Tripwire Remote Operations Service Description

Overview

Today’s IT and InfoSec executives are challenged with an ever changing cybersecurity landscape. When combined with the proliferation of new sources of information every day, it can be increasing difficult to maintain and operate technology solutions that are designed protect the organization from risk. Many IT organizations are struggling to revise processes to establish governance practices but that takes time and strategic focus and can be difficult to achieve when juggling multiple priorities along with day to day administration duties.

Security experts are in high demand and as a result, organizations struggle to retain their top talent. Security analysts and engineers strive to be part of the strategic picture but are often sidelined with operational responsibilities that can be outsourced.

Tripwire understands these challenges and offers levels of remote operations services (“TRO Services”) that are compatible with your operational needs and process maturity. Services are delivered by certified experts that can respond to your complex requirements and ensure that critical tools are operating to mitigate your security risks.

Many managed services attempt to provide services with a pool of resources that do not have a sufficient level of understanding of how you intend to leverage cybersecurity information. With TRO Services you have a single primary point of contact along with a designated backup that will help you maintain operational documentation of any configuration changes or adjustments needed to Tripwire products to support new initiatives.

TRO Services help you succeed by doing what we do best – operate and manage Tripwire products. You can focus on improving your security posture and process maturity while we support those efforts by ensuring that information that highlights risk to your organization is available when and how you need it.

Tripwire Enterprise

1.1 Service Tiers for Tripwire Enterprise

Essential: Provides day-to-day maintenance of the TE console and managed nodes as a managed service for clients that need change management or compliance information. This is ideal for clients that are just getting started with change management or compliance practices. Clients receive information that helps them respond to change or compliance issues.

Advanced: In addition to the services provided at the Essential tier, the Advanced tier includes:

  • Tactical tuning assistance to ensure that the most important information is highlighted for action,
  • Customized reporting and dashboards, with a more detailed analysis of results,
  • Dedicated problem resolution support, and

Advanced Plus: Services at the Advanced Plus tier are more tightly integrated with the client’s change and compliance practices. In addition to the services provided at the Advanced tier, the Advanced Plus tier includes:

  • The development of an operational use plan with best practice recommendations, 
  • Assisting with reconciliation of change and prioritization of remediation activities, and
  • An assigned program coordinator to help the client prioritize work activities.

The specific Services included in each tier are shown below:

 

Features

Essential

Advanced

Advanced Plus

Management

Console Maintenance

Included

Included

Included

Content Maintenance

Included

Included

Included

Service Status Updates

Monthly meetings

Weekly meetings

Weekly meetings

Service Plan Development

Included

Included

Included

Asset Onboarding

Included

Included

Included

FIM Content Tuning

 

Included

Included

Client Requests

6/month

12/month

Unlimited

User Management

Included

Included

Included

Custom App Monitoring Configuration

 

Up to 4

Unlimited

Dashboard and Reporting Maintenance

Included

Included

Included

Dashboard and Report Creation

 

Included

Included

Monitoring

Console Health Monitoring

Included

Included

Included

Report Distribution

Included

Included

Included

Event Handling

 

Included

Included

Task Completion

Included

Included

Included

Agent Health

Reporting only

Included

Included

Business Process Integration

TW Apps Management

 

Included

Included

Remediation Prioritization

 

 

Included

Change Reconciliation (Promotion)

 

 

Included

Regulatory

Policy Tuning and Guidance

 

 

Included

Waiver Management

 

 

Included

Audit Assistance

 

Included

Included

Management Consulting

Service Performance Reviews

Annual

Quarterly

Quarterly

CISO + Executive Review

 

 

Annual

Operational Use Plan Update

 

 

Quarterly

Tripwire Prescriptive Policies and Content

 

 

Included

Analysis and Problem Support

Defect Support

Tripwire Customer Center

Managed Services Lead

Managed Services Lead + escalation priority

Reporting Analysis

 

Included

Included

Agent Health Analysis

 Tripwire Customer Center

Managed Services Lead

Managed Services Lead + escalation priority

Product Deployments

Core Functionality

FIM and 1 policy

FIM + two standard policies

Unlimited

Real Time Functionality

 

Included

Included

Custom Policy Management

 

 

Included

Custom App Monitoring

 

4 custom app rules

Unlimited

 

Roles

Client Lead - Primary point of contact at the client for the Managed Services Lead; provides guidance to the Managed Services Lead on asset configuration, classification and priorities, and compliance policies to be monitored; receives status reports and updates from the Managed Services Lead.

Tripwire Managed Services Lead –Primary administrator of the Managed Services for the client; responsible for regular operational and maintenance activities.

Tripwire Engagement Manager - Primary point of escalation within Tripwire; responsible for the client’s Managed Services account; works with the Managed Services Lead and Service Manager to ensure successful execution of all standard activities.

Tripwire Service Manager - Responsible for the management and delivery of all Tripwire Managed Services accounts; works with the Engagement Manager and the Client Lead to establish strategic goals for client and Tripwire.

 

2.0 Service Task Descriptions

2.1 Management 

NoteSee the table in Section 1.0 above for the features that apply to each service tier.

Console Maintenance: As part of ongoing application maintenance, Tripwire periodically releases patches addressing emergent issues affecting Tripwire Enterprise, and updates with product improvements. The Managed Services Lead will coordinate the timing of the implementation of patches and updates with the Client Lead. The Tripwire Enterprise implementation must be kept within one release of the current release.

Content Maintenance: Tripwire releases updates to FIM and policy content based on industry benchmark availability and the urgency of updates for a particular platform. The Managed Services Lead will work with the Client Lead to determine the applicability of available content to the client’s requirements.

Service Status Updates: On a frequency aligned with the service tier (monthly or weekly), a status report will be delivered to the Client Lead, the Tripwire Engagement Manager, and the Tripwire Service Manager. This report will contain a high-level overview of the daily and weekly activities completed. This report will also include any noteworthy issues encountered (with resolution, if any), event tickets created and status of change requests submitted by the client.

Service Plan Development: During a standard implementation, the Managed Services Lead and Tripwire Professional Services consultant will jointly develop a plan that outlines communication practices, escalation practices and any specialized requests from the client. At the Advanced Plus tier, clients receive a more in-depth, granular document that highlights detailed console configurations, history of changes, and joint operational procedures as they apply to change and configuration management (Operational Use Plan), which is updated on a quarterly basis.

Asset Onboarding: It is common for customers to add new assets to their monitoring scope throughout their Managed Services engagement. The Managed Services Lead will review any new node(s) that are found and upon guidance from the Client Lead, classify the node(s) for monitoring and reporting using the appropriate tagging within the Tripwire Enterprise console.

FIM (File Integrity Monitoring) Content Tuning: For clients at the Advanced and Advanced Plus tiers, the Managed Services Lead and the Client Lead will work together to identify potential candidate deviations to be tuned out as noise. In this context, noise is considered changes that do not provide meaningful information and should be excluded from monitoring.

Client Requests: Client configuration or informational requests will be made through Tripwire’s Customer Center. Requests will be handled according to the appropriate SLA for the Client’s service tier.

User Management: In order to support effective separation of duties within the client environment, Tripwire Enterprise offers full role-based access control. There are several built-in roles that can be assigned to individual users; additional custom roles can be constructed as well. Clients may request additional user access through the Tripwire Customer Center.

Custom App Monitoring Configuration: For clients at the Advanced and Advanced Plus tiers, Tripwire Enterprise can be configured to monitor custom applications. When a new application monitoring rule is necessary, the Client Lead will deliver an application monitoring questionnaire to the appropriate client subject matter expert. Application monitoring may include specific directories to be monitored or database queries to identify important changes. The maximum number of custom applications to be configured for monitoring varies by service tier. It is critical that accurate and detailed information be provided by application subject matter experts to ensure the effectiveness of monitoring. Tripwire is not responsible for the quality of client-defined monitoring requirements.

Dashboard and Reporting Maintenance: The standard implementation of Tripwire Enterprise includes a full complement of tailored reports, created and configured by the Managed Services Lead based on direction from the Client Lead. The Managed Services Lead will adjust the standard reports from time to time at the Client Lead’s request to keep pace with the client’s changing environment and monitoring needs.

Dashboard & Report creation: The Best Practices implementation of Tripwire Enterprise includes a full complement of tailored reports, created and configured by the Managed Services lead. However, from time to time new reports will need to be created to keep pace with the Customer’s changing environment and monitoring needs.

2.2 Monitoring

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Console Health Monitoring: As with any enterprise-class application, Tripwire Enterprise benefits from occasional maintenance activities and performance review. The Managed Services Lead will regularly review the operational metrics of the Tripwire Enterprise Console and make any adjustments or corrections considered necessary or advisable.

Report Distribution: As part of a standard implementation, Tripwire Enterprise is configured to deliver tailored reports on a regular basis. To ensure consistent distribution, the Managed Services Lead will review all scheduled report executions and verify that the reports have been run.

Event Handling: For Advanced and Advanced Plus clients, the Managed Services Lead will create tickets on behalf of the client based on client-determined high severity changes to client-determined critical monitored nodes or non-achievement of the client-determined compliance threshold. All tickets will be created in the Tripwire Customer Center and available for review by the Client Lead.

Task Completion: Tripwire Enterprise makes use of scheduled tasks to execute specific operations. To ensure consistent and accurate functionality, the Managed Services Lead will verify that the tasks began when expected, completed successfully, and did not run for an excessive amount of time.

Agent Health: The Managed Services Lead will verify that all monitored nodes are communicating with the Tripwire Enterprise Console on a daily basis (business days) and, for Advanced and Advanced Plus tiers, will verify that the monitored nodes are completing their scans as expected.

 

2.3 Business Process Integration

Note: See the table in Section 1.0 above for the features that apply to each service tier.

TW-Apps Management: For Advanced and Advanced Plus clients, the Managed Services Lead will review the operation of Tripwire integrations to ensure optimal function and efficiency. Problems will be escalated.

Note: Consulting Services for the implementation of TW-Apps is not included for the scope of Tripwire Managed Services and must be purchased separately on a time and materials basis.

TW Apps Upgrade: As part of ongoing application maintenance, Tripwire R&D periodically releases patches that address emergent issues affecting TW-Apps.  Tripwire generally recommends that all Customers’ Tripwire Enterprise components remain current with official patches, and the Managed Services lead will work with the Client Lead to review the impact and criticality of any available patches and update TW-Apps in a planned maintenance window.

Remediation Prioritization: For Advanced Plus clients, the Managed Services Lead will outline a practical approach to gap remediation, by identifying the areas of greatest impact to organizational risk and opportunities to efficiently improve overall compliance posture.

Change Reconciliation (Promotion): For Advanced Plus clients, the Managed Services Lead will promote unauthorized changes according to the schedule defined in the Operational Use Plan.

2.4 Regulatory

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Policy Tuning and Guidance: For Advanced Plus clients, the Managed Services Lead will update or tune compliance policy tests as requested by the Client Lead. This may include changes to the test condition but does not include the development of new rule logic to harvest content from Tripwire Enterprise nodes or logic to parse or filter results.

Waiver Management: For Advanced Plus clients, the Managed Services Lead will create and update waivers as directed by the Client Lead or client escalation contact. This includes the inclusion of on-boarded nodes in applicable waivers as well adjustment to waiver expiration dates and/or comments.

Audit Assistance: For Advanced and Advanced Plus clients, the Managed Services Lead will review the immediately prior audit results with the Client Lead and will analyze results to assist the Client Lead to develop a plan to address findings applicable to Tripwire products. Where applicable, the plan will include adjustments to monitoring strategy, reporting strategy, changes to reconciliation processes, or changes to the ongoing remediation plan. The Client Lead will update reports and dashboards to enable the appropriate level of detail to be made available prior to the subsequent audit.  

Note: Professional Services (available on a T&M basis) may be required, depending on the scope of Client’s audit assistance needs.

 

2.5 Management Consulting

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Service Performance Reviews: The Managed Services Lead will conduct a periodic review of the Tripwire environment to audit configurations, reporting, dashboards and integrations. This is to ensure that there is a continuous cycle of improvement and optimization in the managed Tripwire environment. The service review will also include an overview of all event tickets, change requests, and achievements towards SLA attainment. Reviews will be conducted annually, quarterly or bi-monthly, depending on the service tier.

CISO + Executive Review: For Advanced Plus clients, the Services Manager will provide a quarterly report to key client stakeholders that will include deployment health statistics as well as an overview of achievements towards the client’s objectives. This report will provide insight into the ongoing improvement and utility of the Tripwire environment. The executive review will occur on a quarterly basis.

Operational Use Plan Update: For Advanced Plus clients, the Managed Services Lead will make recommendations for updates to the Operational Use Plan to allow the client to maximize the automation capabilities that Tripwire Enterprise can provide. This can range from security and event alerting practices to change management process integrations to audit prep activities. Guidance starts during the implementation process and extends during the Managed Services term. Working closely with the client, the Services Manager will establish an Operational Use Plan that will provide a guide to the Managed Services Lead in the following areas:

  • Priority systems
  • Event ticket creation procedures
  • Promotion and waiver creation procedures and guidelines
  • Agreement on tuning rules and preferences for notification (change management practices)
  • Platform ownership
  • Integration ownership 

Tripwire Prescriptive Policies and Content: For Advanced Plus clients, the Managed Services team will provide a framework for FIM and compliance content that produces a prescriptive prioritization for FIM and policy changes. This framework will be used along with client input to ensure that the most critical changes/risks are identified quickly. Content prioritization strategy will be documented in the Operational Use Plan.

 

2.6 Analysis and Problem Support

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Defect Support: Problem resolution for the Essential service tier will be managed by the Tripwire Customer Center during business hours according to Tripwire’s then-current Support Policy. The Managed Services Lead will coordinate problem resolution for clients at the Advanced and Advanced Plus service tiers.

Reporting Analysis: For Advanced and Advanced Plus clients, the Managed Services Lead will review the observed FIM or policy compliance changes and look for unusual activity (e.g. significant spike in Change Rate report, unusual Frequently Changed Nodes entries, etc.). If any such activity is observed, the Managed Services Lead inform the Client Lead during the regular service review. Urgent changes will be handled according to event ticket creation practices for the client’s service tier where applicable.

Agent Health Analysis: For Advanced and Advanced Plus clients, the Managed Services Lead will analyze node health error conditions and provide tactical troubleshooting assistance to improve the completeness of monitoring results. Any identified errors or unexpected behavior will be investigated and remediated by the Managed Services Lead with the guidance and assistance of the Client Lead.

 

3.0 Service Description Updates

Tripwire reserves the right to update or otherwise change these Service Descriptions from time to time.  Any changes to these Service Descriptions shall be effective upon publication by Tripwire, by way of posting such changes at: https://www.tripwire.com/legal/eula/tripwire-expertops-services-service-description/