If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring file hashes.
And FIM has staying power. It’s still around, and there are still new deployments. There aren’t a lot of security controls that continue to be valuable over such a long time frame. After all, knowing how and when files change is universally useful and pretty important to security.
Technology has evolved, however. While 1998 might have produced a killer 233Mhz CPU for your desktop, 2018 has driven your applications to the cloud. In the meantime, FIM itself hasn’t changed all that much. It’s still about detecting changes in files in most cases.
It’s time for FIM to grow up and evolve into integrity management.
Integrity management is the process of establishing baselines and monitoring for changes. It’s about defining a desired state and maintaining it. That concept is, ultimately, what information security is all about. FIM applies the concept very narrowly to files and maybe to some additional configuration elements.
Integrity management seeks to apply the concept to the entirety of your IT eco-system including systems, network devices, and cloud infrastructure. They might even occur outside of your organization as changes in the threat environment.