Home > Products > Features > File Integrity Monitoring

File Integrity Monitoring

Monitoring change on the file system and in the system registry of a Windows system substantially improves corporate security and availability.

  • Most IT security and operations problems are related to, or result in, an unauthorized or unplanned change on the file system or in the Windows registry.
  • A minor change to an executable or library file is often the only clue IT personnel have that something potentially dangerous has happened on the system.
  • Compliance regulations such as PCI-DSS require file integrity monitoring change on critical devices

Yet within the Windows architecture it is, for all practical purposes, impossible to detect what was changed, much less who changed it and when.

EventTracker’s file integrity monitoring software automatically monitors and detects system change over time and compares these changes with a previously recorded known or trusted state.

The changes are then easily categorized:

  • Authorized vs. un-authorized changes vs. harmless system changes
  • Business knowledge vs. configuration changes
  • Undesired configurations or
  • Known vulnerabilities

Change Detail Analysis

Change detection is also an invaluable tool to help in identifying zero-day Attacks as reactive anti-virus and rule-based firewall systems are not a complete defense

  • Malware signatures are changing constantly
  • Often the same malware can come back in a slight variation that is enough to elude anti-virus systems
  • Zero-days are new and consequently a signature is generally not available.

File Integrity Monitoring for Windows is an effective way to help prevent costly damage from these new attack types.

  • Most infections (Sasser, myDoom, Blaster) hide on your system by adding or modifying an exe or dll.
  • To become infected, something on the system has to change, and EventTracker detects these hidden changes and alerts you.
  • EventTracker enables you to quickly cut through the sheer number of executables and dll’s with misleading, innocuous names to zero in on the ones that have been added, deleted or modified.

EventTracker change audit is fully integrated into the EventTracker architecture. EventTracker stores all the change audit data as both system snapshots for later comparisons and as events in EventVault. Change events can have rules written against them to trigger alerts or any other action available in EventTracker.