Tripwire and Astro
Making best practices a daily show
- Select software solutions based on newly established baseline operational best practices in order to support dynamic growth and adoption of new technologies.
- Reduce or eliminate manual checklist processes to improve accuracy, efficiency, reporting and operational practices.
- Automate PCI DSS auditing processes to better manage compliance issues and reporting.
- In April 2010, Astro deployed Tripwire® Enterprise on 50 critical and PCI-designated servers to replace their existing file integrity monitoring and compliance check solution. Then in July 2010, the company deployed Tripwire Enterprise on an additional 100 servers and network devices. The company plans to increase Tripwire Enterprise footprint substantially in 2012.
- Changed production and compliance checklist processes to automated ones, drastically improving efficiency and accuracy.
- Saved resources by reducing engineering manpower on tasks from 5-6 hours to just one hour.
- Moved company from an “audited organization” to “assured organization,” proving PCI compliance with automated reporting that addresses the needs of auditors
Astro is the leading direct-to-home satellite television broadcaster in South East Asia. In Malaysia, Astro has a 50% penetration of total TV households. As its viewers demand more and more entertainment services and options, and more digital innovations become available to broadcasters, the network must stay abreast of and adopt new technologies. Because of the fast-changing and dynamic environment, Astro’s IT management and engineering teams saw a need to develop a more strategic method for evaluating and implementing new software, with a focus on best practices and automation that would also ensure security and streamline compliance.
Automating CHANGE AND COMPLIANCE IN A LARGE IT ENVIRONMENT
Astro’s broadcasting business requires a substantial IT environment. The company has not yet moved to cloud services, so computing power is managed internally. Two divisions—IT and IT Operations and Support—have more than 200 engineers and system administrators who oversee more than 500 servers and network devices.
“Within this large and growing environment, change management processes are very important to maintaining service levels,” said Chaiw Kok Kee, Senior Assistant Vice President of IT Security and Assurance at Astro. “It was important that we automate daily manual checklist methods to fulfill our new best practices framework.”
The company had been using another file monitoring and compliance check solution, but it did not have the advanced real-time continuous compliance monitoring functionality, automation or reporting capabilities needed to sustain their goals of best practices or company growth. They also needed a solution that would help them manage internal and external compliance standards, including the Payment Card Industry Data Security Standard (PCI DSS).
In keeping with best practices, Astro IT managers and engineers reviewed several software options, evaluating tools against their benchmarks of stability, accuracy, reporting and efficiency. They wanted to eliminate the need to re-check change data, streamline the auditing process while meeting compliance, and have a file integrity monitoring system in place that revealed proper changes and configurations.
They found their solution in Tripwire Enterprise. So began the staged implementation.
TRANSITION TO A BEST PRACTICES ENVIRONMENT
In April 2010, Astro deployed Tripwire Enterprise on 50 critical servers, including those dedicated to PCI compliance, with assistance from a local certified partner. This initial implementation was designed to transition out of the old file monitoring system and compliance check solution where the inaccurate reports and scan-based approach for compliance check did not meet Astro continuous compliance requirements and needed more resources to validate the accuracy of the compliance reports.
Four months later, Astro deployed Tripwire Enterprise on an additional 100 critical servers and network.
As the engineers had expected, Tripwire Enterprise proved stable and secure, and gave the company the capabilities needed to meet their business and IT challenges.
It was important that we automate… to fulfill our new best practices framework.
PROVING EXPECTATIONS WITH QUANTIFIABLE RESULTS
Now, instead of having an auditor spend time checking on our checklists and compliance practices, the IT engineers show the auditor compliance processes with automated reports produced by Tripwire Enterprise.
“Automation of our manual checklists and the Tripwire software’s ability to produce reporting on demand was an immediate benefit,” said Kok Kee. “It enabled us to move our company forward from an ‘audited organization’ to an ‘assured organization,’ streamlining the PCI compliance process and meeting auditors’ standards.”
Operational efficiency was also a prime objective with Tripwire Enterprise. Instead of manually checking changes in the application environment before deployment to the production environment, capabilities within the Tripwire software solution—file integrity monitoring and complete visibility on all changes—provide the IT team with evidence if a server is being compromised. With Tripwire, there is immediate proof whether system changes are suitable for the production environment.
These new efficiencies have quantifiable results: manual checklist processes required five to six hours of an engineer’s time. The process now takes just one hour.
Kok Kee says that Tripwire Enterprise helps his team do everything better, and believes that having a strategy in place is key to the effectiveness of any new software solution. Astro’s next plan for Tripwire Enterprise is to streamline the change management processes, just as it has done for the compliance process. Going forward, Astro will be able to meet customer demand more easily and securely by integrating new technologies within IT’s effective and efficient best practices environment.
We moved our company forward from an ‘audited organization’ to an ‘assured organization’.Chaiw Kok Kee, Senior Assistant Vice President, IT Security and Assurance, Astro