File Integrity Monitoring gives analysts a problem. While they all wholeheartedly endorse this critical security control, none can agree where it should reside in terms of the already-defined technology sectors.

So where has the Magic Quadrant for FIM gone?

There are market sectors for SIEM, Vulnerability Scanning, and for Configuration Management, and a case can be made for bundling FIM within any or all of these technology groups. Indeed, there are plenty of manufacturers with products within these markets that include integrity monitoring features (although typically in these instances, FIM is only really an afterthought, an add-on to beef up the marketing-brochure features checklist)

In the era of 'influencer marketing', where reviews, followers and likes count, analyst opinion still carries weight in the Enterprise IT industry. However, in terms of giving a clear assessment of file integrity monitoring vendors, there is no dedicated analyzed market, and that means there is no magic quadrant. In fact, there are no quadrants at all?

On the face of it, this seems to be a paradox: if you drew a Venn diagram showing organizations subscribing to analyst services, and organizations subject to regular audits of their security controls, they would align exactly.

Equally, all the facets of FIM as a security control feature heavily in all the governance/regulatory standards. NIST 800, PCI DSS, SOX, NERC CIP and HIPAA all call for configuration hardening and change control, with most explicitly mandating the need for integrity monitoring and change detection.

In other words, the very organizations forming the market for the analysts are the ones with greatest need for awareness and understanding of the FIM market. And yet...

NNT have made the case to the analyst community that the market wants an Integrity Management sector, but while there remains insufficient demand from analyst subscribers to warrant a change, we are left with the current mismatch where FIM is always a bit-player in multiple sectors without ever getting a starring role in its own.

So if you have ended up here while looking for the FIM Magic Quadrant, help yourself to our reference materials below and afterward, please tell your analyst contacts that an Integrity Monitoring market sector and quadrant is long overdue.


Putting the I into FIM (animation)

FIM and Security Best Practices

Threat Intelligence and FIM

Closed-Loop Change Control

FIM for Windows 101

The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.