Content
McAfee Integrity Monitor
Real-time file integrity monitoring (FIM)
FIM is the capability to monitor files and directories on a server for changes to content, permissions, or both. Introduced in 2005, our real-time file integrity monitoring goes beyond “periodic” or scan-based file integrity monitoring, to more effectively meet Payment Card Industry Data Security Standard (PCI DSS) compliance.
Tab Navigation
Benefits and Features
Benefits:
- Avoid repeat scans with real-time file integrity monitoring
Until now, meeting the file integrity monitoring (FIM) requirements of the PCI DSS has been difficult. Previous tools have merely provided “periodic” file integrity monitoring, using resource-intensive scans. McAfee Integrity Monitor eliminates this problem with real-time file integrity monitoring, which continuously detects all changes, with a very low impact on resources. Real-time FIM provides greater information about every change, including the user and program used to make the change. It also eliminates the need to perform scan after scan on servers, databases, and network devices. McAfee Integrity Monitor provides this level of monitoring across the broadest set of platforms. - Identify transient change violations
When a file is changed inappropriately, and then changed back, it creates a transient compliance violation. Periodic FIM solutions are unable to detect this violation. Because McAfee Integrity Monitor is continuous, it captures every change, and alerts you if there is a transient violation—even if that change is subsequently reversed. - Capture a rich set of forensic data
McAfee Integrity Monitor captures details about every change, including the exact time of the change, who was logged into the machine at the time, what processes (like editors) were running, and if the change was made manually or by an authorized program. This enables rapid investigation of change-related issues.
Features:
- Comprehensive change detection
Because McAfee Integrity Monitor delivers continuous monitoring, it captures every single change. This is important for sustaining compliance, because it allows you to see where your compliance policies are being challenged, and addresses inappropriate change at the source. - Very low overhead operation
Periodic scans of the entire system can be expensive and resource-intensive because of the performance impact it can have on applications. By contrast, McAfee Integrity Monitor has negligible impact to applications, because the continuous approach to scanning only deals with the changes that are happening in real-time. - Network change and configuration monitoring
McAfee Integrity Monitor allows organizations to establish configuration standards for network devices, and provides the capability to monitor the compliance of the devices in real-time. The software restores devices to known configurations, and provides detailed audit trails by user. Devices can be manually added, or discovered using simple network management protocol (SNMP). - Endorsed by leading qualified security assessors (QSAs), auditors, and other experts
Deployed in over 100 countries across 5 continents, McAfee’s real-time file integrity monitoring is the preferred solution for meeting PCI and operational control requirements
Description:
When it comes to IT infrastructure, a strong compliance posture requires two key components: trusted state and safe change actions. Payment Card Industry Data Security Standard (PCI DSS) compliance, in particular, highlights the need for safe change actions through the following requirements:
- PCI Control 10.5.5: Use file integrity monitoring and change detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert)
- PCI Control 11.5: Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system or content files
Independent research indicates that these requirements are among the least satisfied, with almost 40% non-compliance. This is why many organizations facing PCI DSS compliance are looking at real-time file integrity monitoring solutions. Anyone evaluating FIM solutions should be aware that the technology in this area has evolved significantly, and a new breed of solution is now available. McAfee Integrity Monitor provides real-time file integrity monitoring that goes beyond “periodic” FIM tools, and eliminates the need to perform any repeat system scans.
System Requirements:
Supported Operating Systems (OS)
- Windows NT
- Windows 2000/2003/2008
- Windows XP/Vista
- Windows XPE
- Windows XP/Vista (64-bit)
- Windows 2003/2008 (64-bit)
- Red Hat Enterprise Linux 3/4/5
- CentOS 4/5
- SUSE Enterprise Linux 9/10
- Oracle Enterprise Linux 5
- Solaris 8/9/10
- HP-UX 11.00/11.11/11.23/11.31
- AIX 5.2/5.3/6.1
- IBM i5/OS (AS400) V5R3/V5R4/V6R1
- IBM 4690 OS V5
Supported Databases
- Oracle 8i/9i/10g
- SQL Server 7/2000/2005
- DB2 8.x/9.x
- DB2 for iSeries V5R4
Supported VMware Hypervisors
- ESX 3.0.x/3i/3.5
- Virtual Center
- VMware Server 2.0
Network Devices
| Vendor | Device Type | Supported Model/Series |
| Cisco | IOS Switch | All models of Cisco IOS Switches |
| IOS Router | All models of Cisco IOS Routers | |
| Firewall | All models of Cisco PIX firewalls & FWSM Modules | |
| IAD | All models of Cisco IAD Devices | |
| Access Points | All models of Cisco Aironet Access Points | |
| CatOS Switch | All models of Cisco CatOS Switches | |
| Access Server | All models of Cisco Access Server models | |
| Content Switch | All models of Cisco Content Switches | |
| ASA | All models of Cisco ASA SingleContext & Multiple Context Models | |
| Voice Gateway Devices | All models of Cisco Voice Gateway Devices | |
| VPN Concentrators | All models of Cisco VPN Concentrator Devices | |
| MDS Switch | All models of Cisco MDS Devices | |
|
|
||
| HP | Procurve Switch | Switches & Menu based 4000M & 8000M models |
| Procurve Access Point | All models of HP Procurve AccessPoints | |
|
|
||
| Foundry | Switch | Foundry BigIron & FastIron Edge Switches |
|
|
||
| 3Com | Switch | All models of 3Com menu based SuperStack switches |
|
|
||
| Fortinet | FortiGate Firewall | All models of FortiGate firewalls & FortiMail devices |
|
|
||
| Juniper | Netscreen Firewall | All models of Netscreen Firewalls |
| J-Series Router | All models of Juniper J-Series Routers | |
|
|
||
| Enterasys | Switch | All models of Enterasys Matrix N Series Switches |
|
|
||
| ADTRAN | LAN Switch | All models of ADTRAN LAN Switches |
|
|
||
| Nortel | Passport Switch | All models of Nortel Passport 1600 Series, 8600 Series Switches |
| BayStack Switch | All models of Nortel BayStack Switches | |
| BayStack Business Policy Switch | All models of Nortel BayStack Business Policy 2000 Series | |
|
|
||
| Aruba | WiFi Switch | All models of Aruba WiFi Switches |
|
|
||
| Proxim | Access Points | All models of Proxim Access Points |
|
|
||
| Extreme | Black Diamond Switch | All models of Extreme Black Diamond Switches |
| Summit Switch | All models of Extreme Summit switches running with Extremeware & ExtremewareXOS | |
|
|
||
| Force 10 | Switch | All models of Force10 E, S & C Series Switches |
|
|
||
| Netgear | Switch | Netgear Prosafe Switches |
|
|
||
| Dell | Switch | All models of Dell Power Connect Switches |
|
|
||
| SlimLine | Appliance | All models of SlimLine devices |
|
|
||
| DLink | Switch | DES 3010 , DES 3899 , DXS 3259 |
|
|
||
| Blue Coat | Proxy SG | All BlueCoat ProxySG devices |
|
|
||
| Huawei | Router | All models of Huawei AR Routers |
