File integrity monitoring
File integrity monitoring definition
File integrity monitoring (FIM) is an internal control and IT security process that runs tests on files to see whether they have been corrupted or tampered with, which is often a sign of a cyberattack. These files include the operating system, database, directories, network devices, and application software files.
Additionally, file integrity monitoring uses reactive or forensic auditing and proactive or rule-based monitoring to validate the integrity of the operating system and software files. Moreover, it compares the files with an established and trusted baseline, which is used to detect whether a file has been changed or compromised.
When a change in a file is detected that differs from the baseline, it triggers an alert that the file integrity monitoring tool has set up so that the company’s IT experts can investigate the file and take the necessary actions.
The importance of file integrity monitoring
- Tells the company which files have been corrupted during a cyberattack, enabling its IT experts to make the necessary changes.
- Detects file changes that admins or other employees have unintentionally made so that no vulnerabilities are created as a result.
- Checks whether the files are using the latest versions and security patches.
- Ensures compliance with multiple laws and regulations, including GLBA, SOX, HIPAA and PCI DSS.