Log and track file changes across global IT systems.
Cloud solution for detecting and identifying critical changes, incidents, and risks resulting from normal and malicious events
Deploying FIM via a cloud-based security and compliance platform allows enterprises to easily scale these efforts and take advantage of a consolidated security solution to achieve compliance on a global scale, while reducing the high costs of multiple point products.Robert Ayoub Research Director, IDC
From Qualys FIM’s single console, you monitor critical assets for changes across diverse cloud and on-premises environments of all sizes, including the largest ones. This is made possible by a unique combination of Qualys Cloud Agent technology, broad platform support, unparalleled scalability, and a powerful but easy to configure real-time monitoring engine.
FIM detects changes efficiently in real time, leveraging similar approaches used in anti-virus technologies. Change notifications can be created for entire directory structures, or granularly at the file level. FIM also uses existing OS kernel signals to identify accessed files, instead of the compute-intensive approaches of other products. Events can be triggered for:
FIM collects critical change data from the system at the time the change occurs, to make it easier to investigate and correlate changes. It also logs watchlist matches and collects detailed data indicating things like:
Built on the Qualys Cloud Platform, FIM gives you robust scalability, performance and centralized management, while removing the need to purchase expensive servers and software to manage an on premises solution. This allows you to focus on event review and response.
The Qualys Cloud Agent is very lightweight and versatile, saving you from having to deploy and manage multiple point agents for different security tasks. Qualys Cloud Agent benefits include:
Extensive platform coverage:
Whether you need file integrity monitoring for PCI, change control enforcement, or another regulatory requirement, Qualys FIM is designed to be easy to configure, offering you maximum flexibility to tailor its capabilities to your organization’s specific needs.
You can get started quickly with out-of-the-box monitoring profiles, pre-configured and tuned to monitor critical operating system binaries, configuration files, and other files critical to the security of the operating system. The rules are tested and calibrated by Qualys for accuracy and to reduce alert “noise”.
You can configure as many custom monitoring profiles as needed for different situations and apply these dynamically to your devices. The FIM application will automatically consolidate rules from multiple profiles, freeing you from the complexity of configuring monitoring on individual agents. You can easily configure monitoring for each of the following and apply the configurations to the appropriate systems based on tags:
Find related events quickly and track statistics across your entire environment to classify internal changes, identify malicious activity, and provide crucial information during response. Powerful dashboards provide flexible customizable views to fit a variety of change management and compliance needs.
Qualys FIM logs and centrally tracks file change events across your global IT systems, making it easier than ever to investigate changes to assets, and discover if they are due to normal events or malicious activity.
With Qualys FIM, you can address all key security and compliance use cases that demand quick identification and tracking of changes to your IT assets including: