SC Magazine recently gave a glowing review of our Tripwire Enterprise and DataMart solutions, stating that they comprise “a suite for maintaining configuration states of servers, network devices and databases, as well as robust reporting services, to allow for deeper analysis of security and configuration policy.”

While the good marks we get in the review are something to be proud of, we must remember that mere features are less than true capabilities, and Tripwire wraps a great deal of capability into the Tripwire VIA Platform.

Tripwire Enterprise and Data Mart represent two thirds of the legacy Tripwire platform that combines the best purpose built file integrity monitoring agent in the market with meaningful risk scoring.

What is not covered is Tripwire Log Center or the agentless technologies we just picked up with the acquisition of nCircle and their suite of vulnerability management solutions.

Let’s start by talking about what file integrity monitoring means to Tripwire, and why it drives the value of the entire platform.

File Integrity Monitoring (FIM) is more than simple change detection and reporting.  It’s not hard to calculate a hash.  But Tripwire Enterprise starts by establishing a baseline of operating systems and applications including databases and directory services. Furthermore, it covers configuration in the virtual environment and network devices.

After the baseline is established changes are detected, most in real-time, and the user who made the change is associated.  This core capability is what makes Tripwire’s FIM different.  Not only knowing when things change, and who made the change but it can compare what actually changed to what was expected to change.

No other FIM can do this as well as Tripwire Enterprise.  Having this core capability drives configuration assessment.

Once Tripwire Enterprise has established that baseline, all configurations are evaluated at the Tripwire Enterprise console.  Remember that purpose built FIM agent?  It’s function is to provide the baseline and changes in as efficient and fast a fashion as possible while the console does the “heavy lifting” of evaluating the over 600 policies, standards, regulations and guidelines that Tripwire provides free of charge.

This “FIM-First” architecture means your end-points are free to process business, while security and compliance audit is off-loaded to the system built to process tens of thousands of unique checks.  This is content that Tripwire gives away on their website with the purchase of Tripwire Enterprise.  Check it out!

On top of providing the details about change being authorized or unauthorized, Tripwire is a de-facto standard in saying when a change is good or bad.  In the case of “bad changes”, otherwise known as failing tests, each test is accompanied with step-by-step remediation advice that drives knowledge out to the end user.

This knowledge is managed centrally and is fully customizable, but as many Tripwire customers have found, even with minimal knowledge of specific operating system or applications the advice can be easily followed and used to remediate systems with a punch list.

Tripwire Enterprise also provides an automated remediation manager within the product for doing many of these step-by-step instructions in a work order.

So let’s recap the value you get from just two of the three products you get in the Tripwire VIA Platform, Best-of-Breed File Integrity Monitoring, Best-of-Breed Security Configuration Management, and Flexible Enterprise Risk Scoring and Reporting.

That’s a whole lot of control and capability from one vendor you can trust:  Tripwire.

 

Title image courtesy of ShutterStock

Categories:

Tags: , , , , , , , , ,


Leave a Reply

Jim Wachhaus

Jim Wachhaus has contributed 1 post to The State of Security.

View all posts by Jim Wachhaus >