Monitor critical assets to address compliance needs
While InsightIDR excels at surfacing unknown attacks, it will also help you face a known challenge: demonstrating compliance across your security program. This includes audit logging and log management (e.g. PCI Requirement 10), user monitoring (e.g. NIST CSF Detect), and now, file integrity monitoring (FIM), a regulation mandated across PCI, HIPAA, and GDPR.
Once you deploy the included Insight Agent to your critical assets, you can activate file integrity monitoring to flag any changes to any specified files or directories on that endpoint.
Meet PCI DSS Requirements 10.5 and 11.5
Track changes around: critical system files (system and executable files); content files that contain card data and personally identifiable information (PII); configuration files for critical applications; digital key and credential files for secure authentication and authorization; and historical and archived log and audit files.
Meet HIPAA 164.312(b), 164312(c)(1), 164.312(c)(2)
While HIPAA is not as prescriptive around FIM, it requires the implementation of policies and tech to safeguard Protected Health Information (PHI) from alteration and destruction. You can use InsightIDR to help monitor items like: ePHI files/databases, system and application executables, configuration files, and log/SIEM audit files
Meet GDPR Article 32-1.b and 32-2
Similar to the above, GDPR requires the protection of personal data files and applications. Use FIM in InsightIDR to monitor the critical config, system, and key/credential files that power your personal data applications.
Defense-in-depth ... and faster investigations
If an adversary is tampering with critical files, they already have internal access to your network, and are deep in their ATT&CK chain. That’s why InsightIDR uses a combination of user behavior analytics, threat intelligence, and community sharing to ensure you find signs of compromise much, much earlier. Unlike standalone approaches to file integrity monitoring, if you get an alert, you’ll also have valuable context around the users and assets involved, helping you prioritize and assess severity immediately.