New report issued by Fortrex, Emagined Security and Solidcore reveals the cost of PCI compliance is justified. These PCI requirements exist to protect sensitive data - yet, research indicates that these are among the least satisfied requirements across Level 1 merchants, with almost 40% non-compliance.
Continuous File
Integrity Monitoring:
A New Approach for PCI DSS Compliance
Introduction DSS compliance specifies that changes to existing data in logfiles must be detected, whereas the addition of new data can beWhen it comes to IT infrastructure, a strong compliance posture ignored. For other files, such as critical configuration files, anyrequires two key components: Trusted state and safe change change may be important. When a change of interest occurs,actions. Payment Card Industry Data Security Standard (PCI the FIM solution needs to provide an alert.DSS) compliance, in particular, highlights the need for safechange actions through the following requirements: Approaches to File Integrity MonitoringPPPPPCCCCCIIIII CCCCCooooonnnnntttttrrrrrooooolllll 1111100000.....55555.....55555: Use file integrity monitoring andchange detection software on logs to ensure that existing There are two approaches to file integrity monitoring: Periodiclog data cannot be changed without generating alerts File Integrity Monitoring (PFIM) and Continuous File Integrity(although new data being added should not cause an alert). Monitoring (CFIM).
PPPPPCCCCCIIIII CCCCCooooonnnnntttttrrrrrooooolllll 1111111111.....55555 ----- Deploy file integrity monitoring . PPPPPeeeeerrrrriiiiiooooodddddiiiiiccccc FFFFFiiiiillllleeeee IIIIInnnnnttttteeeeegggggrrrrriiiiitttttyyyyy MMMMMooooonnnnniiiiitttttooooorrrrriiiiinnnnnggggg (PFIM). Traditionalsoftware to alert personnel to unauthorized modification of monitoring solutions can be characterized as PFIMcritical system or content files. solutions. They detect changes to files by schedulingperiodic system scans. They compare changes madeRecent independent research indicates that these are among between scanning periods and report any differences.the least satisfied requirements across Level 1 merchants, with Changes that are made during the actual scanning processalmost 40% non-compliance. This is why many organizations will not be detected.facing PCI DSS compliance are looking at file integrity monitoringsolutions. Anyone evaluating these solutions should be aware . CCCCCooooonnnnntttttiiiiinnnnnuuuuuooooouuuuusssss FFFFFiiiiillllleeeee IIIIInnnnnttttteeeeegggggrrrrriiiiitttttyyyyy MMMMMooooonnnnniiiiitttttooooorrrrriiiiinnnnnggggg (CFIM). Thethat the technology in this area has evolved significantly and a latest technology monitoring solutions are referred to asnew breed of solution is now available. CFIM solutions. CFIM solutions monitor files constantly.Changes are detected as they happen and any violationsare immediately reported.File Integrity Monitoring (FIM)
File Integrity Monitoring (FIM) is the capability to monitor files Comparing the Approachesand directories on a server for change. The changes can bemade to content, permissions or both. Note that only certain Continuous FIM is a newer technology that compares favorablychanges are relevant in a given situation. For example, PCI to Periodic FIM in every respect. The following table comparesCFIM and PFIM against key selection criteria:Continuous File Integrity Monitoring
RRRRReeeeeqqqqquuuuuiiiiirrrrreeeeemmmmmeeeeennnnnttttt PPPPPFFFFFIIIIIMMMMM CCCCCFFFFFIIIIIMMMMMDetect all changes No YYYYYeeeeesssss About Solidcore SystemsIdentify transient violations No YYYYYeeeeesssssCapture rich forensic data No YYYYYeeeeesssss Solidcore is a leading provider of changeOperational trade-offs Coverage vs. Overhead NNNNNooooonnnnneeeee control for critical systems.
As outlined from the table above, there are four main benefits of using CFIM Solidcore's S3 Control software is thetechnology instead of PFIM: industry's first and only solution toautomate the enforcement of change11111..... DDDDDeeeeettttteeeeeccccctttttsssss aaaaallllllllll ccccchhhhhaaaaannnnngggggeeeeesssss::::: Continuous FIM captures every single change to the management policies. Solidcorefile. Periodic FIM will miss changes if more than one change happens between automatically reconciles infrastructurescans. Detecting all changes is important for sustaining compliance because it changes against change tickets, andallows you to see where your compliance policies are being challenged, and provides real-time change auditing soaddresses inappropriate change at the... [download for more]
