File Integrity Monitoring and Siem

Diagram_LogMonitoringAndReviewWhenever the latest headlines or entire Cyber Crime fire scare stories malware such as viruses, the need to evaluate the security standards employed by your organization take on a new level urgency. The 2012 APT (Advanced Persistent threats) Advanced persistent threats are different from ordinary gig or Trojan attack is as the name suggests, advanced technology and engineering, and repeated, in the case of data theft usually sustained for many apt months.

So now largely seen as a government-sponsored cyber espionage in terms of the resources required to set up the attack that, like malware recent fire appears to have backed initiatives in the U.S. or Israeli espionage against Iran. But always look at cutting-edge technologies become the norm a year later, so expect to see more major reach apt-attacks, supported industrial espionage competitors, and ‘hacktivist’ groups such as LulzSec and Anonymous to adopt similar approaches.

The common vector for this attack was targeted spear phishing infiltration organization. The use of Facebook, LinkedIn or other social media to make target identification easier this time, and also what kind of phishing ‘bait’ would be the most effective in tricking the target of providing all-important welcome click on a link or download Phishing offered delicious. has become an established tool for Organized Crime gangs use the same spear phishing techniques to steal data profiled. As an interesting aside about the ‘use’ of organized crime cybermuscle ‘, reported that the botnet prices fall due to oversupply currently available robotic network. If you want to force an organization with their web presence disable threats, arm yourself with global botnets and point it at their website – DDOS attacks easier than ever to orchestrate.

Something Should Be Done … To be clear about what we say here, not the AV or firewall is not used, far from it. APT style threats but avoid both by design and is the first to admit facts – such as the first step to recovery alcohol first step is admitting you have a problem By definition, this type of attack is the most dangerous because any attack smart enough to pass move past the standard defense will certainly be one that is supported by a serious intention to destroy your organization (note: do not mind because it’s just a matter of apt technology for blue chip organizations – that have happened but now the concept and the architecture of apt is mainstream, and the wider community hacktivist hacker would have engineered their own interpretation of apt) So the second fact to take the board is that there is an ‘art’ to provide effective security and that requires a continuous effort to follow the process and cross-check the security work properly effectively.

The news is that it is possible to automate cross check and vigilance we have identified the need for, and actually there are two main technologies used for the detection of abnormal events in the system and verify the security best practices are becoming operated. FIM and Siem – Security Measures Integrity Monitoring FIM Underwritten File or function to record any changes to the file system to the core operating system files or program components, and system configuration settings’ ie user accounts, password policies, services, functionality of software installation, management and monitoring, registry keys and values of the registry, running processes and security policies for setting settings audit policy, the user rights assignment, and security options. FIM is designed to both verify that the devices remain hardened and free of vulnerabilities all the time, and that the file system remains free of malware.

Therefore, although some forms of malware apt managed to penetrate critical server, implemented using both FIM has seen changes in the file system before any protective measures that can be rootkits used by malware to kick in. Likewise Siem or Security Information and Event Management, the system is designed to collect and analyze all audit trail system / event logs and associate it with other information security to provide a true picture of a something unusual and potentially threaten the security happening.

It know that the widely adopted and practiced security standards such as PCI DSS placing elements The elements in their cores as a way to keep the system security and to verify that the key processes such as Change Management observed. At core of any comprehensive security standards is the concept of layered security – firewall, IP, AV, patch, hardening, DLP, tokenization, generating application secure and encrypted data, all subject to the change control procedures are documented and supported by an analysis of the audit trail and file integrity monitoring. Even then the existing standards such as PCI DSS requirements mandated Pen for Testing and vulnerability scanning as additional analysis and summary balance maintained.

Summary In security, your security policy should be built around the philosophy that technology to help secure your organization’s data ‘, but nothing can be taken for granted. Only through continuous training activity monitoring system can actually maintain the security of data, it is very much the essence of art layered security.