File Integrity Monitoring
File Integrity Monitoring (FIM) safeguards systems by establishing a baseline of normal file and system configurations. It continuously monitors these parameters in real time, promptly alerting the security team or IT administrators when unauthorized changes occur. FIM helps mitigate threats early, ensures compliance with regulations, detects insider threats, protects critical assets, and provides valuable forensic assistance after security incidents.
FIM’s role is to ensure that the digital realm remains secure and impervious to unauthorized alterations. You can use native tools built into a Windows operating system by running the sfc/scannow
command using admin privileges.
The following code snippet presents an example of this, running System File Checker to ensure files maintain their integrity. Note that some files were corrupted and repaired:
Figure 18.5: Output of the file integrity monitor