Prevention Is the Best Cure
Security Configuration Assessment: The Irreplaceable, Fundamental Security Control
The SANS Institute for information security lists secure configurations for hardware and software third and fourth on their list of “20 Critical Security Controls.”
According to Gartner, “Unless the configuration of systems can be verified as being in a known state, neither the integrity nor the confidentiality of the data they contain can be trusted.” Tony Sager, from the US National Security Agency, states, “Configurations are the language of defense.”
Tripwire® Enterprise’s Policy Manager rapidly and completely addresses these needs by continuously assessing your IT configurations against any of over 250 policies, standards, regulations and vendor guidelines. What’s more, it’s more comprehensive than any other policy management solution, with polices for scores of platforms, dozens of server types, databases and applications, devices and firewalls, and both virtual and physical environments. Policy Manager pinpoints non-compliant settings, offers built-in remediation advice, and makes policy status and vulnerabilities not only visible, but actionable, too.
New Add-On For Policy Manager: Tripwire VIA Configuration Data Mart
Policy Manager’s reports are perfect for operational users who need to assess their current IT configurations and get them into an audit-passing state as rapidly as possible. But CISOs and security directors increasingly need to up-level this operational data to gain invaluable insight into enterprise-wide compliance initiatives and current security risks. The Tripwire VIA™ Configuration Data Mart is an add-on for Policy Manager that pulls data from multiple Tripwire Enterprise consoles, ports it into a fast and efficient schema, and makes it available to executive dashboards and enterprise reporting tools like Crystal Reports and MS SQL Reporting Services. Read the datasheet or view extensive report examples created with liberated Tripwire Enterprise data.
Instant Insight: At-a-glance Dashboards
Policy Manager provides dozens of simple, intuitive policy dashboards that can provide instant insight into compliance scores, pass/fail test ratios, compliance trends, and summary results. These dashboards can be plugged into custom home pages for any Tripwire Enterprise user on a “role-based access” basis, allowing everyone from CISOs to system administrators to view a customized policy and compliance dashboard.
Linkable Reports Drill to the Details You Need
Policy reports can easily link from one report to the next, so users can drill from high-level representations of policy scores right down to the specifics they need. Answer questions like: What test failures combined to make us only 60 percent compliant on this policy? What were the details of the failures? Are there waivers or exceptions in place? Are these failures related to changes detected in Tripwire Enterprise’s File Integrity Manager?
Built-in Support for Waivers and Exceptions
Not every configuration item can be tested in a straight “pass/fail” manner. Systems can be temporarily non-compliant due to upgrades, system status or business processes. Policy Manager allows security managers to create and track waivers to temporarily override failing policy scores while flagging these exceptions and noting them in reports and dashboards.
Customizable Policies and Tests
Policy customization allows Tripwire Enterprise users to establish custom weights for test scores, create scoring thresholds, and determine which results from policy tests need to be flagged and examined. With customizable policy tests, IT security teams can turn industry-standard policies into a custom security policy that fits their specific needs.
Easy Support for Policy Access Controls
How do you test a system when you don’t have credentials for it? If your test process does get credentialed, how can you be sure these credentials will be used only as needed? Policy Access Controls allow Tripwire Administrators to establish the right level of access for required tests, while providing visibility to these “keys to the kingdom.”
The Industry’s Largest Policy Library
Policies are based on over 20 unique sources—for example, worldwide policies like PCI, CIS and ISO-27001; US-centric policies like NERC, NIST and SOX; and international policies like GPG-13, MAS and ISO-27001. It also supports over 250 policy-platform combinations for operating systems like Windows, Solaris and AIX; databases like IBM DB2, Oracle and MS SQL Server; and numerous application and network devices. It offers over 189,000 unique configuration tests that are ready to use, out of the box—no customization required.
Asset View: Align IT Monitoring with the Needs of the Business
Tripwire Enterprise's Asset View is a flexible, intuitive asset management interface that makes it easy to map Tripwire Enterprise to what matters in your business.
View Now
Before and After Views Make the Difference
Side-by-side comparisons of file and configuration changes in Tripwire Enterprise provide unmatched insight and visibility - instantly.
View Now
ChangeIQ: Assess and Prioritizes Detected Changes
Only Tripwire Enterprise's File Integrity Manager comes with built-in ChangeIQ capabilities to streamline, prioritize and automate change reconciliation and management.
View Now
Industry's Largest Policy Library
Tripwire Enterprise’s Policy Manager includes access to the industry’s largest collection of accurate, timely, ready-to use configuration assessment tests.
View Now
Linkable Reports to Drill Down to the Details You Need
Linkable, drillable configuration assessment reports and dashboards allow users to rapidly move from an overview to specific configuration details.
View Now
Remediation Made Easy with Role-Based Workflows
Tripwire Enterprise's Remediation Manager is an automated process for the review, sign off, and repair of failed IT configurations
View Now
Policy Management Resources
To browse more white papers, visit the resource library.
To browse more videos, visit the resource library.
Resource Library
Read, watch or listen to valuable information about Tripwire solutions, customer success stories, IT security and compliance best practices, and more.