threat intelligence, and community sharing to ensure you find signs of compromise much, much earlier. Unlike standalone approaches to file integrity monitoring, if you get an alert, you’ll also have valuable context around the users and assets involved, helping you prioritize and assess severity immediately.