Configuration Compliance Manager
Automated, Agentless Configuration Compliance
Auditing the configurations of IT systems and monitoring changes in those configurations is critical to reducing security risk and achieving compliance. Tripwire Configuration Compliance Manager (CCM) is an enterprise-class solution for discovering and agentlessly auditing systems for configuration inventory and policy compliance. Tripwire CCM automates configuration auditing, change monitoring and configuration compliance processes, providing a clear picture of system configurations and the compliance impact of configuration changes.
Tripwire Configuration Compliance Manager utilizes active and passive scanning to discover and audit the configurations of all networked systems.Tripwire CCM includes a wide variety of scan modules that provide highly detailed information on the configurations of a variety of systems, including desktops, laptops, applications, firewalls, routers and switches. These modules profile systems for specific characteristics, such as application configurations. Application-specific scan modules include anti-virus, Cisco routers and switches, Microsoft Active Directory, databases, web servers, and firewalls.
Tripwire CCM utilizes a completely agentless architecture, requiring no software to install on the monitored endpoints. This provides ease of management across the largest networks, highly cost-effective deployments, and the ability to profile every system in the enterprise. Tripwire CCM’s agentless architecture provides comprehensive coverage with the industry's lowest cost of ownership.
Tripwire Configuration Compliance Manager continuously discovers and identifies all IT systems, including servers, desktops, laptops, routers, switches, firewalls, and enterprise applications. It also regularly enumerates the configuration of each system and any configuration changes, providing detailed information on thousands of configuration variables. Tripwire CCM assesses virtually everything on your network, from routing table entries and ACLs to Active Directory group policy objects and application misconfigurations - all without using agents. Tripwire CCM can also monitor the integrity of designated files, a requirement for PCI compliance. Tripwire CCM’s configuration assessment capabilities and easy to use policy engine make it easy to tune and modify your custom policies.
Advantages of Tripwire CCM’s architecture includes ease to deploy, ease to management, complete network coverage and low cost of ownership. Tripwire CCM deployments utilize the same distributed Device Profiler appliance as Tripwire IP360 – in fact, the same Tripwire Device Profiler can be used for either Tripwire IP360 or Tripwire CCM. Device Profilers profile all systems on the network, identify the operating system, applications, and vulnerabilities on each host, and send the discovered data back to the management server. Tripwire CCM performs System Hardening using configuration assessment techniques and File Integrity Monitoring on IT systems.