Integrity monitoring is a security control that watches for unauthorized changes to binaries, configuration files, data sets, or generated outputs. It compares the current state of a system against a trusted baseline, using hashes, file metadata, code-signing checks, or behavioral validation to spot tampering. The goal is not only to detect obvious deletion or corruption, but also subtle edits that make software behave differently while still appearing normal.
This matters because many attacks aim to change results rather than break systems. Attackers may patch executables, alter scripts, insert malicious drivers, or quietly modify simulation, log, or report output so decisions are based on false information. Defenders use integrity monitoring on servers, engineering workstations, and critical pipelines to catch drift early, verify that trusted tools remain unchanged, and confirm that outputs still match expected patterns. In practice, strong integrity monitoring turns “looks normal” into “proven unchanged.”