|
McAfee Integrity Monitor Overview:
McAfee Real-time file Integrity Monitor (FIM)
is the capability to monitor files and
directories on a server for changes to content,
permissions, or both. Introduced in 2005, our
real-time file integrity monitoring goes beyond
“periodic” or scan-based file integrity monitoring,
to more effectively meet Payment Card Industry Data
Security Standard (PCI DSS) compliance.
Description:
When it comes to IT infrastructure, a strong
compliance posture requires two key components:
trusted state and safe change actions. Payment Card
Industry Data Security Standard (PCI DSS)
compliance, in particular, highlights the need for
safe change actions through the following
requirements:
- PCI Control 10.5.5: Use file integrity
monitoring and change detection software on logs
to ensure that existing log data cannot be
changed without generating alerts (although new
data being added should not cause an alert)
- PCI Control 11.5: Deploy file integrity
monitoring software to alert personnel to
unauthorized modification of critical system or
content files
Independent research indicates that these
requirements are among the least satisfied, with
almost 40% non-compliance. This is why many
organizations facing PCI DSS compliance are looking
at real-time file integrity monitoring solutions.
Anyone evaluating FIM solutions should be aware that
the technology in this area has evolved
significantly, and a new breed of solution is now
available. McAfee Integrity Monitor provides
real-time file integrity monitoring that goes beyond
“periodic” FIM tools, and eliminates the need to
perform any repeat system scans.
Benefits and Features:
Benefits:
- Avoid repeat scans with
real-time file integrity monitoring
Until now, meeting the file
integrity monitoring (FIM)
requirements of the PCI DSS has been
difficult. Previous tools have
merely provided “periodic” file
integrity monitoring, using
resource-intensive scans. McAfee
Integrity Monitor eliminates this
problem with real-time file
integrity monitoring, which
continuously detects all changes,
with a very low impact on resources.
Real-time FIM provides greater
information about every change,
including the user and program used
to make the change. It also
eliminates the need to perform scan
after scan on servers, databases,
and network devices. McAfee
Integrity Monitor provides this
level of monitoring across the
broadest set of platforms.
- Identify transient change
violations
When a file is changed
inappropriately, and then changed
back, it creates a transient
compliance violation. Periodic FIM
solutions are unable to detect this
violation. Because McAfee Integrity
Monitor is continuous, it captures
every change, and alerts you if
there is a transient violation—even
if that change is subsequently
reversed.
- Capture a rich set of
forensic data
McAfee Integrity Monitor captures details about
every change, including the exact time of the change,
who was logged into the machine at the time, what
processes (like editors) were running, and if the
change was made manually or by an authorized program.
This enables rapid investigation of change-related issues.
|
Features:
- Comprehensive change
detection
Because McAfee Integrity Monitor
delivers continuous monitoring, it
captures every single change. This
is important for sustaining
compliance, because it allows you to
see where your compliance policies
are being challenged, and addresses
inappropriate change at the source.
- Very low overhead operation
Periodic scans of the entire system
can be expensive and resource-intensive
because of the performance impact it can
have on applications. By contrast,
McAfee Integrity Monitor has negligible
impact to applications, because the
continuous approach to scanning only
deals with the changes that are
happening in real-time.
- Network change and configuration
monitoring
McAfee Integrity Monitor allows
organizations to establish configuration
standards for network devices, and
provides the capability to monitor the
compliance of the devices in real-time.
The software restores devices to known
configurations, and provides detailed
audit trails by user. Devices
can be manually added, or discovered
using simple network management protocol
(SNMP).
- Endorsed by leading qualified
security assessors (QSAs), auditors,
and other experts
Deployed in over 100 countries
across 5 continents, McAfee’s
real-time file integrity monitoring
is the preferred solution for
meeting PCI and operational control
requirements
|
System Requirements:
Supported Operating Systems (OS)
- Windows NT
- Windows 2000/2003/2008
- Windows XP/Vista
- Windows XPE
- Windows XP/Vista (64-bit)
- Windows 2003/2008 (64-bit)
- Red Hat EnterpriseLinux 3/4/5
- CentOS 4/5
- SUSE Enterprise Linux 9/10
- Oracle Enterprise Linux 5
- Solaris 8/9/10
- HP-UX 11.00/11.11/11.23
- AIX 5.2/5.3
- IBM i5/OS (AS400) V5R3/V5R4/V6R1
- IBM 4690 OS V5
Supported Databases
- Oracle 8i/9i/10g
- SQL Server 7/2000/2005
- DB2 8.x/9.x
- DB2 for iSeries V5R4
Supported VMware Hypervisors
- ESX 3.0.x/3i/3.5
- Virtual Center
- VMware Server 2.0
Network Devices
|
Vendor |
Device Type |
Supported Model/Series |
| Cisco |
IOS Switch
IOS Router
Firewall
IAD
Access Points
CatOS Switch
Access Server
Content Switch
ASA
Voice Gateway Devices
VPN Concentrators
MDS Switch |
All models
of Cisco IOS Switches
All models of Cisco IOS Routers
All models of Cisco PIX firewalls & FWSM
Modules
All models of Cisco IAD Devices
All models of Cisco Aironet Access
Points
All models of Cisco CatOS Switches
All models of Cisco Access Server models
All models of Cisco Content Switches
All models of Cisco ASA
SingleContext & Multiple Context Models
All models of Cisco Voice Gateway
Devices
All models of Cisco VPN
Concentrator Devices
All models of Cisco MDS Devices |
| HP |
Procurve
Switch
Procurve Access Point |
Switches &
Menu based 4000M & 8000M models
All models of HP Procurve AccessPoints |
| Foundry |
Switch |
Foundry
BigIron & FastIron Edge Switches |
| 3Com |
Switch |
All models
of 3Com menu based SuperStack switches |
| Fortinet |
FortiGate
Firewall |
All models
of FortiGate firewalls & FortiMail
devices |
| Juniper |
Netscreen
Firewall
J-Series Router |
All models
of Netscreen Firewalls
All models of Juniper J-Series Routers |
| Enterasys |
Switch |
All models
of Enterasys Matrix N Series Switches |
| ADTRAN |
LAN Switch |
All models
of ADTRAN LAN Switches |
| Nortel |
Passport
Switch
BayStack Switch
BayStack Business Policy Switch |
All models
of Nortel Passport 1600 Series, 8600
Series Switches
All models of Nortel BayStack Switches
All models of Nortel BayStack Business
Policy 2000 Series |
| Aruba |
WiFi
Switch |
All models
of Aruba WiFi Switches |
| Proxim |
Access
Points |
All models
of Proxim Access Points |
| Extreme |
Black
Diamond Switch
Summit Switch |
All models
of Extreme Black Diamond Switches
All models of Extreme Summit switches
running with Extremeware &
ExtremewareXOS |
| Force 10 |
Switch |
All models
of Force10 E, S & C Series Switches |
| Netgear |
Switch |
Netgear
Prosafe Switches |
| Dell |
Switch |
All models
of Dell Power Connect Switches |
| SlimLine |
Appliance |
All models
of SlimLine devices |
| DLink |
Switch |
DES 3010 ,
DES 3899 , DXS 3259 |
| Blue Coat |
Proxy SG |
All
BlueCoat ProxySG devices |
| Huawei |
Router |
All models
of Huawei AR Routers |
|
McAfee
Integrity Monitor