Introduction

One of the most important steps in deploying a host integrity monitoring system (HIMS) is to plan ahead. Every deployment scenario is different; however, all are driven by the demands and constraints of the security policy and the objectives for deploying a HIMS. The goal of planning a host integrity monitoring deployment is to increase the visibility of the integrity of your hosts without placing excessive demands on your administrative resources. If your deployment suffers from too much noise, it will be a wasted effort. More importantly, if it distracts from other critical security issues, it will be a failure. Proper planning can make a big difference in how you plan to use your integrity monitoring software, which features you decide to leverage, and which hosts you monitor.

This chapter provides practical information for planning every step of your deployment process, including the initial setup and build environments, agent deployment, establishing your management console, and administration.

Understanding the Big Picture

In many respects, host integrity monitoring is no different than any other tool used by security administrators: if not deployed correctly, it can be a real headache. The key to proper deployment is understanding that host integrity monitoring is just a drop in the bucket as far as overall security is concerned. The best deployments are the simplest ones, because they are the easiest to understand. If your deployment is so complicated that you must send your security administrators for additional training, you are off to a bad start.