FIM tools and security

Why Old FIM Tools Fail In Agile IT Models

shaane syed / 04.11.16

File integrity monitoring (or FIM) tools can be an important part of intrusion detection and configuration security. When combined with other tools, FIM gives you vital information about your servers for compliance and security.

But too often these tools fall short on security and are relegated to just being a compliance checkmark. As enterprises move aggressively into agile IT delivery models that involve mixed infrastructure, automation, high rates of change, and on-demand IT services, they quickly realize that their old FIM tools oftentimes leave a lot to be desired.

For one thing, these tools are hard to automate and don’t provide robust APIs. This makes it almost impossible to integrate them with other tools and modern, fast-paced DevOps workflows, slowing down development and delivery cycles.

Many old FIM tools either don’t work in the cloud or require multiple management consoles in these environments, which introduces manual overhead for security teams and slows down adoption of elastic infrastructure.

Most FIM tools include agents that have a large footprint on the server since much of the processing is done locally. This can severely impact server performance and drive up overall cost since more servers/instances need to be provisioned to handle the load.

And finally, many old FIM tools generate too many false positives, which drags down security and compliance teams as they try to sift through alerts trying to figure out which ones are real. Traditional tools don’t allow for automated creation of new baselines after a system is patched or a new update is rolled out, creating noise and drowning out small but crucial alerts on actual malicious changes.

The good news is: now there’s a viable alternative to FIM point solutions.

CloudPassage Halo is an infrastructure security platform that delivers FIM, along with other critical controls in an easy-to-deploy, on-demand model.

You don’t need separate management consoles since Halo works in any combination of data centers, private cloud or public cloud – all with a single cloud-based portal and a robust API for seamless integration with existing tools and workflows.

Since the Halo agent is super lightweight (3MB on Linux), it doesn’t tax the servers on which it’s running. Almost all processing is done in the cloud, not on the server, which improves performance and saves money.

Halo virtually eliminates false positives by automating the creation of FIM baselines as part of your development orchestration processes.

And Halo delivers a comprehensive set of controls in addition to FIM, like configuration security monitoring, software vulnerability assessment, strong access control, microsegmentation, traffic discovery, and much more.

That means you can future-proof your security strategy with a single, scalable, comprehensive platform instead of using a bunch of legacy tools that are hard to integrate and expensive to maintain.

We’re ready to make it easy for you to switch from your old FIM tool to Halo. Isn’t it time to reclaim file integrity monitoring as a flexible and effective part of your security strategy and not just a compliance checkmark?

Give us a call or sign up for a free demo and we’ll show you how.