Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Launches Disruptive File Integrity Monitoring Cloud App for Simplified Detection of Unauthorized Change and Policy Violations

New extension to Qualys Cloud Platform enables organizations of all sizes to centrally manage real-time change detection for global IT environments while reducing cost and complexity

REDWOOD CITY, Calif., – September 27, 2017 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced general availability of its highly scalable and centralized File Integrity Monitoring (FIM) Cloud App, a new extension to the Qualys Cloud Platform that reduces the cost and complexity of detecting policy and compliance-related changes across sprawling IT environments, and for compliance with increasingly prescriptive regulations.

Qualys FIM logs and centrally tracks file change events across global IT systems and a variety of enterprise operating systems to provide customers a simple way to achieve centralized cloud-based visibility of activity resulting from normal patching and administrative tasks, change control exceptions or violations, or malicious activity — then report on that system activity as part of compliance mandates.

“Increased regulations and growing security concerns are driving enterprises to consider larger, global FIM deployments,” said Rob Ayoub, Research Director in IDC’s Security Products program. “Deploying FIM via a cloud-based security and compliance platform will allow these enterprises to easily scale these efforts and take advantage of a consolidated security solution to achieve compliance on a global scale while reducing the high costs of multiple point products.”

“Current FIM tools have failed large organizations trying to scale across global IT environments, while smaller organizations struggle to get these critical security controls in place and address compliance requirements at a price they can afford,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Leveraging our Cloud Agent technology, the Qualys FIM Cloud App drastically reduces both the effort and cost required to monitor IT security and compliance globally and gain confidence in IT systems.”

Real-time change detection is necessary to achieve a solid base of operational hygiene across diverse cloud and on-premise environments containing rapidly changing assets, without putting undue strain on systems and budgets. It is also increasingly required by regulations such as the Payment Card Industry Data Security Standard (PCI DSS) as a mandatory control along with vulnerability management. As a cloud-based service, Qualys FIM allows teams to eliminate the expense of deploying and maintaining a point solution in order to globally comply with change control policy enforcement and change monitoring requirements.

Qualys FIM can be activated instantly via the same Qualys Cloud Agent used for assessing vulnerabilities and configurations. This single agent sends real-time critical change event data and supporting details to the cloud for efficient, cost-effective monitoring and correlation. A centralized dashboard and powerful event search engine help users mine that information to identify critical changes, incidents, and audit risks.

The initial release of the Qualys FIM app offers:

Easy setup and no maintenance: FIM deploys to endpoints via the single, lightweight Qualys Cloud Agent, which eliminates the need for managing separate agents for varied security solutions. The Qualys Cloud Agent is easy to deploy via silent installer, is self-patching and self-maintaining, eliminating the cost commonly associated with agent-based point security solutions.
Preconfigured content: FIM comes with out-of-the-box monitoring profiles for common compliance and audit requirements, including PCI mandates.
Real-time change engine: The Qualys Cloud Agent continuously monitors the files and directories specified in the monitoring profile and captures critical change metadata, such as which user and process were involved, making it very easy to correlate change events across an asset or an entire IT environment.
Minimal performance impact: All data storage, correlation and analysis is done in the cloud and tuned to have minimal impact on the monitored server and the network.
Integration with Asset Inventory (AI): Users can make use of dashboards and queries in Qualys AI to monitor changes within the context of asset groups.

Availability and Pricing
Qualys FIM is generally available to customers today. Pricing is based on number of assets where the Qualys Cloud Agent for FIM is installed and annual subscriptions start at $4,995.

Planned capabilities in future releases include the ability to view text file change details; change incident tracking; manual event review workflow; automated change event correlation; file history view; dynamic response prioritization; and integration with external change control approval systems.

Additional Resources:
● Follow Qualys on LinkedIn and Twitter
● Read more about Qualys File Integrity Monitoring
● Read more about the Qualys Cloud Agent

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.


Media Contact:
Tami Casey