File Integrity Monitoring Stops Threats Before They Have a Chance to Start
Despite every effort to maintain good access control, critical, static files will change on endpoints in your environment. While some files will change simply as a part of using a desktop, laptop or server, core operating system and application files should never change unless they’re being patched or upgraded. If those files are compromised by malware or are replaced with older, deprecated versions, new threats and vulnerabilities can make their way onto your technology assets, and the results can be devastating. You need to know when files change, and the contextual information to understand why.
FIM can solve these problems and more
Promisec Enterprise Manager provides File Integrity detection monitoring
File integrity monitoring (FIM), a fully-integrated feature of the Promisec Enterprise Manager (PEM) platform, allows system administrators and managers as well as security professionals to gain immediate insight into critical files and directories that have changed over time. PEM delivers true, hash-based FIM capabilities, allowing security and IT operations professionals to quickly identify changes that are suspect.
In addition, PEM can automatically correlate this information with other intelligence data provided with the PEM platform to determine whether those changes are legitimate, or whether they point to operational or security problems within the environment. Unlike other endpoint detection and response (EDR) products that either have no native FIM capability or charge separately for a File reputation or threat intelligence feed or module, Promisec Enterprise Manager provides FIM as an out-of-box capability that provides seamless integration with other data collected within the PEM cyber intelligence engine, allowing security and IT operations personnel to gain a deeper understanding of what is really affecting and influencing their end points. And of course, like all other components of the PEM platform, our file integrity monitoring software can be run 100% agentless.
PEM has built-in file reputation feeds and connectors to 3rd party advanced malware engines
Promisec's file reputation service is fully integrated into the Promisec Endpoint Manager (PEM) platform, and delivers analysis captured from the globally-respected VirusTotal database. Unlike most other products on the market, Promisec includes a license to VirusTotal. And just like every capability within the Promisec platform, our file reputation service requires no agents or other endpoint components. Within minutes you will know which processes are advanced threats and malware, which are suspicious and which are unknown and require further analysis using built-in connectors to the most relevant advanced threat analytics and malware detection engines from vendors like Blue Coat, FireEye and Palo Alto.
ADVANCED USE CASE SUPPORT
USING THE CYBER MODULE
FIM AND FILE REPUTATION
PEM + PORTKNOX + HP ARCSIGHT