cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bsdulay
Viewer

File Integrity Monitoring / DLP solutions?

Hello Community of Security Professionals 🙂

 

I am looking for a solution that can monitor a NAS / File Storage, and can quickly identify files that were affected of a malicious activity. Such as, an employee deleting hundreds of file in a short period of time; Files that were encrypted during a ransomware attack; etc.

 

The idea is to efficiently identify the files that were affected for efficient recovery. It is ideal to recover only specific files, rather than a whole drive; Identify who performed the malicious act for accountability; Reporting and alerting mechanism for quick action (I understand prevention is key, but this is for added layer of security for the unexpected).; Quick recovery for the files that were compromised.

 

Hoping to hear from you.

 

Many Thanks

4 Replies
Caute_cautim
Community Champion

Hi @bsdulay I went through a comprehensive assessment on behalf of a client recently.  I can privately share my recommendations, if you wish.

 

However, I went through a multitude of Open Systems, i.e. CFEngine, freeware, various licensing requirements, through to commercial solutions.

 

The top of the list, is normally Tripwire, but to be quite frank and objective, everyone must be trained to use it correctly, it generates lots and lots of false positives and needs a lot of support and maintenance. 

 

However, the Tripwire checklist is a great resource for validating and comparing other candidates.

 

Financial Institutions, use it extensively, but they invest in training their staff and maintain it.

 

However, in my case, given the client's circumstances, I put through a different recommendation based on NTT Change Tracker R2, as it was far more economical for this particular client, and included some good AI capabilities, great reporting facilities and integration with good support, and the overall resources requirements were ideal for the use cases required.

 

Regards

 

Caute_cautim

 

 

 

 

jksec
Newcomer I

For File Integrity Monitoring
Please check the software from Microfocus
" https://www.microfocus.com/en-us/products/netiq-change-guardian/overview"
Caute_cautim
Community Champion

@jksec   Asking questions of the organisation directly.  Many of these FIM solutions, pretend to be either add-ons to SIEMs or are actually a full blown SIEM themselves.  I will report back in due course.

 

Regards

 

Caute_Cautim

jksec
Newcomer I

@bsdulay Microfocus Change Guardian can redirect alerts to SIEM solutions like Sentinel (from Microfocus) and also work with other SIEM solutions i.e Splunk..etc