Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Qualys File Integrity Monitoring (FIM) is a highly scalable and centralized cloud app that logs and centrally monitors file change events, in a hybrid environment for organizations of all sizes.
Qualys FIM provides customers with a simple way to monitor file systems for changes in real time, per compliance mandates such as PCI-DSS, HIPAA, GDPR, CCPA and FedRAMP.
It also provides continuous visibility into authorized versus unauthorized events resulting from administrative tasks, patching cycles, malicious activities and change control exceptions through intuitive dashboards. It also alerts the security teams of changes and incident reports for audit purpose.
As a cloud-based service, Qualys FIM allows teams to eliminate the expense and complexity of deploying and maintaining
point solutions to globally comply with change control policy enforcement and change monitoring requirements. Qualys
FIM seamlessly monitors file changes for cloud instances as well as on-premises and virtualized assets.
Monitor file changes in real time across global IT systems
File Integrity Monitoring
Deploying FIM via a cloud-based security and compliance platform allows enterprises to easily scale these efforts and take advantage of a consolidated security solution to achieve compliance on a global scale, while reducing the high costs of multiple point products.”
“
Robert AyoubResearch Director, IDC
Deciding and defining what to monitor is a challenge for most security
and compliance teams. With this in mind, Qualys FIM includes out-of-
the-box monitoring profiles, with well-defined rules and file paths to
monitor criticality for common compliance and audit requirements,
including PCI-DSS, GDPR, CCPA, HIPAA etc. based on industry best
practices and vendor-recommended guidelines.
Preconfigured monitoring profiles for compliance standards such as PCI-DSS
Features for Key Uses
Qualys FIM leverages the same Qualys cloud agent used for
vulnerability, configurations and asset inventory management,
reducing the agent’s footprint. The Qualys Cloud Agent
continuously monitors files and directories specified in the
monitoring profile, with minimum impact on the endpoint while
capturing critical data to identify changes along with environment
details such as time-period and users and process involved. The
app sends data to the Qualys Cloud Platform for analysis and
reporting, whether the systems are on premises, virtualized, in the
cloud, or remote. The Qualys Cloud Agent is self-updating and self-
healing, keeping itself up to date with no need to reboot.
Robust real-time change detection engine
The Qualys Cloud Platform allows you to scale to the largest
environments without having to purchase expensive server software,
hardware and storage. Performance impact on the endpoint is
minimized by efficiently monitoring for file changes locally using a
real-time detection driver and sending the data to the Qualys Cloud
Platform where the heavy work of analysis and correlation occur. The
platform, which manages and stores the FIM data, is FedRAMP
authorized and compliant to ISMS, SOC2 compliance requirements.
Scalable architecture that’s easy to manage on a secure platformThe real-time alerting mechanism in Qualys FIM helps you detect and
report the malicious, unauthorized, anomalous activities making
changes in your environment with enhanced visibility into the time of
changes, processes, users, and file paths involved in activities. To
avoid the drudgery of manually combing through thousands of
events, you can create incidents automatically through event
correlation rules, by defining the criteria of events and automatically
reviewing them through approval jobs. Qualys FIM also provides a
simple way to generate incident reports, with events for your internal
and external audit teams.
Alert, correlate, report
FIM in DevOps pipeline
Customers can easily integrate Qualys FIM into their
DevOps pipeline during the continuous deployment (CD)
phase for their on-premises systems as well as cloud
instances. Before the instances go into production,
monitoring of critical system and application files, per the
out-of-the-box PCI-DSS monitoring profile, can be
initiated for ready-to-go-live instances. Thus, once the
instances are in production, Qualys FIM provides
comprehensive assurance that critical file paths required
for system and applications are monitored for changes.
BenefitsAffordable with fast time to valueThe solution works cost effectively across global IT
environments while reducing the complexity and the effort
involved in deploying and managing multiple on-premises
products that are difficult to scale and maintain. The app
showcases FIM events within 5 minutes of starting the POC,
and it also integrates with other SIEM and log management
systems.
Qualys FIM leverages the Qualys Cloud for data storage,
correlation, and analysis.
Unified platform
Support for DevSecOps CI/CD integration, out of box support
for dynamic content updates, automated asset discovery
using Qualys Cloud Platform, and growing platform support
helps to address new threats and integrity violations to
meet compliance standards faster.
Continuous monitoring
Accurately detects problematic file integrity violations at
scale with minimal impact to monitored systems and
networks by collecting data with the lightweight Qualys
Cloud Agent.
Unparalleled precision, optimal performance
Whether you need FIM to meet your regulatory requirements such as
GDPR or meet various compliance standards, Qualys FIM is designed
to be easy to configure and flexible so you can tailor its capabilities to
your organization’s needs.
Leverage Qualys security analyst capabilities, reduce exposure
Out of box profiles
Manage profiles for Windows and Linux to meet PCI compliance. Profiles are updated regularly to allow for an ever-changing threat landscape and technology advances.
Custom profiles
Qualys FIM supports multiple profiles. Create profiles from scratch, develop custom profiles based on out-of-the-box profiles to cater to your custom application and environments.
Reduce exposure to threats
Leverage dynamic policy configuration based on asset tags to ensure new assets are discovered and automatically configured for FIM without IT or the security team’s involvement.
Support for DevSecOps CI/CD integration
FIM agent with PCI monitoring profile can be easily baked in CD phase of DevOps pipeline, so that instance images are set to monitor for file changes as soon as they are in production. Once in production, the golden images are continuously monitored for integrity changes to the system and application critical files.
The Qualys Cloud Agent technology couple with Qualys FIM allows for
the monitoring of all critical assets across diverse cloud, on-premises
and hybrid environments.
Efficiently track changes to files in environments of all sizes
Centralized event management, support open integration
Real-time detection
Detect change in your file systems in real time at the kernel/root level with minimal impact on system resources and network. Files and directories at any depth can be monitored using the FIM agent.
Context to detection
FIM event captures the exact date/time, logged-in user, process, and owner of the process details. Additional context further enhances the response capabilities.
Scalable Qualys Cloud Platform
With Qualys Cloud Agent, you can scale dynamically. Minimal setup coupled with hosted services for event management significantly reduces the demand on existing infrastructure further optimizing cost.
Seamless integration
Qualys FIM seamlessly integrates with other Qualys modules to provide comprehensive context of your security posture. A single Qualys Cloud Agent is leveraged to enable multiple capabilities.
Extensive platform coverage
Extensive coverage for all platforms – Microsoft Windows (servers and workstations) and Linux.
RESTful API for integration
Qualys FIM provides RESTful APIs for fetching events and incidents to be integrated with other log management, SIEM, and workflow management systems.
Splunk integration
Qualys FIM provides out-of-the-box integration support for Splunk integration.
Qualys FIM is a cloud solution for detecting and identifying critical changes, incidents, and risks resulting from normal and malicious events.
© 2020 Qualys, Inc. All rights reserved. 2/20
It’s an out-of-the-box solution that’s centrally managed and self-updating.
Request a full trial (unlimited-scope) atqualys.com/trial
With Qualys’ Cloud Agent technology, there’s no need to
schedule scan windows or manage credentials for scanning.
And Qualys Continuous Monitoring service lets you proactively
address potential threats whenever new vulnerabilities appear,
with real-time alerts to notify you immediately.
Qualys Cloud Platform is accessible directly in the browser, no
plugins necessary. With an intuitive, single-pane-of-glass user
interface for all its apps, it lets you customize dashboards, drill down
into details, and generate reports for teammates and auditors.
Respond to threats immediately
See the results in one place, anytime, anywhere
On-premises, at endpoints or in the cloud, the Qualys Cloud
Platform sensors are always on, giving you continuous 2-second
visibility of all your IT assets. Remotely deployable, centrally
managed and self-updating, the sensors come as physical or
virtual appliances, or lightweight agents.
Qualys Cloud Platform provides an end-to-end solution, allowing
you to avoid the cost and complexities that come with managing
multiple security vendors. The Qualys Cloud Platform
automatically gathers and analyzes security and compliance data
in a scalable, state-of-the-art backend, and provisioning additional
cloud apps is as easy as checking a box.
Sensors that provide continous visibility
All data analyzed in real time
Powered by the Qualys Cloud Platform – the revolutionary architecture that powers
Qualys’ IT security and compliance cloud apps
AI
AssetInventory
PM
PatchManagement
WAS
Web Application Scanning
VM
Vulnerability Management
CI
CloudInventory
SCA
Security Configuration Assessment
SAQ
Security Assessment Questionnaire
SYN
CMDBSync
IOC
Indication of Compromise
WAF
Web Application Firewall
TP
ThreatProtection
CSA
Cloud Security Assessment
PCI
PCICompliance
OCA
Out of Band Configuration Assessment
CRI
CertificateInventory
CRA
CertificateAssessment
PC
PolicyCompliance
CM
ContinuousMonitoring
CS
ContainerSecurity
FIM
File Integrity Monitoring
Qualys apps are fully integrated and natively share the data they collect for real-time analysis and correlation. Provisioning another app is as easy as checking a box.
Cloud Platform Apps