Tripwire's industry-leading FIM solution not only detects changes to files, but helps IT remediate unauthorized changes, reduce risk and maximize uptime.
Full Visibility of Changes
Capture all the changes and the details of who made the change and when.
Customized to You
Customize severities and scoring to reflect your risk profile and business context.
Auto-reconciliation of detected changes streamlines the monitoring process and differentiates good from bad changes.
FIM is a fundamental control and is part of almost every IT compliance regulation and IT security standard.
What is File Integrity Monitoring (FIM)?
FIM is technology that monitors and detects changes in files that may indicate a cyber attack. Unfortunately, for many organizations, FIM mostly means noise: too many changes, no context around these changes, and very little insight into whether a change actually poses a risk. FIM is a critical security control, but it must provide sufficient insight and actionable intelligence. “True FIM” is more than change detection. It helps you determine whether those changes are good or bad.
A true FIM process consists of the following steps:
1. Set policy: Start by defining your policy, identifying which files on which devices need to be monitored.
2. Baseline files: Then ensure the files you assess are in a known good state. This may involve evaluating version, creation and modification dates, or any other file attribute.
3. Monitor & Reconcile Changes: You may see hundreds of file changes on a normal day on a single system. Knowing a good change from a bad one is essential.
4. Alert: When unauthorized changes are detected, focus on the highest priority alerts and take corrective action before more damage is done.
5. Report: FIM is required for PCI compliance and most other standards. Clear reports with the ability to drill-down are important both for operational processes and audit compliance.
Know Who Changed Your Files
Most changes are intended to make improvements or to correct problems. However, just because a change is scheduled does not mean that it was actually made. Confirmation that a change was correctly applied is critical. Otherwise, issues you thought you resolved may not be. A true FIM solution needs to detect a change, and must also be able to compare that change against what was expected. Such capability provides independent confirmation of change processes and policies.
Critical Controls from the Inventor of File Integrity Monitoring
Tripwire’s file integrity monitoring empowers IT professionals to enforce change and configuration management policies. This can ensure compliance with internal governance, external regulatory requirements, and industry best practices. By adopting Tripwire IT automation solutions, organizations achieve a known and trusted state by automating compliance, mitigating security risk and improving operational efficiency.
Learn More About Tripwire's File Integrity and Change Monitoring
Tripwire Enterprise File Integrity Manager
Learn how Tripwire's own file integrity monitoring integrates change control data with other critical security controls.
File Integrity Monitoring (FIM) Buyer's Guide
When you need a file integrity monitoring (FIM) solution, it's important to get the features you need. This Buyer's Guide provides checklists to help you through this process.
Markets and Markets FIM Summary
View a comprehensive list of FIM vendors and global forecast to 2022
Need Help Understanding How Tripwire Adds Value to FIM?
A FIM solution should not only detect any changes to files, but also include capabilities that help IT immediately remediate issues caused by improper change.