With file integrity monitoring, IT professionals compare different versions of files against a baseline using tools like a "checksum" or hash "image" of a file, to spot important or significant changes. There are different aspects and processes involved in file integrity monitoring that make this valuable for enterprises and other parties.
One aspect of using file integrity monitoring is related to situations where file changes affect security. Individual IT professionals may look at different file changes or events in the context of an overall security system, for instance, evaluating the correlation between access or user events on a network, and file changes. This can be a general part of security monitoring, log monitoring and other kinds of network management processes.
Another very important aspect of file integrity monitoring is compliance with industry standards. In fact, experts note that many businesses only employ file integrity monitoring in order to stay compliant with standards in their industries. Examples of these standards include the Health Insurance Portability and Accountability Act (HIPAA) governing medical information, as well as Sarbanes-Oxley and PCI-DSS payment compliance regulations in the financial world. Many file integrity monitoring tools have defined compliance dashboards that help show business leaders more about compliance a glance.
A third aspect of file integrity monitoring involves directly looking for tampering to a file. Regular scanning with checksums or other methods can turn up instances of malicious or unauthorized changes to the file.
