Early Detection Keeps You Out of the News
File Integrity Monitoring: Invented Here, Perfected Here
Change may be the way of the world, but it’s the sworn enemy of IT security. When Tripwire® Enterprise’s Policy Manager establishes a “known and trusted” state based on a policy or IT security standard, it only takes one accidental, misguided, undocumented or even malicious change to undermine that state and turn integrity into uncertainty. Tripwire Enterprise’s File Integrity Manager is about finding, assessing, and acting on those changes as rapidly as they occur. It assures ongoing system integrity and automates detecting, auditing and reconciling changes—even the low profile, obscure ones that reveal advanced hacks and exploits.
HIDS, All Grown Up
Tripwire Enterprise started life as a host-based intrusion detection system that detected macro changes to files and folders. Years spent honing this ability has resulted in a solution that detects even the finest-grained changes—for example, to registry entries, configuration files, executables, and more in servers; to tables, indexes, and stored procedures in databases; to routing tables, firewall rules, configuration files, and ACLs in network devices; and to group policy options and global policies for directory services. Couple this with ChangeIQ™ intelligent change assessment and prioritization, and it’s easy to see why Tripwire Enterprise is considered “best-of-breed” file integrity monitoring.
ChangeIQ
Tripwire Enterprise is smart about change. With thousands of changes occurring daily—even in mission-critical servers—you need active change intelligence to differentiate between “good” and “bad” change. File Integrity Manager’s ChangeIQ capabilities assess and prioritize changes using features like customizable severities and scoring to represent risk; different actions based on whether changes are to new, modified or deleted files; auto-reconciliation of detected changes to match change manifests, policies, or reference servers; and approval templates that make it easy to track the circumstances around changes. With ChangeIQ, you have true change intelligence.
“Before and After” Views Make the Difference
There are dozens of log-based, simplified file integrity solutions on the market. Many try to provide security by showing that “something” changed without saying what changed. Not Tripwire Enterprise. Detailed before-and-after views leverage continuous, versioned baselines to show whether detected changes were to content, hashing, permissions, general file attributes or any other parameter. Without this side-by-side view you’re left guessing the risk, severity, impact and even importance of every change.
The IT Security “Whodunit”
When investigating a file or configuration change to determine whether or not to sound an alarm, one of the most important data points to assess is “Who.” Who made this change? Are they part of the CAB or on the change team? Do they normally have rights to this system, or are they an unexpected user? Knowing “who” details can put the spotlight on an insider threat or quickly change an event’s status from emergency to business-as-usual.
Real-Time Security
File Integrity Manager provides real-time change monitoring and detection, as well as schedule-based checks and scans. This means you can receive immediate, prioritized notification when changes are made to critical files and configurations like permissions or confidential folders and directories. This insures that you don’t fall victim to the breach-to-detection gap, which can run months and lead to staggering data losses and severely impact your brand and credibility.
It’s All About the Agent
File Integrity Manager provides agentless monitoring of network devices, firewalls and many appliances, but uses a robust, streamlined agent for most platform analysis. Why? Simply put, there’s no comparison to the speed, detail, and accuracy of file integrity analysis you get when using a trusted agent. Competitors who use agentless or “dissolvable agent” solutions can’t touch the depth and speed of Tripwire Enterprise’s trusted and stable agent.
Content that Helps You Focus on Changes that Matter
Some changes should never be allowed without proper authorization and planning, for example, changes to permissions and on critical configuration files. But not all changes are critical. How do you know the difference? Tripwire provides pre-packed sets of content—Critical Change Rules—that allow you to monitor for the most serious changes without having to reconcile hundreds of less threatening change events.
Change Ticketing Integration
Systems like BMC Remedy and other ITIL-based change management tools are excellent resources to understand if detected changes were planned. Tripwire Enterprise’s File Integrity Manager enables integration with change ticketing systems to not only automate the reconciliation of detected changes, but to validate that planned changes have taken place.
Before and After Views Make the Difference
Side-by-side comparisons of file and configuration changes in Tripwire Enterprise provide unmatched insight and visibility - instantly.
View Now
ChangeIQ: Assess and Prioritizes Detected Changes
Only Tripwire Enterprise's File Integrity Manager comes with built-in ChangeIQ capabilities to streamline, prioritize and automate change reconciliation and management.
View Now
Correlations and Events of Interest
Of the millions of system events that occur, how do you know which to focus on? Tripwire VIA correlates changes and events, so now you'll know.
View Now
The IT Security 'Whodunnit'
Knowing "who" made changes to critical files and configurations is almost as important as knowing that the change occurred in the first place.
View Now
Datasheets
Solution Briefs
- Tripwire Enterprise IBM i Monitoring Solution
- Leveraging the Power of File Integrity Monitoring
- Agent vs. Agentless File Integrity Monitoring
- Automated, Continuous PCI Compliance for Secure Cardholder Data
- Tripwire IT Security and Compliance Automation Solutions: Empowering IT Security in an Insecure World
- Tripwire Express for PCI: Real-time Intelligent Analysis of Change for Merchants
Technical Specifications
Product Demos
Ask a Product Question
Request an Evaluation
File Integrity Monitoring Resources
To browse more white papers, visit the resource library.
To browse more videos, visit the resource library.
Resource Library
Read, watch or listen to valuable information about Tripwire solutions, customer success stories, IT security and compliance best practices, and more.