Automated Security Configuration Remediation Saves Time and Money
Two things plague IT security and operations teams on a daily basis: The time it takes to get new systems into a production-ready state because they must remediate scores of configuration settings before the platform even gets propped up; and the risk that accumulates when configuration items drift from their proper, secure state and stay that ways for days, weeks or even months. Tripwire Enterprise’s Remediation Manager, part of the Policy Manager offering, solves this through an automated, cost-effective solution that rapidly restores systems to a secure, compliant state.
Remediation Manager provides a fast, safe way to get new systems into a production-ready, secure state in a fraction of the time it takes using manual methods or even automated deployment scripts. Remediation Manager is the “third leg of the stool,” working with Policy Manager and File Integrity Manager to turn Tripwire Enterprise into an end-to-end security configuration management solution.
Security activities are often difficult to align with a demonstrable ROI. Many of the things security professionals do are out of self-defense. Not doing them is simply not an option. Remediation Manager, on the other hand, makes a direct and sizeable reduction in the time it takes to prepare or repair configuration settings—a reduction that equates to direct cost savings. As one customer in a 5,000 server environment noted, “We took our Windows 2003 Servers from 47 percent compliance out-of-the-box to 71 percent compliance… in just five minutes.”
Tripwire Enterprise’s Remediation Manager automatically works on the configuration test failures discovered and reported by Tripwire Enterprise’s Policy Manager. To transition from one interface to the other—from assessing to repairing—requires one simple click. Remediation Manager’s dashboard plugs directly into Tripwire Enterprise’s custom home pages, making these capabilities accessible through a familiar interface.
Change approval is a serious process. “Best practice” frameworks from ITIL to COBIT to ISO-27001 highlight the need to separate duties between those who “assess” policies and those who are allowed to “remediate” the findings and discoveries. Remediation Manager accommodates this through built-in, easy-to-understand, multi-user sign-off processes that make every action traceable and reportable.
Remediation tasks often require IT staff members to work across IT organizational boundaries, which means they also need an intuitive and streamlined way to track and communicate remediation tasks. In Remediation Manager, remediation work orders make it easy to manage various tasks—for example, review, approval, or completion report—as one or more users executes them. These users can easily see and track their responsibilities in personalized instances of the user interface.
Tripwire Enterprise’s Remediation Manager comes with ready-to-use remediation scripts for common configuration test failures across dozens of policies and platforms. These scripts mirror the remediation advice in Tripwire Enterprise’s Policy Manager, providing consistency between remediation tasks undertaken manually and those made using automation.
Remediation Manager repairs configuration items across a broad array of platforms and policies. Platforms that can be remediated include Windows, Red Hat Enterprise Linux, SUSE Linux, Sun Solaris, AIX and more. Remediation is available for policies across the entire Policy Manager library, from PCI and CIS to DISA, NERC, NIST and many others.
Remediation Manager comes with a pre-built series of reports to trace every aspect of the remediation process, from the original configuration test failure to work order creation, sign offs, and re-tests. Reports can be easily tailored to meet the needs of compliance assessors, operations approvers, or IT security directors.