File Integrity Monitoring gives analysts a problem. While they all wholeheartedly endorse this critical security control, none can agree where it should reside in terms of the already-defined technology sectors.

So where has the Magic Quadrant for FIM gone?

There are market sectors for SIEM, Vulnerability Scanning, and for Configuration Management, and a case can be made for bundling FIM within any or all of these technology groups. Indeed, there are plenty of manufacturers with products within these markets that include integrity monitoring features (although typically in these instances, FIM is only really an afterthought, an add-on to beef up the marketing-brochure features checklist)

In the era of 'influencer marketing', where reviews, followers and likes count, analyst opinion still carries weight in the Enterprise IT industry. However, in terms of giving a clear assessment of file integrity monitoring vendors, there is no dedicated analyzed market, and that means there is no magic quadrant. In fact, there are no quadrants at all?

On the face of it, this seems to be a paradox: if you drew a Venn diagram showing organizations subscribing to analyst services, and organizations subject to regular audits of their security controls, they would align exactly.

Equally, all the facets of FIM as a security control feature heavily in all the governance/regulatory standards. NIST 800, PCI DSS, SOX, NERC CIP and HIPAA all call for configuration hardening and change control, with most explicitly mandating the need for integrity monitoring and change detection.

In other words, the very organizations forming the market for the analysts are the ones with greatest need for awareness and understanding of the FIM market. And yet...

NNT have made the case to the analyst community that the market wants an Integrity Management sector, but while there remains insufficient demand from analyst subscribers to warrant a change, we are left with the current mismatch where FIM is always a bit-player in multiple sectors without ever getting a starring role in its own.

So if you have ended up here while looking for the FIM Magic Quadrant, help yourself to our reference materials below and afterward, please tell your analyst contacts that an Integrity Monitoring market sector and quadrant is long overdue.


Putting the I into FIM (animation)

FIM and Security Best Practices

Threat Intelligence and FIM

Closed-Loop Change Control

FIM for Windows 101

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.