In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53 and other security control catalogs that enable integrity management. This discussion begs two questions: what is integrity management, and what does it do?
A Breakdown of Integrity Management
Integrity management is the process by which organizations work to ensure the integrity of their data. Their interest is to make sure they can trust their stored data. As such, they need to protect their corporate information against tampering from attackers. Ron Ross, a fellow at the National Institute of Standards and Technology (NIST), expands upon the importance of systems and data integrity for organizations:
“Integrity is one of the three pillars of cybersecurity. Establishing strong configuration settings and ensuring that changes to software and firmware are strictly controlled, can promote integrity and reduce an organization’s susceptibility to cyber-attacks that can have devastating effects on organizational missions and business functions. Configuration management and control are critical components in a robust and holistic cybersecurity program—facilitating both system and data integrity.”
At its core, integrity management is made up of countermeasures and safeguards which organizations can use to assess for vulnerabilities and monitor for weaknesses on their networks. These protections, if implemented correctly, help prevent the majority of breaches from occurring. As such, they are effective in reducing an enterprise's attack surface and addressing operational risks in business-critical systems.
How NIST and Tripwire Play a Part
Many standards already contain a number of security controls that go to the heart of data integrity. Take NIST Special Publication 800-53, for instance. Underpinned by NIST's Cybersecurity Framework, this document emphasizes the implementation of log management, vulnerability management, change management (also known as file integrity management), secure configuration management and asset discovery/management. Professionals can use those controls to identify points of risk that should be communicated to C-level executives. Recognizing the utility of the Cybersecurity Framework and other special publications, Tripwire has designed its solutions to emphasize foundational controls that closely align with NIST's guidance. These utilities support automation, monitoring and configuration management, to name a few, within the context of different environments. They even help harden industrial setting, per Tripwire's ICS cyber resiliency suite. David Meltzer, chief technology officer at Tripwire, says this underscoring of integrity management is one of Tripwire's key advantages:
"In so many ways, Tripwire is better positioned than most cybersecurity vendors to provide the critical components of good, solid foundational cybersecurity programs... from asset identification to vulnerability assessment to change identification and impact. We've got the tools that work together to solve integrity management challenges and they can do it at a scale better than most. So, we are uniquely positioned in a lot of ways to respond to the breadth of the NIST expectations for critical infra- structure organizations and beyond."
To learn how Tripwire can help ensure the integrity of your organization's files, click here. You can also learn more about integrity management in general by downloading this whitepaper.
5 Things Your FIM Solution Should Be Doing for You
Discover the pivotal role of File Integrity Monitoring in maintaining system security and compliance with major standards. Tripwire Enterprise stands out as an advanced solution, offering real-time detection and detailed context for system changes, making it a superior choice for robust cybersecurity.