Tripwire Enterprise Now Collects Digital Forensic Data to Support Incident Response
PORTLAND, Ore. – November 14, 2018 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced that Tripwire® Enterprise now features the ability to collect digital forensic data in the event of a data breach.
"Tripwire Enterprise monitors systems in real-time for changes that could be indicative of a breach," said Tim Erlin, vice president of product management and strategy at Tripwire. "When a security breach is suspected, Tripwire Enterprise's new Incident Response Rules can be used to collect in-depth data on what happened on a system to speed and support incident response."
Tripwire Enterprise delivers forensic data from Windows-based systems file, network, process, USB, and USB artifacts. In each area, Tripwire Enterprise:
- File Access: Identifies files which have been opened, searched for, or executed, including trusted Microsoft Office locations which may be abused by an attacker.
- Network Artifacts: Identifies active network connections. These help in identifying whether malware is communicating with command and control servers, and check for active lateral movement from the endpoint.
- Process Execution: Provides evidence of processes which have been executed on an endpoint. Tripwire Enterprise can show both actively running and executables which have evidence of having been run in the past.
- USB Usage: Provides a list of actively installed USB drives, drives which have been installed in the past, and any mount points which may be set up on the endpoint.
- User Activity: Identifies actions the user has taken on the endpoint and what a user was searching for to help determine a malicious actor’s goal.
Digital forensic capabilities are now available. For more information or for updates on new releases, please contact Tripwire at: https://www.tripwire.com/contact.
Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at https://www.tripwire.com/blog/ or follow us on Twitter @TripwireInc.