Get more information about the advantages and limitations of Agentless Integrity Monitoring feature.
In Deep Security 7.5, Integrity Monitoring feature is only available in the Deep Security Agent. In Deep Security 8.0, the DSVA now also provides Integrity Monitoring to protect Agentless virtual machines.
The advantages and limitations of Agentless Integrity Monitoring are as follows:
- Integrity Monitoring is a Host Intrusion Detection (HID) feature that detects changes to select system areas by comparing the current condition of these areas with a hash-based baseline.
- Integrity Monitoring allows you to monitor specific elements on a computer for changes. Deep Security has the ability to monitor installed software, running services, processes, files, directories, listening ports, registry keys, and registry values. It functions by performing a baseline scan of the elements on the computer specified in the assigned rules and then periodically rescanning those elements to look for changes.
- The Deep Security Manager ships with predefined Integrity Monitoring Rules and new Integrity Monitoring Rules are provided in Security Updates.
- Integrity Monitoring can monitor only files.
- Manual or Scheduled Integrity Scan is available. Real Time Scan is not supported.