Overview

EzFIM is a lightweight system service designed for Windows and Linux operating systems to provide a cost effective alternative to expensive File Integrity Monitoring (FIM) solutions. Due to its small footprint, low resource utilization, and affordability, EzFIM is the perfect solution to address the FIM requirements of today’s security and it meets the requirements of PCI DSS 11.5 compliance for retail merchants using Windows POS, Aloha POS or Linux POS.

EzFIM validates the integrity of operating system and application software files using a verification method between the current file state and a known good baseline. This comparison involves calculating a known cryptographic checksum of the file’s original baseline and compares it to the calculated checksum of the current state of the file. EzFIM then records the results in a standard syslog message which is then forwarded to any system or location such as an existing log collection system or SIEM to be included for security alerting, compliance reporting, and log retention.

Key Features

  • Highly configurable, EzFIM has the following features:
    • Configurable directory and file included and exclude lists
    • Configurable registry include and exclude lists
    • Configurable scan time or interval
    • EzFIM service stop/start monitoring/self-restart
    • EzFIM logs every time the service is started or stopped
    • EzFIM logs after every scan
    • Send to any log/SIEM service

How It Works

EzFIM can be customized to monitor files and registry keys that YOU define as critical. These critical items are monitored for any modifications, deletions, or creations. Once one of these actions has been detected, it triggers a syslog to be sent to your logging solution that contains data on what happened. By sending alerts as syslog over UDP or TCP, EzFIM can leverage your existing infrastructure for alerts and reports without forcing you to learn a new system.

Benefits

Since EzFIM utilizes existing infrastructure, there is no need to purchase costly hardware just to deploy a simple FIM solution. This also means that there is no need to learn an entirely new management system and instead makes use of your existing logging or SIEM solution, saving you time and money on training.

 

linkedin1
855.393.4666
sales@1440Security.com