I’m continually amazed at how often HIPS is confused with FIM. I guess I shouldn’t be.

Here’s a simple definition:

File Integrity Monitoring (FIM): FIM established a baseline value for the content, presence, and permissions of files on a system (application, binaries, config files, documents – they are ALL FILES). If a change is detected, an alert is raised. Examples of FIM are Samhain, McAfee PCI Pro (formerly Solidcore), Osiris, Tripwire, and nCircle CCM.

Host Intrusion Prevention System (HIPS): HIPS’s are in essence the same as Network Intrusion Detection/Prevention Systems except that they run on hosts. This is useful when you have, for example, point to point IPSec tunneling between your servers which would stop a NIPS/NIDS from detecting anything inside the tunnel (NIPS/NIDS are all but useless is the traffic they are monitoring  is encrypted). Examples are Snort, and just about all of the anti-virus vendors “End point” product now include some sort of HIPS.

This is the REALLY important part if the only reason your are interested is to comply with the PCI DSS:

HIPS will NOT get you compliant with PCI DSS 11.5 Deploy file-integrity monitoring software to alert personnel to
unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

Just the same…

FIM will NOT get you compliant with PCI DSS 11.4 Use intrusion-detection systems, and/or intrusion-prevention systems to monitor all traffic in the cardholder data environment and alert personnel to suspected compromises. Keep all intrusion-detection and prevention engines up-to-date.

Related articles by Zemanta

• Facebook Joins with McAfee to Clean Up Malware on Site (bits.blogs.nytimes.com)
• Security through diversity (cdixon.org)
• Ingenico Unveils Strategy to Provide Secure End-to-End Solutions for Merchants in North America (pindebit.blogspot.com)