Here's how FIM works; how to find FIM tool vendors; a sampling of FIM tool vendors. Last blog I ran out of time and space. This blog covers how FIM works and where to search for vendors that provide related tools.Here’s how File Integrity Monitoring works. The files of interest are scanned initially to create a baseline. Then, each time the file is scanned again, according to any period of time you wish to specify, the current configuration is compared against the original. Any changes detected to the file are logged and included in reports.The results of a file scan are stored as a hashed value, a one way encryption technique that is used for verifying other data that is too important to be stored in the clear, such as user credentials. The hash value of a rescanned file is compared with the hash value of the initial scan and if a difference appears, then a change was made.Various vendors of FIM tools can define the granularity of their reporting by how granularly they decide to store subsets of data within a file. For instance some vendors will test and report upon changes to access permissions to a file and details about what has been changed within a specific permission. Vendors of FIM tools also differ in how their tool is deployed and the deliverables. So some of the key variables to consider when evaluating FIM tools are:• Granularity of reporting. • Are agents required on each endpoint and what is the total lifecycle cost of managing the agents.• Can the tool provide more than FIM, such as the ability to communicate with a policy compliance software tool.• Triage of vulnerabilities by risk and can risk levels be ascribed by the user.• Auto discovery of files in order to identify forgotten files / servers.• Flexibility in scheduling and period for re-scanning.• Ability to remotely manage the tool. FIM VendorsVendors can be easily found by using keyword phrases such as: file integrity monitoring, file integrity checking, file integrity monitoring comparison, file integrity managing, file integrity monitoring, Windows file integrity monitoring, and open source file integrity monitoring. You will find many vendors including:Cimtrak, File and Server MonitoringTripwire, maintaining a desired state Bit9, file integrity monitoring and registry protectionSymantec data loss prevention (DLPWebsense Data Security Solutions (DSS)Ncircle Agentless File Configuration AuditingLogRhythm FIM Windows file integrity checkersWindows file integrity checkers Hope this is helpful. Have a secure week. Ron Lepofsky CISSP, CISM, www.ere-security.ca Related content opinion File Sharing or Privacy Breaching Service? Beware! security weaknesses of file sharing services By Ron Lepofsky May 19, 2011 4 mins Cloud Security Security opinion Data Loss Prevention: Less Flip this Week Data leak prevention features and vendors. By Ron Lepofsky Apr 14, 2011 3 mins DLP Software Security opinion Data Loss Prevention: Solution in Search of a Problem? Benefits of DLP but they are not unique or new. By Ron Lepofsky Apr 06, 2011 4 mins DLP Software Security opinion Debriefing: NERC CIP 011 STatus of NERC CIP version 4, how to navigate NERC web page to find changes to the CIP standard By Ron Lepofsky Mar 31, 2011 4 mins Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe