Tripwire FAQs answer your questions about IT compliance and configuration control with Tripwire Enterprise

Tripwire Enterprise 8.5 Product Brief

Download

What is Tripwire Enterprise?

Tripwire® Enterprise is the market-leading solution for IT configuration control: a single source for assessing IT configurations and detecting, analyzing and reporting on change activity across the breadth of the IT infrastructure. Tripwire Enterprise monitors everything from servers and desktops to directory servers, hypervisors, databases, middleware applications and network devices.

What business problems does Tripwire Enterprise address?

Tripwire Enterprise assures IT security while it reduces the effort required to maintain IT configurations. This enables IT to mitigate security risks and automate compliance while lowering the mean time to repair (MTTR) and break-fix costs.

What does Tripwire Enterprise do?

Tripwire Enterprise is an enterprise configuration control solution that proactively assesses configurations across the data center to ensure they comply with internal and external policies. It then identifies and validates all changes to ensure these configurations remain in known and trusted states.

How does Tripwire Enterprise work?

Tripwire Enterprise captures a baseline of server file systems, desktop file systems, directory servers, databases, virtual systems, middleware applications and network device configurations in a known good state. Ongoing integrity checks then compare the current states against these baselines to detect changes. While doing this it collects information essential to the reconciliation of detected changes, ensuring they are authorized and intended changes. Tripwire Enterprise can crosscheck detected changes with either defined IT compliance policies (policy-based filtering), documented change tickets in a CCM system or a list of approved changes, automatically generated lists created by patch management and software provisioning tools, and against additional ChangeIQ™ capabilities. This enables it to automatically recognize desired changes and expose undesired changes.

How does Tripwire Enterprise help achieve and maintain the integrity of IT systems?

By proactively correlating and reconciling configuration activity against policies and other ChangeIQ criteria, Tripwire Enterprise enables IT to achieve and maintain a known and trusted state for any monitored device or server.

What do I see with Tripwire Enterprise?

Tripwire delivers an automated, holistic view of operational, regulatory and security compliance across the dynamic data center. It then provides independent proof that the IT infrastructure is in its expected state and that the processes used to control configuration changes are effective

What IT assets can Tripwire Enterprise monitor?

Tripwire Enterprise provides coverage across the entire breadth of the IT infrastructure, from heterogeneous file servers to directory servers, databases, virtual systems, middleware applications, desktop files systems, and network devices. Tripwire Enterprise is the only solution to combine both real-time and scan-based change detection, delivering the advantages of both in a single system of record.

How many users does Tripwire Enterprise support?

Tripwire Enterprise supports a virtually unlimited number of local or remote users with its web browser-based graphical interface.

Can I grant different privileges to different users?

Yes. All users are assigned either a standard or custom role, which pre-defines their global security privilege. Additionally, access control lists establish levels of access and control for specific hardware items, independently of the global role assigned to the user.

How many servers, desktops, and network devices can Tripwire Enterprise monitor?

Tripwire Enterprise collects information from servers, desktops, directory servers, databases, virtual systems, middleware and network devices and stores them as "elements." Because each customer's IT infrastructure is unique, we measure our support by the number of elements we can monitor, which equals millions and millions of elements across the breadth of the IT infrastructure.

Does Tripwire Enterprise provide multiple ways for me to view my IT assets?

Yes, monitored servers, desktops, directory servers, databases, virtual systems and network devices can each be members of multiple, user-defined hierarchical groups allowing them to be logically arranged in virtual views. For example, group membership could be based on IT service, asset type, and location. Additionally, operations can be performed on specific groups.

Can I distribute the Enterprise Agent using my software distribution software?

Yes, Tripwire Enterprise agents are available prepackaged in the specific operating system's native format. For example, the Tripwire Enterprise agent for Windows is available in MSI.

Can I integrate Tripwire Enterprise with my other software?

Yes, scripts and third-party software can use Tripwire Enterprise's SOAP API or command line interface to invoke functionality, including integrity checks, change reconciliation, version promotion, and report generation.

Can Tripwire Enterprise execute commands in response to detected changes?

Yes, Tripwire Enterprise includes many Execution Actions that allow commands to be executed on either the machine hosting Tripwire Enterprise/Server or on the server where the Tripwire Enterprise agent is installed.

Can I determine if my network devices conform to our policies?

Yes, Tripwire Enterprise can interrogate a device to automatically determine if its configuration settings match specified values. Those values can be based on your internal policies, industry standards or various regulations.

How difficult is it to define server monitoring rules?

Rules for the most popular server configurations and middleware applications are included for quick and easy setup. Database rules are based on ISACA (CobiT) and IT Governance Institute guidelines and include rules for monitoring the database software files. If these default rules need to be modified, Tripwire Enterprise makes it easy to do so using an interactive wizard.

How does Tripwire Enterprise help me improve availability?

Tripwire Enterprise improves availability because it detects and notifies users of undesired and unauthorized changes, allowing them to be investigated and remediated, usually before a problem becomes apparent. If a problem does occur, Tripwire Enterprise speeds remediation by quickly answering the questions, "What changed, who changed it, when did it change, and how did it change?" If desired, Tripwire Enterprise will automatically direct third-party tools to immediately restore the system to its expected state. Tripwire Enterprise's reports also document changes that inadvertently or intentionally circumvent change and configuration management processes, enabling managers to enforce their change policies.

How does Tripwire Enterprise help me ensure security?

In addition to ensuring systems are in a known and trusted state, Tripwire Enterprise can assess system damage after an attack or internal unauthorized or unintended change by reporting files and configurations that need to be repaired or replaced and ranking violations by relative severity. Reports and archived change history provide essential information needed to enforce change and security policies. Tripwire Enterprise software can also be used to verify the integrity of security products across the enterprise, thereby "guarding the guards."

How does Tripwire Enterprise help me accelerate ROI on CMDB/ITIL/ITSM projects?

Change and Configuration Management are two key process areas of ITIL/ITSM initiatives with the CMDB at the core. Ensuring accurate data, controlling configuration drift and maintaining the integrity of the database requires the discovery of all changes, including out-of-band changes. Tripwire can help you ensure all configuration changes are detected, reconciled against your policies and reflected within the CMDB.

What is the difference between agent-based and agent-less server monitoring?

Tripwire Enterprise agents audit complete file systems on servers and desktops. These intelligent agents are installed locally on the server or desktop to take advantage of the local processing power, a cached baseline database, and correlated package analysis. In cases where installing an agent is not appropriate, such as locked-down appliances, Tripwire Enterprise's agentless server monitoring remotely accesses the server to audit changes to critical files.

Can I automatically restore files that have changed?

Yes, an execution action can be defined as a response to any baseline deviation, allowing Tripwire Enterprise to direct third-party backup or provisioning systems to restore a changed file. The Remediation Manager in Tripwire Enterprise can also automate the correction of a configuration file change that the Tripwire Compliance Manager has determined causes non-compliance. Remediation Manager uses a workflow approach that requires appropriate individuals to review and approve before automated remediation can occur.

What types of reports are available?

Change reporting is the capstone to configuration audit and control. Tripwire Enterprise provides a wide array of reports and online dashboards that can be tailored to any environment to show change status and history across the enterprise. These actionable reports and dashboards provide the following:

  • Archived audit trail of all changes to specified assets including where the information is available, who made the changes, what changes were made, when the changes were made, and how the changes were made.
  • Information to guide change management process improvements with system-wide change status and metrics, such as trending for unauthorized changes, capture of the change rate for a particular group of systems, and highlighting of inconsistencies in changes and configurations across systems thought to be similar.
  • Documented effectiveness of change management processes showing the overall compliance level, unapproved changes, and changes that are inconsistent across similar assets.
  • Report linking for quick drill down from overview reports to more detailed reports. For example, one could start with a report that shows the change rate of selected systems for the past year; then one could drill down into a specific quarter, and then drill down to a specific month to view weekly change rates.
  • Independent reports that validate that expected changes were deployed successfully to production systems.
  • Real-time status of nodes supporting a specified service to help incident management determine outage root causes.
  • Verify that multiple nodes or node groups comply with a known good baseline.

Can I automatically email weekly reports to my manager?

Yes, reports and dashboards can easily be scheduled to run periodically or triggered by actions and then be emailed to specified recipients in XML, HTML, or PDF format.