Monitor integrity violations across global IT systems in real time.
Cloud solution for detecting and alerting on integrity violations of critical system files and registry objects
Deploying FIM via a cloud-based security and compliance platform allows enterprises to easily scale these efforts and take advantage of a consolidated security solution to achieve compliance on a global scale, while reducing the high costs of multiple point products.Robert Ayoub Research Director, IDC
Continuously monitor critical assets for changes across diverse cloud and on-premises environments of all sizes, including the largest ones. This is made possible by a unique combination of Qualys Cloud Agent technology, broad platform support, unparalleled scalability, and a powerful but easy to configure real-time monitoring engine.
Qualys File Integrity Management captures advanced insights into file changes, including the ‘who-data’ for the event i.e., the user and process responsible for the change along with other critical details like the name of the file, asset details and the exact timestamp.
Extensive platform coverage comprising a variety of Windows and Linux platforms.
Qualys FIM enriches the event data with threat intelligence by adding Trusted Source and File Reputation context that control noise and prioritize events.
Qualys’ in-house security analysts, with their deep insight and rich subject-matter expertise, provide out-of-the-box profiles to monitor highly critical files, registry objects, and actions. This helps you to kick-start your monitoring efforts and comply with PCI DSS (sections 10.5.5. and 11.5) and various other compliance standards such as NERC CIP (CIP 010), FISMA, SOX, NIST (SI7), HIPAA, CIS controls, and GDPR
Real-time alerting and automated incident management includes pre-configured queries for managing common, potentially unauthorized activities. The queries in the Qualys FIM Rule Library are created by Qualys’ team of security experts to provide you with a solution that’s intuitive and easy to implement. These queries can be used for creating rules for alerts and incidents. All you must do is import the queries from the library and use them to create correlation and alert rules.
Export to the ELK stack for further correlation: The FIM APIs are designed to enable easy custom integrations. The rich FIM API set produces data in well-defined and structured JSON format which can be easily exported to the ELK stack.
Report via native Splunk integration: The Qualys App for Splunk Enterprise with TA provides a dashboard for Qualys FIM events data. It pulls and indexes the data to produce dashboards and reports. The dashboard gives quick information bites on total changes, events by severity, and file and directory changes by change action. It also has widgets to show top changes by user, process, and operating system. You also have options to search for Qualys FIM events, ignored events, and incidents.
Innovative MITRE ATT&CK and NIST dashboards in Qualys FIM comprise several widgets specific to the techniques included in these frameworks that are populated with data as soon as any malicious activity is detected. Qualys FIM alerts on all unauthorized activities, making it a true FIM solution.
High focus on information security: Combined with MITRE ATT&CK assessment, the Enterprise TruRisk Platform meets the US Federal Risk and Authorization Management Program (FedRAMP) Moderate impact level, and the information security policies and procedures are aligned with the NIST controls.