Supercharging SIEM with Change & Configuration Data
We’ve been working really hard here at Tripwire to provide solutions that will integrate your disparate security solutions. Just a few weeks ago we released our latest Tripwire VIA offering called Event Integration Framework.
What problems does Event Integration Framework (EIF) solve?
Many businesses have a number of security tools that must be implemented in order to improve their security posture or reach their compliance targets, whether that be PCI, ISO or otherwise. The majority of these tools are great at what they do, but offer very little in terms of making life easier for the end user. For example an organization may use a SIEM, Logging Tool, Change Audit Tool, Configuration Assessment Tool, Vulnerability Assessment tool, amongst others. This is a large number of tools that must all be managed by a security team. The EIF is designed to simplify the management of such a scenario by centralizing the high level management of change, compliance, logging and SIEM into a single place; the SIEM (TLC or otherwise).
I recently interviewed Stephen Rivers, Tripwire’s Professional Services Consultant, to get a better understanding of what motivated him to develop this solution. He said: “I realized that customers could increase their ROI in security tools by centralizing many of the common functions such as reporting and alerting.”
How can organizations benefit from EIF?
Compliance and security teams can use this security solution to:
- Correlate on patters of change
- See when a system has become more or less compliant (EIF provides data on compliance test results to the SIEM tool)
- Build more complex correlation trees that use the data from multiple collection sources
- Centralize reporting, alerting and correlation functions when using Tripwire Enterprise
- Improve the ROI of security tools by reducing the amount of time security personnel devote on managing the tools.
If you would like to learn more about the solution, we’re hosting a live webcast on July 20, 2011 @ 10 am Pacific time: Supercharging SIEM with Change & Configuration Data (register here).
Hope you can join us!