Cyberthreats targeting operating systems have a variety of tactics, techniques, and procedures that they use to perform their attacks. A growing challenge in cybersecurity is keeping up with new pieces of malware that don’t use traditional files to launch their payload. New threats like fileless malware hop around systems and stealthily compromise data without being picked up by old-fashioned antivirus scanners.
File Integrity Monitoring (FIM) is a cyber defense technique that can help detect stealthy attacks on operating system files. Unlike traditional antivirus software, FIM programs keep a 24/7 watch over critical files, folders, directories, databases, and other pieces of company data, and alert administrators whenever an attack on the data’s integrity is detected. By alerting admins to anomalous behavior against data, FIM programs can help detect and stop stealthy cyber attacks that perimeter security technologies may not catch. FIM is also useful for detecting insider attacks that may involve disgruntled employees trying to compromise a critical piece of company data.
FIM tools are configured by providing a baseline state of the selected data. The baseline is complemented by a cryptographic hash of the data, which enables easy detection of any tampering. Whenever a deviation of the baseline or hash is detected, the FIM raises an alert to the admin. Since FIM tools only detect an intrusion and don’t intervene to stop it, they are categorized as a detective control.
There are several options for FIM tools on the market. FIM tools should be implemented on servers, since data compromises are a very common threat facing servers, especially public-facing ones like web or FTP servers. Assuming you are running Linux as your server OS, you can download and configure AIDE (Advanced Intrusion Detection Environment) for a comprehensive FIM solution. On the Windows side, two classic enterprise-grade FIM solutions are OSSEC and Tripwire. Like AIDE, OSSEC is open source and thus recommended for small businesses with tighter cybersecurity budgets.