File integrity monitoring (FIM) has become a critical piece of the security puzzle, especially given the evolving nature of the threat to sensitive corporate data. Today, a new class of attacker has emerged: organized groups of criminal operators that systematically and methodically gain access to systems and remain undetected over a prolonged duration, enabling them to achieve defined objectives, which typically extend beyond immediate financial gain. This scenario is referred to as an Advanced Persistent Threat (APT) and often manifests through breaches that leverage trust relationships such as legitimate accounts to access and compromise targeted systems.
Additional layers of protection, like FIM, are needed to protect sensitive corporate data against this type of threat.
The scope of insider threat expands exponentially with the realization that once an attacker (such as one utilizing a malware infection) is in the system, it is almost impossible to distinguish him from an insider. Many of these cases follow a pattern in which an attacker hacks into the victim’s network perhaps through stolen or weak credentials and installs malware on systems to collect data. The best way to reduce the risk from this type of attack is to deploy file integrity monitoring tools that provide immediate alerts if unauthorized software is being installed or if critical files are modified or accessed by a privileged user.
By detecting unauthorized access and unmanaged change to system files, FIM reduces the risk of: