File Integrity Monitoring gives analysts a problem. While they all wholeheartedly endorse this critical security control, none can agree where it should reside in terms of the already-defined technology sectors.

So where has the Magic Quadrant for FIM gone?

There are market sectors for SIEM, Vulnerability Scanning, and for Configuration Management, and a case can be made for bundling FIM within any or all of these technology groups. Indeed, there are plenty of manufacturers with products within these markets that include integrity monitoring features (although typically in these instances, FIM is only really an afterthought, an add-on to beef up the marketing-brochure features checklist)

In the era of 'influencer marketing', where reviews, followers and likes count, analyst opinion still carries weight in the Enterprise IT industry. However, in terms of giving a clear assessment of file integrity monitoring vendors, there is no dedicated analyzed market, and that means there is no magic quadrant. In fact, there are no quadrants at all?

On the face of it, this seems to be a paradox: if you drew a Venn diagram showing organizations subscribing to analyst services, and organizations subject to regular audits of their security controls, they would align exactly.

Equally, all the facets of FIM as a security control feature heavily in all the governance/regulatory standards. NIST 800, PCI DSS, SOX, NERC CIP and HIPAA all call for configuration hardening and change control, with most explicitly mandating the need for integrity monitoring and change detection.

In other words, the very organizations forming the market for the analysts are the ones with greatest need for awareness and understanding of the FIM market. And yet...

NNT have made the case to the analyst community that the market wants an Integrity Management sector, but while there remains insufficient demand from analyst subscribers to warrant a change, we are left with the current mismatch where FIM is always a bit-player in multiple sectors without ever getting a starring role in its own.

So if you have ended up here while looking for the FIM Magic Quadrant, help yourself to our reference materials below and afterward, please tell your analyst contacts that an Integrity Monitoring market sector and quadrant is long overdue.


Putting the I into FIM (animation)

FIM and Security Best Practices

Threat Intelligence and FIM

Closed-Loop Change Control

FIM for Windows 101

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.