Qualys File Integrity Monitoring (FIM) is a highly scalable and centralized cloud app that logs and centrally monitors file change events, in a hybrid environment for organizations of all sizes.

Qualys FIM provides customers with a simple way to monitor file systems for changes in real time, per compliance mandates such as PCI-DSS, HIPAA, GDPR, CCPA and FedRAMP.

It also provides continuous visibility into authorized versus unauthorized events resulting from administrative tasks, patching cycles, malicious activities and change control exceptions through intuitive dashboards. It also alerts the security teams of changes and incident reports for audit purpose.

As a cloud-based service, Qualys FIM allows teams to eliminate the expense and complexity of deploying and maintaining

point solutions to globally comply with change control policy enforcement and change monitoring requirements. Qualys

FIM seamlessly monitors file changes for cloud instances as well as on-premises and virtualized assets.

Monitor file changes in real time across global IT systems

File Integrity Monitoring

Deploying FIM via a cloud-based security and compliance platform allows enterprises to easily scale these efforts and take advantage of a consolidated security solution to achieve compliance on a global scale, while reducing the high costs of multiple point products.”

“

Robert AyoubResearch Director, IDC

Deciding and defining what to monitor is a challenge for most security

and compliance teams. With this in mind, Qualys FIM includes out-of-

the-box monitoring profiles, with well-defined rules and file paths to

monitor criticality for common compliance and audit requirements,

including PCI-DSS, GDPR, CCPA, HIPAA etc. based on industry best

practices and vendor-recommended guidelines.

Preconfigured monitoring profiles for compliance standards such as PCI-DSS

Features for Key Uses

Qualys FIM leverages the same Qualys cloud agent used for

vulnerability, configurations and asset inventory management,

reducing the agent’s footprint. The Qualys Cloud Agent

continuously monitors files and directories specified in the

monitoring profile, with minimum impact on the endpoint while

capturing critical data to identify changes along with environment

details such as time-period and users and process involved. The

app sends data to the Qualys Cloud Platform for analysis and

reporting, whether the systems are on premises, virtualized, in the

cloud, or remote. The Qualys Cloud Agent is self-updating and self-

healing, keeping itself up to date with no need to reboot.

Robust real-time change detection engine

The Qualys Cloud Platform allows you to scale to the largest

environments without having to purchase expensive server software,

hardware and storage. Performance impact on the endpoint is

minimized by efficiently monitoring for file changes locally using a

real-time detection driver and sending the data to the Qualys Cloud

Platform where the heavy work of analysis and correlation occur. The

platform, which manages and stores the FIM data, is FedRAMP

authorized and compliant to ISMS, SOC2 compliance requirements.

Scalable architecture that’s easy to manage on a secure platformThe real-time alerting mechanism in Qualys FIM helps you detect and

report the malicious, unauthorized, anomalous activities making

changes in your environment with enhanced visibility into the time of

changes, processes, users, and file paths involved in activities. To

avoid the drudgery of manually combing through thousands of

events, you can create incidents automatically through event

correlation rules, by defining the criteria of events and automatically

reviewing them through approval jobs. Qualys FIM also provides a

simple way to generate incident reports, with events for your internal

and external audit teams.

Alert, correlate, report

FIM in DevOps pipeline

Customers can easily integrate Qualys FIM into their

DevOps pipeline during the continuous deployment (CD)

phase for their on-premises systems as well as cloud

instances. Before the instances go into production,

monitoring of critical system and application files, per the

out-of-the-box PCI-DSS monitoring profile, can be

initiated for ready-to-go-live instances. Thus, once the

instances are in production, Qualys FIM provides

comprehensive assurance that critical file paths required

for system and applications are monitored for changes.

BenefitsAffordable with fast time to valueThe solution works cost effectively across global IT

environments while reducing the complexity and the effort

involved in deploying and managing multiple on-premises

products that are difficult to scale and maintain. The app

showcases FIM events within 5 minutes of starting the POC,

and it also integrates with other SIEM and log management

systems.

Qualys FIM leverages the Qualys Cloud for data storage,

correlation, and analysis.

Unified platform

Support for DevSecOps CI/CD integration, out of box support

for dynamic content updates, automated asset discovery

using Qualys Cloud Platform, and growing platform support

helps to address new threats and integrity violations to

meet compliance standards faster.

Continuous monitoring

Accurately detects problematic file integrity violations at

scale with minimal impact to monitored systems and

networks by collecting data with the lightweight Qualys

Cloud Agent.

Unparalleled precision, optimal performance

Whether you need FIM to meet your regulatory requirements such as

GDPR or meet various compliance standards, Qualys FIM is designed

to be easy to configure and flexible so you can tailor its capabilities to

your organization’s needs.

Leverage Qualys security analyst capabilities, reduce exposure

Out of box profiles

Manage profiles for Windows and Linux to meet PCI compliance. Profiles are updated regularly to allow for an ever-changing threat landscape and technology advances.

Custom profiles

Qualys FIM supports multiple profiles. Create profiles from scratch, develop custom profiles based on out-of-the-box profiles to cater to your custom application and environments.

Reduce exposure to threats

Leverage dynamic policy configuration based on asset tags to ensure new assets are discovered and automatically configured for FIM without IT or the security team’s involvement.

Support for DevSecOps CI/CD integration

FIM agent with PCI monitoring profile can be easily baked in CD phase of DevOps pipeline, so that instance images are set to monitor for file changes as soon as they are in production. Once in production, the golden images are continuously monitored for integrity changes to the system and application critical files.

The Qualys Cloud Agent technology couple with Qualys FIM allows for

the monitoring of all critical assets across diverse cloud, on-premises

and hybrid environments.

Efficiently track changes to files in environments of all sizes

Centralized event management, support open integration

Real-time detection

Detect change in your file systems in real time at the kernel/root level with minimal impact on system resources and network. Files and directories at any depth can be monitored using the FIM agent.

Context to detection

FIM event captures the exact date/time, logged-in user, process, and owner of the process details. Additional context further enhances the response capabilities.

Scalable Qualys Cloud Platform

With Qualys Cloud Agent, you can scale dynamically. Minimal setup coupled with hosted services for event management significantly reduces the demand on existing infrastructure further optimizing cost.

Seamless integration

Qualys FIM seamlessly integrates with other Qualys modules to provide comprehensive context of your security posture. A single Qualys Cloud Agent is leveraged to enable multiple capabilities.

Extensive platform coverage

Extensive coverage for all platforms – Microsoft Windows (servers and workstations) and Linux.

RESTful API for integration

Qualys FIM provides RESTful APIs for fetching events and incidents to be integrated with other log management, SIEM, and workflow management systems.

Splunk integration

Qualys FIM provides out-of-the-box integration support for Splunk integration.

Qualys FIM is a cloud solution for detecting and identifying critical changes, incidents, and risks resulting from normal and malicious events.

© 2020 Qualys, Inc. All rights reserved. 2/20

It’s an out-of-the-box solution that’s centrally managed and self-updating.

Request a full trial (unlimited-scope) atqualys.com/trial

With Qualys’ Cloud Agent technology, there’s no need to

schedule scan windows or manage credentials for scanning.

And Qualys Continuous Monitoring service lets you proactively

address potential threats whenever new vulnerabilities appear,

with real-time alerts to notify you immediately.

Qualys Cloud Platform is accessible directly in the browser, no

plugins necessary. With an intuitive, single-pane-of-glass user

interface for all its apps, it lets you customize dashboards, drill down

into details, and generate reports for teammates and auditors.

Respond to threats immediately

See the results in one place, anytime, anywhere

On-premises, at endpoints or in the cloud, the Qualys Cloud

Platform sensors are always on, giving you continuous 2-second

visibility of all your IT assets. Remotely deployable, centrally

managed and self-updating, the sensors come as physical or

virtual appliances, or lightweight agents.

Qualys Cloud Platform provides an end-to-end solution, allowing

you to avoid the cost and complexities that come with managing

multiple security vendors. The Qualys Cloud Platform

automatically gathers and analyzes security and compliance data

in a scalable, state-of-the-art backend, and provisioning additional

cloud apps is as easy as checking a box.

Sensors that provide continous visibility

All data analyzed in real time

Powered by the Qualys Cloud Platform – the revolutionary architecture that powers

Qualys’ IT security and compliance cloud apps

AI

AssetInventory

PM

PatchManagement

WAS

Web Application Scanning

VM

Vulnerability Management

CI

CloudInventory

SCA

Security Configuration Assessment

SAQ

Security Assessment Questionnaire

SYN

CMDBSync

IOC

Indication of Compromise

WAF

Web Application Firewall

TP

ThreatProtection

CSA

Cloud Security Assessment

PCI

PCICompliance

OCA

Out of Band Configuration Assessment

CRI

CertificateInventory

CRA

CertificateAssessment

PC

PolicyCompliance

CM

ContinuousMonitoring

CS

ContainerSecurity

FIM

File Integrity Monitoring

Qualys apps are fully integrated and natively share the data they collect for real-time analysis and correlation. Provisioning another app is as easy as checking a box.

Cloud Platform Apps