#1. Focus On Correctness Not Change.

The objective of any integrity monitoring solution should be to verify integrity/correctness, not to simply detect change. Detecting change is fundamentally flawed in two main ways. First, without knowing if a system is correct at the beginning, you may not know if changes are good or bad. 

Like so many people, I was saddened to learn of the passing of Wyatt Starnes over the weekend. To us, Wyatt was not just the founder of SignaCert, he was much more. He was our friend. Wyatt had an infectious personality and smile, and was a consummate entrepreneur and businessman. All of the SignaCert family mourns his death, but more importantly, we all celebrate his life!

The idea behind File Integrity Monitoring (FIM) is simple, straightforward and powerful. So you know there has to be a catch, right?

Once you have a system in a “known good” state, record that state so that you can capture all changes as the system drifts. That will give you something to alert you to changes, and provide you with a baseline upon which changes are compared. Take a look at everything that has changed and everything will become clear (supposedly). You will know what changed certainly, but will you know whether or not the change was ‘authorized’ change, or the dreaded ‘unauthorized’ change?

Taking the confusion out of IT compliance is a goal of mine. As Vice President of Product at SignaCert Inc., I concentrate on finding solutions that help IT departments reduce the resource drain caused by compliance mandates. Lucky for me, I have access to a top notch engineering department that has the same goal.

One of the great movie lines of the 1980s was uttered by Michael Keaton’s character, Jack, in the John Hughes movie Mr. Mom. With his manhood being tested by his wife’s new boss, Ron, Jack responds to a question regarding his home’s electrical wiring.

Ron: “Well, you going to make it all 220?”

Sometimes you just have to wonder, "What were they thinking?"

Nothing is off limits these days. Cybercriminals target nearly every aspect of our lives. Of course, one sort of expects big banks, retailers and the government to have large red circles around their firewalls, routers and servers; as many attackers do claim to be “ anti-establishment.”

Recently however, we’ve learned of a new target. In a recent Wall Street Journal article “Nursing Homes Are Exposed to Hacker Attacks” we learn that even the aged and infirm can be casualties.

Ever since I was a kid, I have loved stories about people finding hidden treasures, or recapturing bounty that was wrongfully stolen by people abusing their power. While I enjoy the swashbuckling and action parts of most of the classics, my favorite tales are those wherein the treasure hunters (or reclaimers) are heroes working for a more noble cause than simply their own profit. Yes, Captain Jack Sparrow is funny and charming, but I am thinking more like Robin Hood here. Robin and his Merry Men reclaimed monies that had been wrongfully taken from the poor… and then gave it back to them! The lads were charming, talented, confident and very good at what they did. But they used those talents for the greater good.

Welcome to the new Sherwood Forest: SignaCert.

Toney, JT and Charisse will all be on hand at RSA February 25th - 27th. Join them for a chat on automated, continuous compliance verification and monitoring. Or just join them for a beer.