Latest on critical Apache Log4j vulnerability   Read More >

Lacework Cloud Care

Whether you’re a Lacework customer or not, we’re here to help with our free Cloud Care, a Log4j rescue program. Get access to:

Collect, Identify and Report on File Changes

Watch Demo

Game-Changing File and Integrity Monitoring

Automate setup and eliminate the need for operations-intensive rule development and management in high-velocity cloud implementations

WATCH DEMO

icon VIEW SOLUTION BRIEF

File tampering poses a serious threat to the cloud environment. At Lacework, we recognize that File Integrity Monitoring (FIM) is more than a compliance checklist item, but is a critical requirement for an effective compliance mandate. Designed for high-velocity cloud implementations, Lacework’s FIM solution automates the setup and eliminates the need for operations-intensive rule development and management. Our innovative baselining technology keeps up with cloud changes while dramatically reducing false positives, so your security teams can focus on the file integrity monitoring changes that really matter.

Our file integrity monitoring solution also identifies malicious files and other anomalies within your cloud and container environments, determines the actors involved, and provides contextual alerts that empower your teams with actionable intelligence.

Automation with File Detection

The Lacework file integrity monitoring agent automates the process of collecting and recording files. Our agent records new files as they are added — including the hashes of the files as they change — displaying both the old and the new for easy comparison.

  • Our agent streams data back to the cloud platform to ensure that the information is reliably collected and stored
  • Once collected, the checksum is compared against curated threat databases to ensure that no known malicious files exist within the monitored environment
  • If a known malicious file is found within the environment, our platform sends a critical alert, allowing security teams to quickly investigate affected systems and begin additional research on the file, linking back to the VirusTotal database for threat summaries

This expedites the process of identifying files as well as the research needed to understand the impact of the malicious file.

Integrated and Comprehensive File Integrity Monitoring

  • Pinpoint exactly how a file changed, detecting changes in content, metadata, and whether the file was modified or simply appended
  • Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions
  • Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of five billion files
  • One-click investigation of events and activities related to FIM signals
  • Cloud-wide capabilities for search, file type summaries, and detection of new files

Cloud Scale and Speed

  • Automated configuration, file discovery, and operations
  • Scalable architecture with no added complexity or performance penalties
  • Included with all Lacework Cloud Security agents

File Security Meets Scale and Compliance

With Lacework, security teams can understand exactly how files have changed We add intelligence that extends to:

  • Information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions
  • One-click investigation of events and activities related to FIM signals
  • Cloud-wide capabilities for search, file type summaries, and detection of new files
  • Scalable architecture with no added complexity or performance penalties

FAQs About Lacework's File Integrity Monitoring System

Lacework’s file integrity monitoring solution creates a hash of files and compares these against known malicious file hashes. If a malicious file is detected, a critical alert is generated so you can take action.

FIM monitors all binaries associated with processes that are associated with network connections and a predefined list of directories/files once a day.

The default FIM scan interval is one scan per day. The interval was chosen to balance feature needs with CPU, memory and disk IO cost.

File integrity monitoring provides visibility into new and changed files: files with multiple executables, files installed without packages, and malicious files.

We partner with a 3rd party and compare the SHA256 file hash to a list of known malicious file hashes.

Lacework’s FIM solution looks inside the contents of the file and only sends the metadata and file hash.

No, the file contents are not examined by FIM or sent to Lacework.