File Integrity Monitoring

Request a Demo

"nCircle’s agentless file integrity monitoring saves tremendous time and money over agent-based solutions."

The Only Comprehensive Agentless File Integrity Solution

File integrity monitoring is critical for security and compliance initiatives, and is a requirement for NIST 800-53 and PCI compliance as well as the Consensus Audit Guidelines. nCircle File Integrity Monitor™ provides an agentless file integrity  auditing solution that gives you the ability to monitor an asset’s details all the way down to the file level without requiring software agents on the monitored system. nCircle’s file integrity monitoring solution discovers significant file integrity detail, such as:

  • File size
  • Version
  • When it was created
  • When it was modified
  • The login name of any user who modifies the file
  • Its attributes (e.g., Read-Only, Hidden, System, etc.)

As an extra safeguard against file tampering, the solution also monitors file checksums – MD5 or SHA-1 on Windows-based systems and MD5 or any user-defined hash algorithm on Unix-based systems - providing cryptography-based monitoring for file changes.

Why File Integrity Monitoring?

File Integrity Monitoring is an accepted best practice for security and compliance and is also a requirement for PCI, NIST 800-53 and the Consensus Audit Guidelines.

NIST SP 800-53 File Integrity Monitoring Requirements

CP-9

Information System Backup

The organization conducts backups of user- and system-level information and protects the confidentiality and integrity of the backup information.

SI-4

Information System Monitoring

Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

SI-7

Software and Information Integrity

The information system detects unauthorized changes to software and information.     



PCI File Integrity Monitoring Requirements

PCI

10.5.5

Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).

 

11.5

Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.




SANS Consensus Audit Guidelines File Integrity Monitoring Requirements

SANS CAG

3.5

The master images themselves must be stored on securely configured servers, with integrity checking tools and change management to ensure only authorized changes to the images are possible.

 

3.7

Utilize file integrity checking tools on at least a weekly basis to ensure that critical system files (including sensitive system and application executables, libraries, and configurations) have not been altered. All alterations to such files should be automatically reported to security personnel. The reporting system should have the ability to account for routine and expected changes, highlighting unusual or unexpected alterations.


How it Works

Files are scanned initially to create a baseline. Then, each time the file is scanned again, according to any period of time you wish to specify, the current configuration is compared against the original. Any changes detected to the file are logged and included in reports.

(Click the screenshot to see a larger image)
nCircle File Integrity Monitor is a fully-featured, agentless file integrity monitoring solution that discovers and monitors file details, with full logging, reporting and alerting on changes.

Agentless File Integrity Monitoring – with DynAgent Technology

nCircle’s DynAgent, patent-pending agentless technology built in to nCircle File Integrity Monitor and nCircle Configuration Compliance Manager, enables organizations to audit every system across their entire global network – comprehensively, cost-effectively, and without installing agents on each monitored endpoint. nCircle solutions combine credentialed access with transitory DynAgents to fully assess hosts, delivering all the power of an agent, with none of the management overhead and complexity. For more information, download our paper on agent-based vs agentless technology.

nCircle file integrity monitoring is available as a standalone solution – File Integrity Monitor – or as part of nCircle Configuration Compliance Manager.