File Integrity Monitoring (FIM)
FIM is strongly recommended as a proactive security measure to quickly detect breaches, insider threats, and unauthorized alterations, helping to maintain both operational continuity and security posture.
IBM i differs from other systems, relying more on system values than files for configuration. Changes to system values are logged, enabling security officers to monitor alterations and assess compliance risks.
For database files—often containing an application’s configuration and data—monitoring can leverage IBM i features such as file comparisons, triggers, or journaling. However, while these tools contribute to FIM, they are not purpose-built for it and have limitations when used in isolation.
A robust FIM strategy on IBM i requires integrating these tools into a comprehensive solution tailored to meet both regulatory requirements and operational needs.
Alternatively you could Download our Guide for FIM.
FIM on IBM i
FIM employs two primary techniques:
- Baseline Validation detects changes by comparing a file’s current state to an approved baseline—typically established after an authorized modification. While effective for identifying discrepancies, it does not reveal the source or timing of unauthorized changes.
- Real-time Monitoring tracks file changes as they occur, eliminating the need for a baseline. Though it can impact system performance, this approach offers more immediate notifications of non-compliance and logs events even if files are reverted to their original state before the next validation.
Best Practice:
The optimal strategy combines both, with a designated person responsible for evaluating changes to confirm their authorization.
iSecurity Suite for FIM
Contact Us
Please fill in the following Form, our Sales Representatives will contact you as soon as possible.