Cloud-based (FILE) Integrity Monitoring

If you are a system administrator or have ever worked with security, you probably heard the terms file integrity monitoring or file integrity checking. If you didn’t, you at least heard of tripwire or OSSEC or AIDS (they are popular open source file integrity checking tools).

How do they work? Generally they are installed on a server, where they create a cryptographic checksum of all the critical files (and registry entries) and if/when something changes you get an alert. Useful, no? So, if an attacker (or anyone) goes and modify your hosts file you would get the alert: “File /etc/hosts has been modified”.

Yes, very useful!

However, as we move to a cloud-based world, how can this still work?

Your email is now stored at gmail, your Whois data is stored at a registrar that you don’t control either. Your DNS may be hosted outside too, where you can’t verify locally if the zones have been changed. Your sites may be hosted a multiple locations outside your control.

How do you guarantee that the integrity of your data is intact? How do you guarantee that the integrity of your Internet presence (of your brand, your site) is intact?

If you remember the last time twitter was hacked, the attackers didn’t get access to their servers, but they attacked their registrar and modified the DNS to point to another system. Nothing that twitter could have protected from the inside.

That’s where cloud-based (or web-based) integrity monitoring comes into play. As we become more decentralized, we need a way to verify that our external data is still safe.

Well, that’s what our company does. We offer a cloud-based Integrity monitoring solution that verifies that your Internet presence have not been altered. We monitor your DNS, your Whois information, your web sites, your blacklist status (at multiple databases), your SSL certificates, and alert you whenever their integrity is changed.

How useful is it? As the integrity of your data changes, it allows us to detect malware injection, spam, defacements, attempts to steal domains, database errors and even if your site just went offline. Curious to try? visit: http://sucuri.net and let us know what you think.